WO2011055804A1 - ハンディターミナル及び該ハンディターミナルに用いられる決済方法 - Google Patents
ハンディターミナル及び該ハンディターミナルに用いられる決済方法 Download PDFInfo
- Publication number
- WO2011055804A1 WO2011055804A1 PCT/JP2010/069754 JP2010069754W WO2011055804A1 WO 2011055804 A1 WO2011055804 A1 WO 2011055804A1 JP 2010069754 W JP2010069754 W JP 2010069754W WO 2011055804 A1 WO2011055804 A1 WO 2011055804A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- program
- hash value
- payment
- key
- input
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/326—Payment applications installed on the mobile devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/367—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
- G06Q20/3674—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3827—Use of message hashing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1025—Identification of user by a PIN code
- G07F7/1091—Use of an encrypted form of the PIN
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/12—Card verification
- G07F7/122—Online card verification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Definitions
- the present invention relates to a handy terminal and a settlement method used for the handy terminal, and more particularly to a handy terminal suitable for application to a portable information terminal equipped with a settlement function for performing settlement of a credit card or the like, and the handy terminal. It relates to the settlement method used.
- PCIDSS Personal Identification International standard for payment card security
- handy terminals personal digital assistants
- PIN Personal Identification International standard for payment card security
- PIN Personal Identification International standard for payment card security
- a PIN input dedicated keyboard is provided separately from the keyboard used in the business program to perform PIN input.
- the display device to be used is separated by the business program and the PIN input. In this way, when the PIN input and the business program are executed, it is possible to prevent the PIN code from being stolen by separating the keyboard and the display device from each other.
- an IC card and a PDA (Personal Digital Assistance: personal information device) and a payment server are configured to cooperate with each other, and customer information A is registered in advance in the payment server.
- the customer information B of the IC card is transmitted from the PDA to the settlement server.
- the payment server issues an IC card payment instruction to the PDA.
- IC card credit settlement processing can be performed while preventing customer information from being stolen.
- the main CPU board is used only when the sub CPU board authenticates using an authentication secret key and an operation program. Performs payment processing. In this way, by separating the sub CPU board that performs authentication and the main CPU board that executes payment processing, it becomes possible to perform card payment processing while preventing the stealing of customer information.
- JP 2002-133533 A JP 2005-182315 A JP 2006-178544 A
- the related technology has the following problems. That is, if one portable information terminal is a PIN input dedicated machine, a portable information terminal for a business program must be prepared separately, so that having two portable information terminals impairs portability. End up. Also, if two keyboards and display devices for business programs and PIN input are mounted in one portable information terminal, the product cost will increase and the application will be limited. It becomes a factor to prevent.
- the keyboard and display device used in the business program can be shared by PIN input, one portable information terminal can be reduced in size.
- the business program and PIN input can share the keyboard and the display device, it is possible to share the software and hardware platforms that serve as the environment for operating the application.
- the portability of the portable information terminal is improved, the structure design is simplified, the manufacturing process is simplified, the product cost is reduced, and the convenience of the portable information terminal is improved.
- a malicious program is installed by sharing the business program and PIN input keyboard and display device, it is possible to create a PIN input pseudo input screen and steal the PIN code. There is a problem of becoming.
- the order settlement system described in Patent Document 1 performs settlement processing by a handy terminal dedicated for settlement in cooperation with POS, and the handy terminal cannot perform settlement processing alone.
- this handy terminal does not develop business programs or the like, but only performs credit card settlement processing. Therefore, this technology cannot be applied to a handy terminal technology for sharing a business program and PIN input keyboard and display device.
- the PDA can perform payment processing while preventing theft by cooperating with the payment server, so that the payment processing system becomes complicated. End up. Further, since the PDA alone does not have a function of performing settlement processing while preventing theft, similarly to Patent Document 1, it is developed to a technique for sharing a keyboard and a display device for business programs and PIN input. It is not possible.
- the main CPU board and the sub CPU board cooperate to perform the payment process while preventing theft.
- the system becomes complicated.
