WO2001052134A1 - Appareil electrique domestique d'information - Google Patents
Appareil electrique domestique d'information Download PDFInfo
- Publication number
- WO2001052134A1 WO2001052134A1 PCT/JP2001/000184 JP0100184W WO0152134A1 WO 2001052134 A1 WO2001052134 A1 WO 2001052134A1 JP 0100184 W JP0100184 W JP 0100184W WO 0152134 A1 WO0152134 A1 WO 0152134A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- card
- server
- function
- user
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/22—Payment schemes or models
- G06Q20/24—Credit schemes, i.e. "pay after"
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/0601—Electronic shopping [e-shopping]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/0601—Electronic shopping [e-shopping]
- G06Q30/0609—Buyer or seller confidence or verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/0601—Electronic shopping [e-shopping]
- G06Q30/0613—Third-party assisted
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/0601—Electronic shopping [e-shopping]
- G06Q30/0641—Shopping interfaces
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
Definitions
- the present invention relates to an information terminal device, and more particularly to an information home appliance suitable for an electronic credit card payment for electronic payment of a product purchase by a credit card in a virtual store on a communication medium by an information home appliance such as a mobile phone.
- Normal PCs require special measures because users can directly access data (files) stored in internal storage devices (for example, hard disk drives).
- the size of the SET-dedicated application must be large because of the necessity of taking measures, using a dedicated security protocol, and so on.
- information home appliances as described above particularly those in which large-capacity storage devices such as mobile phones cannot be mounted, the size of applications that can be installed is limited, and it is difficult to introduce the applications.
- the present invention has been made under such a background, and a purpose thereof is to provide a relatively safe business transaction using a credit card on the Internet even in an information home appliance having only a relatively small storage device. To be able to do so. Disclosure of the invention
- WWW World Wide Web
- eb server which supports cryptographic communication protocols such as SSL (Secure Socket Layer).
- SSL Secure Socket Layer
- the present inventors have supported a relatively small-sized electronic commerce that can be installed in an information home appliance, including a part corresponding to a SET application, by expanding a browser that supports an existing cryptographic communication protocol.
- the present invention provides a browser and an information home appliance using the same.
- the communication safety can be intercepted a message not be decrypted, also, falsification of the so-called if Narisumase message NYCO a) is a mosquito? Essential.
- an encryption communication protocol such as SSL built in the browser as a program for encryption and authentication processing for that purpose, the program implementation size of the entire browser including a part corresponding to the SET application is used. the, so that Ca? can be at least 1 0 shrink below the SET application at this time.
- an information home appliance is an information home appliance having an Internet access function, which is used for performing electronic payment for purchase of a product by a credit card in a virtual store on a communication medium, and includes a markup.
- Storage means for storing a browser supporting a cryptographic communication protocol for browsing a document described in a language, and input means for inputting characters,
- the information home appliance communicates with the encryption company's cryptographic communication protocol compatible server using the built-in cryptographic communication protocol compatible browser, and specifies the card number and forced member to the server.
- a first function to input personal information of the user and personal identification information for electronic payment determined by the card member;
- the user is requested to input the password information for electronic payment, and the password is compared with the password information stored inside the device to confirm that the user is a card member who has requested the initial user registration by the information home appliance.
- the personal information of the force member received by the information home appliance from the server of the force company includes at least a card number and a card expiration date.
- This card number does not need to be the same as the card number entered by the user at the time of initial registration, and may be a new card number issued by the card company.
- the browser has a function of receiving a reception number from a card company server at the time of the initial user registration, information for authenticating the card member in the cryptographic communication protocol from the card company server, and an individual of the card member.
- the server Before receiving the information, the server may have a function of inputting the reception number and the password information in accordance with an instruction from the server.
- the browser does not have the first to seventh functions initially, but has an eighth function of downloading a computer program for realizing the first to seventh functions via a communication medium. May be provided.
- the present invention can also be understood as a computer program that executes the above-described functions and a recording medium thereof.