- the main CPU board or the sub CPU board cannot be developed to a technique for performing a settlement process while preventing the stealing alone.
- the present invention has been made in view of the above circumstances, and provides a settlement function that can ensure security with a simple system even if a keyboard and a display device for executing a business program and PIN input are shared.
- An object is to provide an installed handy terminal (portable information terminal) and a settlement method used for the handy terminal.
- a first configuration of the present invention is a handy terminal equipped with a payment function capable of processing a business program input and a credit card PIN input controlled by a payment program with a common keyboard.
- a payment program correctness determination means for determining whether or not the payment program requested to be input has been properly released by the program hash value of the payment program when the insertion state of the credit card is detected. It is characterized by providing.
- a second configuration of the present invention relates to a payment method used in a handy terminal capable of processing a business program input and a credit card PIN input controlled by a payment program with a common keyboard, and the credit card insertion state
- a credit card can be obtained by confirming the validity of the settlement program by performing predetermined program authentication in advance.
- the PIN code can be prevented from being stolen.
- the insertion state of the credit card is detected, and only the authenticated payment program is notified of the key input.
- an existing business program can be operated as a general-purpose keyboard, so that a certain level of versatility is sufficiently ensured.
- FIG. 3 It is a block diagram which shows the structure of the handy terminal which is one Embodiment of this invention. It is a flowchart which shows the flow of operation
- movement of the handy terminal of FIG. 3 is a flowchart showing a flow of installation / module preparation and device registration in steps S1 and S2 in FIG. It is a flowchart which shows the flow of the authentication process of the payment program 11b in step S6 in FIG.
- the payment program correctness determination means enables execution of PIN code input of the credit card when it is determined that the payment program is valid, and when it is determined that the payment program is illegal The code notification is rejected and the execution of the PIN code input is made impossible. Further, when the hash value comparison means determines that the first program hash value and the second program hash value match, the key code notification control means determines the PIN code input of the credit card. When the hash value comparison means determines that the first program hash value and the second program hash value are inconsistent, the key code notification control means This notification is rejected to make the execution of the PIN code input impossible.
- the combining means for combining the encrypted first program hash value and the payment program, the combining means comprising the encrypted first program hash value and the payment program.
- the first key is an encryption key generated using a secret key and a random number
- the second key is the encryption key and the public key, and includes the first program hash value and the first key.
- the program hash value of 2 is encrypted using at least one of the secret key and the encryption key, and the encrypted first program hash value and the second program hash value are It is decrypted using the key or the encryption key.
- FIG. 1 is a block diagram showing a configuration of a handy terminal according to an embodiment of the present invention.
- the handy terminal 1 of this form includes a main board 2 and a keyboard unit 3.
- the main board 2 includes a main board memory 11 that executes processing of the programs (business program 11a and settlement program 11b) on the main board 2, and a main CPU (central control unit) 12 that performs processing of the entire device of the handy terminal 1.
- a display unit 13 for displaying the contents of the business program 11a and the settlement program 11b and the contents inputted from the outside.
- the keyboard unit 3 includes a sub CPU 21 that controls various control programs in the keyboard unit 3, a keyboard 22 that serves as a user interface for performing various operation inputs, and various control programs (keyboard control program for the keyboard unit 3). 23a, a card reader control program 23b, and a PIN input control program 23c), and a card reader 24 for reading credit card information.
- FIG. 2 is a flowchart showing the operation flow of the handy terminal of FIG. 1
- FIG. 3 is a flowchart showing the flow of installation module preparation and device registration in steps S1 and S2 in FIG. 2, and
- FIG. It is a flowchart which shows the flow of the authentication process of the payment program 11b in step S6 in the inside.
- FIG. 2 shows a flow of operations of the main board 2 and the keyboard unit 3. That is, in FIG. 2, first, a module for installation in the handy terminal 1 is prepared (step S1), and this module is registered in the device of the handy terminal 1 (step S2). Next, when device registration (installation work) in the handy terminal 1 is completed in step S2, business processing during normal operation is started (step S3). Thereby, the keyboard unit 3 is used as a general-purpose keyboard, and the user performs an input operation on the keyboard 22. When the keyboard unit 3 detects a keyboard input and notifies the main board 2 (step S4), the business program 11a in the main board memory 11 acquires a key code from the keyboard input information of the keyboard unit 3 (step S5). ).