- FIG. 1 is a block diagram showing the overall configuration of the electronic credit card settlement system of the present invention and the flow of information between the components.
- FIG. 2 is a block diagram showing a schematic hardware configuration example of a mobile phone in the system of FIG.
- FIG. 3 is an explanatory diagram of a user input operation at the time of an examination request in step a1 of FIG.
- FIG. 4 is an explanatory diagram of a user input operation at the time of checking the examination result in step b1 of FIG.
- FIG. 5 is an explanatory diagram regarding a user's input operation when using the card in FIG.
- FIG. 6 is a flowchart showing a processing procedure at the time of purchasing a product with a mobile phone according to the embodiment of the present invention.
- FIG. 7 is a diagram showing a configuration example of a web browser extended for a settlement function in the present invention.
- FIG. 8 is a diagram showing another configuration example of a web browser extended for a settlement function in the present invention.
- FIG. 1 is a block diagram showing the overall configuration of the electronic credit card payment system of the present invention and the flow of information between the components.
- the first step is that a user who is already a cardholder needs to perform only one first time to make an electronic credit card payment (hereinafter simply referred to as card payment or electronic payment).
- card payment or electronic payment This is the stage of “user registration”.
- the second stage following the initial user registration, the user performs “(b) Confirmation of examination results”. This second stage is also done only once by the user initially.
- the third stage the user actually purchases products at the virtual store of the card member store.
- a user uses a mobile phone as an information home appliance having a function of accessing the Internet as a terminal for electronic payment.
- the mobile phone has Internet access, and its web browser supports SSL (128-bit, for example).
- the terminal in the present invention is not limited to a mobile phone, but may be any information home appliance such as a television device (including a so-called set-top box), a game machine, a word processor, and a car navigation system.
- the contents of each stage will be described in detail.
- communications over the Internet are preferably encrypted using SSL.
- this initial user registration is intended for card members who already hold credit cards of card companies. However, immediately before this initial user registration, a procedure for a non-member user to become a member may be performed.
- the mobile phone 100 accesses the card company's web server 200 (for example, the URL is https: @ www.xxx-card.co.jp) via the Internet according to the user's instructions.
- the web server 200 is an SSL-compatible server that supports SSL.
- the server 200 has a storage device 201 that stores web information (text, images, and a combination of these forms written in a markup language such as HTML or XML).
- the SSL-compatible browser mounted on the mobile phone 100 interprets the web information and displays it on the screen.
- the user is provided with a form for entering necessary information from the web server 200.
- This form includes various personal information (member information) of the user and a personal identification number (PIN! There is a column for entering the Personal Identification Number.
- This password is stored in the internal non-volatile storage device (here, flash memory). This password is for identifying the user himself / herself, and may not be a password if such information is used, and may be a fingerprint, an iris, a voiceprint, or the like. In the present invention, such information for identifying the user, including the personal identification number, is widely referred to as personal identification information, and the completed form is transmitted to the web server 200 together with the request for examination of the mobile phone.
- the transmission information is transmitted after being encrypted by a known method using SSL.Specific examples of the personal information to be input at the time of the examination request will be described later.
- the web server 200 is connected to the host computer of the card company via a LAN or the like.
- the request is forwarded to the computer (hereinafter simply referred to as the host) 240 (a3).
- the host 240 makes a determination based on predetermined conditions (S11), and returns the determination result to the web server 200 (S12, a4).
- the determination result includes, in addition to the information indicating whether or not the electronic payment is appropriate for the user, the member information of the user in the case of “suitable”, and stores the member information in the storage device 202 on the web server 200.
- This member information corresponds to the personal information entered by the user in step a1 earlier.
- the details and format are not necessarily the same.
- the host computer 240 also requests a predetermined certification authority (CA) 230 to issue a digital certificate of the user for use in user authentication (client authentication) and decoding.
- CA certification authority
- the certificate authority 230 generates a key pair (public key and private key) of the public key cryptosystem for the user and generates a digital certificate of the public key (S 21).