- the keyboard unit 3 of the handy terminal 1 can also input a PIN code of a credit card.
- authentication processing of the settlement program 11b of the main board memory 11 in the main board 2 is performed (step S6).
- Such an authentication timing of the settlement program 11b is performed every time the settlement program 11b starts up (that is, every time the EXE file is executed).
- step S6 When the authentication process of the settlement program is completed in step S6, insertion of a credit card is detected by the card reader control 23b of the keyboard unit memory 23 in the keyboard unit 3 (step S7). Then, when it is determined that the payment program is a correct payment program based on the comparison result between the first hash value assigned to the payment program 11b and the second hash value calculated when the payment program 11b is executed, the keyboard 22 is displayed.
- step S8 the detected key code is notified from the keyboard control program 23a of the keyboard unit 3 to the main board 2.
- the settlement program 11b of the main board memory 11 in the main board 2 acquires the key code (step S9). If it is determined that the program is a malicious program based on the comparison result of the hash values, the keyboard unit 3 does not notify the main board 2 of keyboard input.
- step S9 when the payment program 11b obtains the key code in step S9, the keyboard unit 3 continues to notify the payment program 11b of keyboard input while the credit card PIN is being input (step 10). (Step S8) At this time, "* code" is notified as the key code. Finally, when it is detected that the credit card has been removed (step S11), all the hash value comparison results are cleared, and the processing returns to the above-described general keyboard processing in steps S4 and S5.
- a public key to be distributed to unspecified persons is prepared (step S21), and a secret key known only to itself is prepared (step S22).
- the settlement program 11b of the main board memory 11 in the main board 2 is prepared (step S23), and the hash value assigned to the settlement program 11b by the main CPU 12 is calculated using the development PC (Personal Computer) (step S23).
- the hash value is a value calculated by a calculation method for generating a fixed-length random number from arbitrary data in the settlement program 11b. By using this hash value, the data search time can be shortened. It becomes possible.
- step S24 the hash value calculated in step S24 is encrypted using the secret key prepared in step S22 (step S25). Further, the encrypted hash value and the settlement program 11b are combined (step S26), and the combined module (that is, the encrypted hash value and the settlement program 11b) is stored in the main board memory 11 of the main board 2 in the handy terminal 1. Installation is performed (step S27).
- the business program 11a for performing business processing is installed in the main board memory 11 in the main board 2 (step S28). Further, in order to decrypt the hash value, the public key prepared in step S21 is installed in the keyboard unit memory 11 of the keyboard unit 3 (step S29).
- step S6 In the authentication process of the payment program 11b in step S6 in FIG. 2, as shown in FIG. 4, first, a combination module of the hash value (encryption) combined in step S26 in FIG.
- the settlement program 11b is left on the main board 2 (step S32), and the encrypted hash value is transferred to the keyboard unit 3 (step S33).
- step S34 the sub CPU 21 of the keyboard unit 3 decrypts this hash value using the registered public key (step S34), and converts the hash value into plain text (step S35).
- the main CPU 12 calculates a hash value at the time of execution of the settlement program 11b remaining in step S32 (step S36).
- an encryption key is generated on the keyboard unit 3 side using a random number (step S37). Transfer to main board 2.
- the main board 2 side uses the encryption key received from the keyboard unit 3 to encrypt the hash value calculated by the main CPU 12 in step S36 (step S38), and the encrypted hash value is stored in the keyboard unit 3. (Step S39).
- the keyboard unit 3 side receives the encrypted hash value from the main board 2 (step S40), decrypts the encrypted hash value using the encryption key generated in step S37, and generates a plaintext hash.
- a value is extracted (step S41).
- the hash value of 2 is compared (step S42). If the comparison result between the first hash value and the second hash value is matched, the payment program 11b stores the authentication result in the keyboard unit memory 23 on the keyboard unit 3 side as being authenticated (see FIG. Step S43).