- a digital certificate for a user guarantees the authenticity of the key by the certificate authority 230 digitally signing a message containing the user's name (or identifier) and the user's public key.
- RSA is known as a public key cryptosystem.
- the certificate authority 230 sends the private key and the digital certificate in an encrypted state (for example, in the PKC S # 12 format of RSA) to the card company's web server 200 via a predetermined route (S22, a6). .
- the web server 200 decrypts the information and stores it in the storage device 203 (the same as the storage device 202 described above. This decryption is performed later when the information is sent to the user. It is assumed that the device does not have a decryption function If the information home appliance has such a function, decryption by the web server 200 is not necessary.
- the user accesses the web server 200 again via the Internet to know the examination result at a later date after the user who has made the examination request. That is, the mobile phone 100 transmits a request for an examination result inquiry according to the user's instruction (bl). In response, the web server 200 transmits the receipt number (SI) received from the server 200 at the time of the examination request and the password entered by the user at the time of the examination request. Require the user to enter a PIN (Pin). Based on the password, the server 200 confirms that the user who has made the examination result confirmation request is the same person as the user who made the examination request earlier, and based on the reception number, Is specified.
- SI receipt number
- PIN PIN
- the server 200 Upon receiving the examination result inquiry, the server 200 returns the examination result to the user (b
- the mobile phone 100 stores the downloaded information in a predetermined format in a storage device therein (for example, a flash memory 107 described later). No means is provided for the user of the mobile phone 100 to directly access or rewrite the stored information.
- the mobile phone 100 returns a confirmation that the information has been properly acquired to the web server 200 (b 3).
- the mobile phone 100 may store the downloaded information in a storage device in an encrypted state. In response, the server 200 deletes the member information from its own server for security.
- the user can visit the virtual store site of any member store on the Internet to place an order for merchandise, etc., and to make an electronic payment using a card in this regard.
- the web information (homepage information) is sent to the mobile phone 100 from the storage device 212 storing the information.
- the browser of the mobile phone 100 displays the content on the screen.
- the user selects a product to be purchased on the screen and issues an order instruction (c1).
- merchant A's web server 210 adds an order number to each order and sends data such as the merchant ID and purchase price, along with a message that the order has been accepted, as a product purchase slip.
- a confirmation e-mail (e-mail) for the order may be sent to the mobile phone 100.
- the product purchase slip including the order number is sent to the SSL-compliant settlement server 220 via the Internet in step c4.
- the payment component 211 attached to the web server 210 of the franchisee A uses SSL via the Internet with the payment cartridge 2221 attached to the payment server 220 provided by the card company.
- the settlement power cartridge 221 acquires the order information (c3).
- the settlement component is a software element relating to settlement in the web server 200
- the settlement cartridge is a software element relating to settlement in the settlement server 220.
- the difference between the names of the two software elements is for convenience of reference and has no particular meaning.
- Mutual authentication means that two communicating parties authenticate each other's authenticity.
- the web server 210 of the member store A authenticates that the payment server 220 is a genuine payment server, and the payment server 220 checks that the web server 210 of the member store A Authenticate that it is a genuine web server. Accordingly, both the member store A and the settlement server 220 previously acquire their own digital certificates from a predetermined certificate authority.
- the mobile phone 100 automatically performs the payment (for example, according to the instruction of the confirmation e-mail or the link (URL) of the payment server included in the above-mentioned product purchase slip) or according to the instruction of the user.
- the server After accessing the server 220 and after the mutual authentication by SSL, if the authentication result is 0K, the member information and the product purchase slip information stored in advance are encrypted and transmitted to the settlement server 220. (C4).
- the server responds to the access from the client, the server sends its digital certificate to the client, The client also sends its digital certificate to the server and verifies each other's authenticity in a known manner.
- server authentication is common in SSL-compatible browsers, but in the present invention, user authentication (client authentication) is also performed. Therefore, as described above, the user is also required to provide the private key of the public key W
- the user is authenticated using a digital certificate containing the user's public key and a private key.