- the reason for encrypting the hash value is due to the following reasons (1) and (2).
- (2) The serial interface part of the main board 2 and the keyboard unit 3 is constantly monitored, and the hash value is leaked by encrypting the hash value while changing the encryption key with a random number each time so that the hash value is not stolen. Is preventing.
- the handy terminal determines whether the payment program requested to be input is properly released or not based on the hash value of the payment program when the insertion state of the credit card is detected.
- Program correctness determination means is provided.
- the payment program correctness determination means determines that the payment program is a legitimate program, it notifies the key code and enables PIN input, and when it determines that the payment program is an unauthorized program, it notifies the key code. And PIN entry is disabled. Accordingly, it is possible to prevent the PIN input code from being read by a malicious third party.
- detection means for detecting the insertion / removal state of the credit card
- key code notification control means for controlling the key code notification in the insertion / removal state of the credit card
- Hash value calculation means for calculating a program hash value for detection, and a program hash value using a secret key, an encryption key, and a public key owned by the program manufacturer so that the program hash value is not stolen
- the encryption / decryption means for encrypting / decrypting the data
- the coupling means for combining the encrypted hash value and the payment program, and the program for determining whether or not the payment program has been properly released.
- a hash that compares the assigned hash value with the hash value calculated during program execution It is constituted by a value comparison means.
- the detecting means for detecting the insertion / extraction state of the credit card is realized by detecting the insertion of the credit card by the card reader control 23b of the keyboard unit memory 23.
- the key code notification control means for controlling the key code notification when the credit card is inserted / removed notifies / displays the detected key code from the keyboard control program 23a of the keyboard unit 3 to the settlement program 11b of the main board 2. Is realized.
- the main CPU 12 calculates the hash value given to the payment program 11b and the hash value at the time of execution of the payment program 11b. Is realized.
- a combining means for combining the encrypted hash value and the settlement program is realized by merging the encrypted hash value and the settlement program 11b into a module and installing it in the main board memory 11 of the main board 2.
- the hash value comparison means for comparing the hash value assigned to the program with the hash value calculated at the time of executing the program is as follows.
- the main CPU 12 uses the first hash value assigned to the settlement program 11b and the settlement program 11b. This is realized by calculating and comparing the second hash value at the time of execution.
- the settlement program 11b is properly released prior to the PIN input operation. It is determined whether it is a thing. At this time, if the requested payment program is a valid program, the key code is notified and the PIN code can be normally input. On the other hand, if the requested payment program is an illegal program, the PIN code can be prevented from being stolen by not providing the key code.
- the handy terminal of the present invention which can perform business programs and PIN input with a common keyboard, is not limited to credit card payment processing, and is illegally used by a third party even when used as electronic money. Can be prevented.
- the handy terminal of the present invention can prevent the PIN input code from being stolen even if the business program and the PIN input are alternately used independently without cooperating with a host device such as POS. It can be effectively used at department stores and department stores.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Cash Registers Or Receiving Machines (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Number:暗証番号)を入力して決済処理を行うことができるハンディターミナル(携帯情報端末)を対象にして、決済カードのセキュリティに関する国際統一基準(PCIDSS:Payment Card Industry Data Security Standard:クレジットカード業界データセキュリティ基準)が規定化されている。この国際統一基準によれば、ハンディターミナルにPIN入力専用のキーボードと表示装置を設けることにより、PINコードの盗み出しを防止することができる。すなわち、クレジットカードのPIN入力を行う場合、業務プログラムで使用するキーボードとは別に、PIN入力専用のキーボードを設けてPIN入力を行う。また、表示方法についても、業務プログラムとPIN入力とによって使用する表示装置を分離する。このようにして、PIN入力と業務プログラムを実行する場合において、キーボード及び表示装置をそれぞれ分離することにより、PINコードの盗み出しを防止することが可能となる。
このオーダ決済システムでは、飲食店などにおいて、POS(Point Of
Sales)と客席のハンディターミナルとを連携させることにより、POSでの操作を行うことなく、客席にいながら顧客のクレジットカードの決済処理を行うことができる。
Digital Assistance :個人情報機器)と決済サーバとが連携するように構成されていて、決済サーバにはあらかじめ顧客情報Aが登録されている。そして、顧客がPDAに入力したPINとICカードのPINとが一致したときに、PDAから決済サーバへICカードの顧客情報Bが送信される。次に、PDAから決済サーバへ送信された顧客情報Bと決済サーバに登録されている顧客情報Aとが一致したときに、決済サーバがPDAに対してICカードの決済指示を行う。これによって、顧客情報の盗み出しを防止しながらICカードのクレジット決済処理を行うことができる。