- step c1 and step c4 are performed in the same session, the confirmation mail is not necessarily required.
- the payment server 220 communicates with (or directly with the host computer 240) the authorization gateway 241 of the card company to approve the payment by the user (
- the settlement cartridge 221 of the settlement server 220 performs the final sales processing after the SSL mutual authentication with the settlement component 211 of the power store A via the Internet (c 7 ).
- This sales process is a process in which the merchant requests the card company to pay for the product whose approval is 0K.
- the force s which is assumed to be performed in a separate communication session with a time interval between the first stage and the second stage, and the first and second stages are performed once. If it can be done during a communication session, it can be grasped as one stage. In that case, the steps of receiving the receipt number (a 2) and inquiring the examination result (b 1) become unnecessary.
- FIG. 2 shows a schematic hardware configuration example of the mobile phone 100.
- a central processing unit (CPU) 101 controls the entire mobile phone 100.
- the CPU 1 0 1, ROM 105, flash memory 107, RAM 1 0 8, the flat display 122, various keys 13 1, and a communication control unit 133 forces? Are connected.
- ROM 1 05 is a read-only non-volatile memory, CPU 10 1 force? Execution And various necessary computer programs. This program includes a browser whose functions have been enhanced by the present invention.
- the flash memory 107 is a rewritable nonvolatile memory for storing downloaded data and programs in a nonvolatile manner.
- a flash memory need not be used as long as the storage means achieves the intended purpose.
- the RAMI 08 provides a temporary storage area and a work area required for the CPU 101 to execute a program, and an area for storing various data necessary for executing the program.
- the flat panel display 122 is a device that displays various types of information on the mobile phone to inform the user.
- the communication control unit 133 is a unit that controls voice and data communication.
- Each means and operation in the mobile phone according to the present invention is mainly performed by the CPU 101.
- FIG. 1 the detailed configuration (for example, a display memory, a display controller, an input / output control unit, and the like) is not shown.
- FIG. 7 shows a configuration example of a web browser 40 extended for a settlement function in the present invention.
- the browser 40 is stored in advance in the ROM 105 shown in FIG. However, the version up of the browser and the additional functions are stored in the flash memory 107.
- the browser 40 provides a browsing function for documents written in the markup language 41, a browser body 41 for performing a hypertext transfer process, an HTTP protocol processing unit 42, and performs processing for transport protocols such as TCPZIP. It has a transport protocol processing unit 43.
- the browser main body 41 is mainly provided with functions 411, 412, and 13 as special functions in the present invention.
- Function 4 1 1 corresponds to step a 1 in Figure 1.
- Private key shown in step b2 Private key ⁇ Certificate ⁇ Member information acquisition and storage (download), readout processing function.
- the function 412 is a processing function for inputting a personal identification number (PIN) and confirming a match, which are prerequisite processes of step c1.
- the function 4 13 is a processing function of transmitting the member information in step c 4 to the settlement server 220.
- the transport protocol section 43 has an SSL protocol processing section 431, which includes a cryptographic module, and has a server authentication certificate obtained when using the card, and a card member authentication certificate and private certificate saved and downloaded as described above. SSL authentication is performed using a single key.
- FIG. 8 shows another configuration example of the browser.
- the card payment JaV a (trademark) operating on the virtual machine (VM) 431 JaVa
- the module 421 is stored in the flash memory 107 by, for example, downloading from a predetermined website before the processing of the present invention. Forced settlement J a V a module 4 2 1 and realizes the functions equivalent to the functions 4 1 1, 4 1 2 and 4 13 shown in FIG. 7 after the fact.
- FIGS. 3 (a), (b) and (c) show the transition of the contents of the screen 301 of the display 122 of the mobile phone 100 at this time.
- Figure 3 (a) shows the menu screen displayed when a user accesses the homepage of a credit card company.
- the user can input the intention display to the device by key input or display button indication.