すなわち、一つの携帯情報端末をPIN入力専用機にすると、これとは別に業務プログラム用の携帯情報端末を用意しなければならないため、携帯情報端末を2台持つことになって携帯性が損なわれてしまう。また、一つの携帯情報端末の中に、業務プログラム用とPIN入力用の2つのキーボードと表示装置を実装すると製品コストが上昇し、かつ用途が限定されてしまうので、携帯情報端末としての製品展開を妨げる要因となる。
図1は、この発明の一実施形態であるハンディターミナルの構成を示すブロック図である。
図1に示すように、この形態のハンディターミナル1は、メインボード2とキーボードユニット3とによって構成されている。メインボード2は、同メインボード2上のプログラム(業務プログラム11a及び決済プログラム11b)の実行処理を行うメインボードメモリ11と、ハンディターミナル1の装置全体の処理を行うメインCPU(中央制御部)12と、業務プログラム11a及び決済プログラム11bの内容や外部から入力された内容の表示を行う表示ユニット13とを備えて構成されている。
これらの図を参照して、この形態のハンディターミナルに用いられる決済方法の処理内容について説明する。
すなわち、図2において、まず、ハンディターミナル1にインストールするためのモジュールを準備し(ステップS1)、このモジュールをハンディターミナル1の装置へ登録する(ステップS2)。次に、ステップS2においてハンディターミナル1への装置登録(インストール作業)が完了したら、通常の運用時における業務処理が開始される(ステップS3)。これによって、キーボードユニット3は、汎用キーボードとしての利用により、ユーザによってキーボード22の入力操作が行われる。ここで、キーボードユニット3がキーボード入力を検出してメインボード2へ通知すると(ステップS4)、メインボードメモリ11の業務プログラム11aは、キーボードユニット3のキーボード入力情報からキーコードを取得する(ステップS5)。
(1)ハッシュ値の暗号化のロジックが正しいか否かを確認することにより、メインボード2側の処理が正当なものか否かを判断することができる。
(2)メインボード2とキーボードユニット3のシリアルインタフェース部分が常時モニタされ、ハッシュ値が盗み出されないように、その都度、乱数によって暗号鍵を変えながらハッシュ値を暗号化することによってハッシュ値の流出を防止している。
たとえば、業務プログラムとPIN入力を共通のキーボードで行うことができるこの発明のハンディターミナルは、クレジットカードの決済処理に限定されることなく、電子マネーとして利用しても第三者によって不正に使用されることを防止することができる。
2 メインボード
3 キーボードユニット
11 メインボードメモリ
11a 業務プログラム
11b 決済プログラム(ハッシュ値計算手段)
12 メインCPU(決済プログラム正否判定手段、ハッシュ値計算手段、暗号化手段、結合手段)
13 表示ユニット
21 サブCPU(復号化手段、ハッシュ値比較手段)
22 キーボード
23 キーボードユニットメモリ(キーコード通知制御手段)
23a キーボード制御プログラム(検出手段)
23b カードリーダ制御プログラム
23c PIN入力制御プログラム
24 カードリーダ
Claims (12)
- 業務プログラムの入力と決済プログラムによって制御されるクレジットカードのPIN入力とを、共通のキーボードで処理できる決済機能搭載型のハンディターミナルであって、
前記クレジットカードの挿入状態が検出されたとき、入力要求された前記決済プログラムが正規にリリースされたものか否かを、その決済プログラムのプログラム・ハッシュ値によって判定する決済プログラム正否判定手段を備えることを特徴とするハンディターミナル。 - 業務プログラムの入力と決済プログラムによって制御されるクレジットカードのPIN入力とを、共通のキーボードで処理できる決済機能搭載型のハンディターミナルであって、
前記クレジットカードの挿抜状態を検出する検出手段と、
前記決済プログラムの改ざんを検出するための、前記決済プログラムに付与された第1のプログラム・ハッシュ値と、プログラム実行時に用いられる第2のプログラム・ハッシュ値とを計算するハッシュ値計算手段と、
第1の鍵を用いて、前記ハッシュ値計算手段が計算した前記第1のプログラム・ハッシュ値及び前記第2のプログラム・ハッシュ値を暗号化する暗号化手段と、
第2の鍵を用いて、前記暗号化手段によって暗号化された前記第1のプログラム・ハッシュ値及び前記第2のプログラム・ハッシュ値を復号化する復号化手段と、
前記決済プログラムが正規にリリースされたものか否かを判定するために、前記復号化手段によって復号化された前記第1のプログラム・ハッシュ値と前記第2のプログラム・ハッシュ値とを比較するハッシュ値比較手段と、
前記ハッシュ値比較手段による比較結果が整合化されたとき、前記検出手段が検出した前記クレジットカードの挿抜状態に基づいてキーコードの通知を制御するキーコード通知制御手段とを備えることを特徴とするハンディターミナル。 - 前記決済プログラム正否判定手段は、
前記決済プログラムが正当であると判定したときは、前記クレジットカードのPINコード入力の実行を可能にし、前記決済プログラムが不正であると判定したときは、キーコードの通知を拒否して前記PINコード入力の実行を不可能にすることを特徴とする請求項1記載のハンディターミナル。 - 前記ハッシュ値比較手段が、前記第1のプログラム・ハッシュ値と前記第2のプログラム・ハッシュ値とが整合すると判定したとき、前記キーコード通知制御手段は、前記クレジットカードのPINコード入力の実行を可能にし、
前記ハッシュ値比較手段が、前記第1のプログラム・ハッシュ値と前記第2のプログラム・ハッシュ値とが不整合であると判定したとき、前記キーコード通知制御手段は、キーコードの通知を拒否して前記PINコード入力の実行を不可能にすることを特徴とする請求項2記載のハンディターミナル。 - さらに、暗号化した前記第1のプログラム・ハッシュ値と前記決済プログラムとを結合させる結合手段を備え、