- the indication of the display button can be performed by moving the focus to the button with an arrow key or the like and pressing a specific key such as an enter key.
- the user selects, for example, “2. e-Card registration procedure” in the figure.
- FIG. 3 (b) This allows the web server 200 to enter the user's personal information as shown in FIG. 3 (b).
- FIG. 3 (b) Provide a form for The up and down two-way arrows in Fig. 3 (b) indicate that the image scrolls up and down automatically with input when all information is not contained in the screen at once, or according to the user's instruction. Show. Alternatively, the user may be prompted to input one or several items of the input that fits on the screen.
- a mobile phone is assumed as the information home appliance, so it is assumed that the input characters are Kana or alphanumeric characters and symbols. Of course, if you have a kanji input function, you can accept kanji input.
- the personal information includes the card number of the user's credit card, its expiration date, personal identification number (PIN), name, address, postal code, credit card bank account number, and e-mail address.
- the password is, for example, a numerical value having a predetermined number of digits arbitrarily specified by the user. This password is used in the examination result confirmation stage and the use stage, and may be different from the credit card password.
- the PIN may be determined by the card company after the examination request, and the determined PIN may be sent to the user by mail or communication (for example, accompanying step b2).
- Ru acceptance number
- FIGS. 4 (a), (b) and (c) show the transition of the content of the screen 301 of the display 122 of the mobile phone 100 at this time.
- the user selects “3. Certificate Download” on the menu screen in Fig. 4 (a)
- the user is prompted to enter the reception number and personal identification number (PIN) as shown in Fig. 4 (b).
- PIN personal identification number
- FIG. 5 (a) to 5 (d) show the transition of the contents of the screen 301 of the display 122 of the mobile phone 100 at this time.
- the screen in Fig. 5 (a) shows the virtual The screen after visiting the store site (Fig. 5, S41) and selecting the desired product on the homepage (S42, S43) is shown.
- S44 purchase intention
- the screen moves to the screen of FIG. 5 (b).
- PIN personal identification number
- the mobile phone 100 compares the entered security code with a security code already stored therein (S4
- the personal identification number PIN
- Performing electronic payment with the mobile phone is avoided.
- the security code is checked locally on the mobile phone. Therefore, at the time of product purchase Password is not leaked during the communication process.
- the processing time required for inquiring the personal identification number is reduced as compared with the case where the personal identification number is inquired by communication. Since the personal identification number is the power stored in the internal mobile phone s, can not direct ⁇ access to the interior of the storage device by the user, is a danger force? Reduce unauthorized personal identification number is read.
- SSL for example, 128-bit
- the card company can store the required member information items in the required format in the mobile phone. Therefore, the stored member information is as intended by the power company.
- the card number or expiration date in the member information sent from the card company's web server is different from the actual credit card possessed by the user and the second card number for electronic payment and Z or expiration date. can do.
- the fact that the stored member information is as intended by the card company is also advantageous in data collation in the approval process in the settlement gateway 241.
- the “product” in the present invention is not limited to a tangible thing, and may be an intangible thing such as software.
- the software product will be It can be downloaded from the Internet.
- the initial user registration and Z or product purchase using the Internet are described in detail. Data communication may be used. For example, screen data for initial user registration can be delivered by broadcast. Alternatively, it is possible to broadcast the URL data of the card company site by broadcasting. Industrial applicability '
- the present invention relates to the design and manufacture of so-called information home appliances such as mobile phones, televisions, game consoles, word processors, car navigation systems, and related computer programs, and the use of credit cards for secure commerce on the Internet. Available for bow I.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Development Economics (AREA)
- Marketing (AREA)
- Economics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2001225528A AU2001225528A1 (en) | 2000-01-13 | 2001-01-15 | Information home electric appliance |
US10/181,132 US7467099B2 (en) | 2000-01-13 | 2001-01-15 | Information home electric appliance |
JP2001552281A JP4606680B2 (ja) | 2000-01-13 | 2001-01-15 | 情報家電装置 |
EP01900754A EP1248217A4 (en) | 2000-01-13 | 2001-01-15 | DOMESTIC ELECTRICAL INFORMATION APPLIANCE |
US12/275,169 US20090157558A1 (en) | 2000-01-13 | 2008-11-20 | Information home electric appliance |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2000-4169 | 2000-01-13 | ||
JP2000004169 | 2000-01-13 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/275,169 Division US20090157558A1 (en) | 2000-01-13 | 2008-11-20 | Information home electric appliance |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001052134A1 true WO2001052134A1 (fr) | 2001-07-19 |
Family
ID=18532986
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2001/000184 WO2001052134A1 (fr) | 2000-01-13 | 2001-01-15 | Appareil electrique domestique d'information |
Country Status (5)
Country | Link |
---|---|
US (2) | US7467099B2 (ja) |
EP (1) | EP1248217A4 (ja) |
JP (1) | JP4606680B2 (ja) |
AU (1) | AU2001225528A1 (ja) |
WO (1) | WO2001052134A1 (ja) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003162663A (ja) * | 2001-11-28 | 2003-06-06 | Shu Ishigami | 電子データの自動配信方法及びシステム |
JP2003162680A (ja) * | 2001-11-28 | 2003-06-06 | Jcb:Kk | 決済システム及び方法 |
JP2004086591A (ja) * | 2002-08-27 | 2004-03-18 | Jcb:Kk | ネットワーク対応電化製品の課金システム |
JP2010117995A (ja) * | 2008-11-14 | 2010-05-27 | Dainippon Printing Co Ltd | アプリケーション発行システム、装置及び方法 |
JP2012014272A (ja) * | 2010-06-29 | 2012-01-19 | Mitsubishi Ufj Nicos Co Ltd | 決済システム及び決済方法 |
CN104333551A (zh) * | 2014-10-31 | 2015-02-04 | 上海电机学院 | 一种电力二次系统主动安全防御系统 |
JP2020064664A (ja) * | 2013-05-13 | 2020-04-23 | バリディウム アイピー リミテッド | アクセス制御される環境へのアクセスを認可するためのシステム及び方法 |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7308424B2 (en) * | 2001-03-12 | 2007-12-11 | Ricoh Company, Ltd. | Electronic commerce system and electronic commerce method |
JP2002269350A (ja) * | 2001-03-14 | 2002-09-20 | Hitachi Ltd | 取引決済方法、取引決済システム並びにそれに用いる携帯通信端末及び加盟店用決済端末 |
KR100400458B1 (ko) * | 2001-05-14 | 2003-10-01 | 엘지전자 주식회사 | 네트워크 가능한 가전기기의 프로토콜 업그레이드 방법 |
EP2011301B1 (en) * | 2006-04-10 | 2011-06-22 | Trust Integration Services B.V. | Arrangement of and method for secure data transmission. |
US7966646B2 (en) * | 2006-07-31 | 2011-06-21 | Aruba Networks, Inc. | Stateless cryptographic protocol-based hardware acceleration |
US20080060060A1 (en) * | 2006-08-28 | 2008-03-06 | Memory Experts International Inc. | Automated Security privilege setting for remote system users |