前記結合手段は、暗号化した前記第1のプログラム・ハッシュ値と前記決済プログラムとを結合モジュールとしてメインボードメモリにインストールすることを特徴とする請求項2又は4記載のハンディターミナル。 - 前記第1の鍵は秘密鍵及び乱数を用いて生成した暗号鍵であり、前記第2の鍵は、前記暗号鍵及び公開鍵であって、前記第1のプログラム・ハッシュ値及び前記第2のプログラム・ハッシュ値は前記秘密鍵と前記暗号鍵の少なくとも1つを用いて暗号化され、暗号化された前記第1のプログラム・ハッシュ値及び前記第2のプログラム・ハッシュ値は、前記公開鍵又は前記暗号鍵を用いて復号化されることを特徴とする請求項2、4又は5記載のハンディターミナル。
- 業務プログラムの入力と決済プログラムによって制御されるクレジットカードのPIN入力とを、共通のキーボードで処理できるハンディターミナルに用いられる決済方法であって、
前記クレジットカードの挿入状態を検出する第1のステップと、
前記第1のステップで前記クレジットカードの挿入状態が検出されたとき、入力要求された決済プログラムが正規にリリースされたものか否かを前記決済プログラムのプログラム・ハッシュ値によって判定する第2のステップとを含むことを特徴とする決済方法。 - 業務プログラムの入力と決済プログラムによって制御されるクレジットカードのPIN入力とを、共通のキーボードで処理するハンディターミナルに用いられる決済方法であって、
前記クレジットカードの挿抜状態を検出する第1のステップと、
前記決済プログラムの改ざんを検出するための、前記決済プログラムに付与された第1のプログラム・ハッシュ値と、プログラム実行時に用いられる第2のプログラム・ハッシュ値とを計算する第2のステップと、
第1の鍵を用いて、前記第2のステップで計算された前記第1のプログラム・ハッシュ値及び前記第2のプログラム・ハッシュ値を暗号化する第3のステップと、
第2の鍵を用いて、前記第3のステップで暗号化された前記第1のプログラム・ハッシュ値及び前記第2のプログラム・ハッシュ値を復号化する第4のステップと、
前記決済プログラムが正規にリリースされたものか否かを判定するために、前記第4のステップで復号化された前記第1のプログラム・ハッシュ値と前記第2のプログラム・ハッシュ値とを比較する第5のステップと、
前記第5のステップにおける比較結果が整合化されたとき、前記第1のステップで検出した前記クレジットカードの挿抜状態に基づいてキーコードの通知を制御する第6のステップとを含むことを特徴とする決済方法。 - 前記決済プログラムが正当であると判定されたときは、前記クレジットカードのPINコード入力の実行を可能にし、前記決済プログラムが不正であると判定したときは、キーコードの通知を拒否して前記PINコード入力の実行を不可能にすることを特徴とする請求項7記載の決済方法。
- 前記第5のステップにおいて前記第1のプログラム・ハッシュ値と前記第2のプログラム・ハッシュ値とが整合すると判定されたときは、前記第6のステップにおいて前記クレジットカードのPINコード入力の実行を可能にし、前記第1のプログラム・ハッシュ値と前記第2のプログラム・ハッシュ値とが不整合であると判定されたときは、前記第6のステップにおいてキーコードの通知を拒否して前記PINコード入力の実行を不可能にすることを特徴とする請求項8記載の決済方法。
- 前記第3のステップにおいて前記第1のプログラム・ハッシュ値及び前記第2のプログラム・ハッシュ値が暗号化されたとき、暗号化された前記第1のプログラム・ハッシュ値と前記決済プログラムとは、結合モジュールとしてメインボードメモリにインストールされることを特徴とする請求項8又は10記載の決済方法。
- 前記第3のステップで用いられる前記第1の鍵は秘密鍵及び乱数を用いて生成した暗号鍵であり、前記第4のステップで用いられる前記第2の鍵は前記暗号鍵及び公開鍵であって、
前記第1のプログラム・ハッシュ値及び前記第2のプログラム・ハッシュ値は前記秘密鍵と前記暗号鍵の少なくとも1つを用いて暗号化され、暗号化された前記第1のプログラム・ハッシュ値及び前記第2のプログラム・ハッシュ値は、前記公開鍵又は前記暗号鍵を用いて復号化されることを特徴とする請求項8、10又は11記載の決済方法。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP10828363.1A EP2500880A4 (en) | 2009-11-09 | 2010-11-05 | HANDY TERMINAL AND PAYMENT PROCEDURE FOR THE HANDY TERMINAL |
US13/496,159 US10491395B2 (en) | 2009-11-09 | 2010-11-05 | Handy terminal and payment method to be used in same |
CN201080041107.0A CN102576435B (zh) | 2009-11-09 | 2010-11-05 | 掌上终端和用于掌上终端的支付方法 |
HK12111300.8A HK1170589A1 (en) | 2009-11-09 | 2012-11-08 | Handy terminal and payment method used for the handy terminal |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2009256218A JP4656458B1 (ja) | 2009-11-09 | 2009-11-09 | ハンディターミナル、及びハンディターミナルによる決済方法 |
JP2009-256218 | 2009-11-09 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011055804A1 true WO2011055804A1 (ja) | 2011-05-12 |