WO2008028287A1 (en) * | 2006-09-08 | 2008-03-13 | Memory Experts International Inc. | Automated security privilege setting for remote system users |
JP5470863B2 (ja) * | 2009-01-15 | 2014-04-16 | ソニー株式会社 | サーバへの電子機器の登録 |
US9882734B2 (en) * | 2011-08-19 | 2018-01-30 | Ecolink Intelligent Technology Inc. | Method and apparatus for network device detection |
KR101909026B1 (ko) * | 2011-08-19 | 2018-10-17 | 엘지전자 주식회사 | 전기제품 정보 관리 시스템 |
ITRM20120376A1 (it) * | 2012-08-01 | 2014-02-02 | Postecom S P A | Metodo per securizzare tramite un dispositivo client una operazione dispositiva o di acquisto |
CN103269332B (zh) * | 2013-04-22 | 2017-02-08 | 中国南方电网有限责任公司 | 面向电力二次系统的安全防护系统 |
US9130996B1 (en) * | 2014-03-26 | 2015-09-08 | Iboss, Inc. | Network notifications |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0883313A2 (en) * | 1997-06-03 | 1998-12-09 | At&T Wireless Services, Inc. | Method and system for exchanging Internet data with a mobile station |
JPH11167591A (ja) * | 1997-12-02 | 1999-06-22 | Oki Electric Ind Co Ltd | 電子公証システムおよび自動化機器 |
JPH11203358A (ja) * | 1998-01-12 | 1999-07-30 | Japan Aviation Electron Ind Ltd | 携帯端末機器を用いた認証決済方法及びその携帯端末機器 |
JPH11345201A (ja) * | 1998-05-29 | 1999-12-14 | Ntt Data Corp | 情報提供システム及び情報提供ネットワークシステム |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1912885B (zh) * | 1995-02-13 | 2010-12-22 | 英特特拉斯特技术公司 | 用于安全交易管理和电子权利保护的系统和方法 |
US5590197A (en) * | 1995-04-04 | 1996-12-31 | V-One Corporation | Electronic payment system and method |
DE69726138T2 (de) * | 1996-04-26 | 2004-09-09 | Hewlett-Packard Co., Fort Collins | Ein system und verfahren zum einrichten von elektronischem bezahlen und krediteinzug über ein netzwerk unter verwendung eines zahlungsmittelhalters |
AU3492697A (en) | 1996-06-17 | 1998-01-07 | Verifone, Inc. | A system, method and article of manufacture for a virtual point of sale processing utilizing a multichannel, extensible, flexible architecture |
US5889863A (en) * | 1996-06-17 | 1999-03-30 | Verifone, Inc. | System, method and article of manufacture for remote virtual point of sale processing utilizing a multichannel, extensible, flexible architecture |
CN1664828A (zh) * | 1997-08-13 | 2005-09-07 | 松下电器产业株式会社 | 移动电子商务系统 |
EP0917119A3 (en) | 1997-11-12 | 2001-01-10 | Citicorp Development Center, Inc. | Distributed network based electronic wallet |
US6263446B1 (en) * | 1997-12-23 | 2001-07-17 | Arcot Systems, Inc. | Method and apparatus for secure distribution of authentication credentials to roaming users |
JPH11219389A (ja) * | 1998-02-02 | 1999-08-10 | Hitachi Ltd | インターネットショッピングシステム |
US6327578B1 (en) * | 1998-12-29 | 2001-12-04 | International Business Machines Corporation | Four-party credit/debit payment protocol |
US7085931B1 (en) * | 1999-09-03 | 2006-08-01 | Secure Computing Corporation | Virtual smart card system and method |
FR2802372B1 (fr) * | 1999-12-09 | 2002-05-03 | France Telecom | Systeme de paiement electronique a travers un reseau de telecommunication |
-
2001
- 2001-01-15 US US10/181,132 patent/US7467099B2/en not_active Expired - Lifetime
- 2001-01-15 WO PCT/JP2001/000184 patent/WO2001052134A1/ja active Application Filing
- 2001-01-15 AU AU2001225528A patent/AU2001225528A1/en not_active Abandoned
- 2001-01-15 EP EP01900754A patent/EP1248217A4/en not_active Withdrawn
- 2001-01-15 JP JP2001552281A patent/JP4606680B2/ja not_active Expired - Lifetime
-
2008
- 2008-11-20 US US12/275,169 patent/US20090157558A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0883313A2 (en) * | 1997-06-03 | 1998-12-09 | At&T Wireless Services, Inc. | Method and system for exchanging Internet data with a mobile station |
JPH11167591A (ja) * | 1997-12-02 | 1999-06-22 | Oki Electric Ind Co Ltd | 電子公証システムおよび自動化機器 |
JPH11203358A (ja) * | 1998-01-12 | 1999-07-30 | Japan Aviation Electron Ind Ltd | 携帯端末機器を用いた認証決済方法及びその携帯端末機器 |
JPH11345201A (ja) * | 1998-05-29 | 1999-12-14 | Ntt Data Corp | 情報提供システム及び情報提供ネットワークシステム |
Non-Patent Citations (2)
Title |
---|
KABUSHIKI KAISHA ASUKI: "Nihon hatsu no SET taiou denshi shoutengai V-mall woou", ASCII NT, vol. 1, no. 10, 1 October 1998 (1998-10-01), pages 134 - 137, XP002938920 * |
See also references of EP1248217A4 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003162663A (ja) * | 2001-11-28 | 2003-06-06 | Shu Ishigami | 電子データの自動配信方法及びシステム |
JP2003162680A (ja) * | 2001-11-28 | 2003-06-06 | Jcb:Kk | 決済システム及び方法 |
JP2004086591A (ja) * | 2002-08-27 | 2004-03-18 | Jcb:Kk | ネットワーク対応電化製品の課金システム |
JP2010117995A (ja) * | 2008-11-14 | 2010-05-27 | Dainippon Printing Co Ltd | アプリケーション発行システム、装置及び方法 |
JP2012014272A (ja) * | 2010-06-29 | 2012-01-19 | Mitsubishi Ufj Nicos Co Ltd | 決済システム及び決済方法 |
JP2020064664A (ja) * | 2013-05-13 | 2020-04-23 | バリディウム アイピー リミテッド | アクセス制御される環境へのアクセスを認可するためのシステム及び方法 |
CN104333551A (zh) * | 2014-10-31 | 2015-02-04 | 上海电机学院 | 一种电力二次系统主动安全防御系统 |
Also Published As
Publication number | Publication date |
---|---|
US7467099B2 (en) | 2008-12-16 |
EP1248217A4 (en) | 2006-06-28 |
US20040015406A1 (en) | 2004-01-22 |
AU2001225528A1 (en) | 2001-07-24 |
EP1248217A1 (en) | 2002-10-09 |
US20090157558A1 (en) | 2009-06-18 |
JP4606680B2 (ja) | 2011-01-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5638046B2 (ja) | コンピュータ・ネットワーク上において行われる購買を許可する方法およびシステム | |
US20090157558A1 (en) | Information home electric appliance | |
US10325254B2 (en) | Communication terminal and communication method using plural wireless communication schemes | |
TW548564B (en) | Methods and apparatus for conducting electronic commerce | |
US8060413B2 (en) | System and method for making electronic payments from a wireless mobile device | |
JP4469376B2 (ja) | 移動電話、移動電話を用いてキャッシュレス取引を行うための方法及びコンピュータシステム | |
US7343351B1 (en) | Methods and apparatus for conducting electronic transactions | |
RU2252451C2 (ru) | Способ проведения трансакций, компьютеризованный способ защиты сетевого сервера, трансакционная система, сервер электронного бумажника, компьютеризованный способ выполнения онлайновых покупок (варианты) и компьютеризованный способ контроля доступа | |
WO2007001239A1 (en) | Updating a mobile payment device | |
KR100822985B1 (ko) | 닉네임을 이용한 지불결제 처리 시스템 | |
WO2003105037A1 (ja) | 購入者携帯端末と共働するデータ通信仲介装置 | |
Hamann et al. | Securing e-business applications using smart cards | |
JP2002279195A (ja) | 消費者システム及び暗証番号入力端末装置 | |
AU2004231226B2 (en) | Methods and apparatus for conducting electronic transactions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AU BR CA CN JP KR SG US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
ENP | Entry into the national phase |
Ref country code: JP Ref document number: 2001 552281 Kind code of ref document: A Format of ref document f/p: F |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2001900754 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2001900754 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10181132 Country of ref document: US |