Family
ID=43952765
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2010/069754 WO2011055804A1 (ja) | 2009-11-09 | 2010-11-05 | ハンディターミナル及び該ハンディターミナルに用いられる決済方法 |
Country Status (6)
Country | Link |
---|---|
US (1) | US10491395B2 (ja) |
EP (1) | EP2500880A4 (ja) |
JP (1) | JP4656458B1 (ja) |
CN (1) | CN102576435B (ja) |
HK (1) | HK1170589A1 (ja) |
WO (1) | WO2011055804A1 (ja) |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101831404B1 (ko) * | 2011-08-11 | 2018-02-22 | 엘지전자 주식회사 | 이동 단말기 및 이동 단말기의 결제 방법 |
CN102419805B (zh) * | 2011-11-22 | 2015-05-20 | 中兴通讯股份有限公司 | 一种终端设备及其用户信息加密方法 |
CN102610045B (zh) * | 2012-03-22 | 2014-11-26 | 瑞达信息安全产业股份有限公司 | 一种可信移动支付系统及移动支付方法 |
CN102831369B (zh) * | 2012-09-13 | 2015-06-17 | 公安部第三研究所 | 具有pin码输入功能的智能卡读卡器及智能卡操作的方法 |
CN103279705A (zh) * | 2013-05-14 | 2013-09-04 | 上海华为技术有限公司 | 具有安全启动功能的芯片的校验方法及校验装置 |
JP5543010B1 (ja) * | 2013-12-20 | 2014-07-09 | 株式会社 ディー・エヌ・エー | 所定のサーバに対してログインを要求するログイン要求装置及び方法、並びにこれらに用いられるプログラム |
JP5810329B1 (ja) * | 2014-05-28 | 2015-11-11 | パナソニックIpマネジメント株式会社 | 決済端末装置 |
CN105760750B (zh) * | 2016-02-01 | 2019-06-14 | 北京华胜天成科技股份有限公司 | 软件篡改识别方法和系统 |
CN106570993A (zh) * | 2016-10-21 | 2017-04-19 | 深圳市新国都支付技术有限公司 | 一种提升矩阵键盘安全性的方法、装置和键盘 |
CN107437043A (zh) * | 2017-07-05 | 2017-12-05 | 哈尔滨新中新电子股份有限公司 | 一种密封电子设备的信息输入方法 |
CN108062833A (zh) * | 2017-12-07 | 2018-05-22 | 黄金屋科技有限公司 | 用于物品共享的储物柜系统 |
JP7178828B2 (ja) * | 2018-08-24 | 2022-11-28 | 株式会社エヌ・ティ・ティ・データ | オーダー端末、セルフ決済方法、及びプログラム |
CN110992047A (zh) * | 2019-11-29 | 2020-04-10 | 福建新大陆支付技术有限公司 | 全触屏pos终端pin安全输入方法 |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002133533A (ja) | 2000-10-26 | 2002-05-10 | Nec Infrontia Corp | オーダ決済システム |
JP2003016527A (ja) * | 2001-06-27 | 2003-01-17 | Fujitsu Ltd | 取引端末装置 |
JP2003162758A (ja) * | 2001-11-28 | 2003-06-06 | Nec Corp | 認証システム及びそれに用いる認証方法 |
WO2004017255A1 (ja) * | 2002-08-16 | 2004-02-26 | Fujitsu Limited | 取引端末装置および取引端末制御方法 |
JP2005182315A (ja) | 2003-12-17 | 2005-07-07 | Sumitomo Mitsui Card Co Ltd | 決済装置、決済システム、決済方法およびコンピュータプログラム |
JP2006178544A (ja) | 2004-12-20 | 2006-07-06 | Canon Inc | データ処理装置及びそのプログラム更新方法 |
JP2009256218A (ja) | 2008-04-14 | 2009-11-05 | Toray Ind Inc | 銅前駆体組成物およびそれを用いた銅膜の製造方法。 |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2666671B1 (fr) | 1990-09-12 | 1994-08-05 | Gemplus Card Int | Procede de gestion d'un programme d'application charge dans un support a microcircuit. |
US6170058B1 (en) * | 1997-12-23 | 2001-01-02 | Arcot Systems, Inc. | Method and apparatus for cryptographically camouflaged cryptographic key storage, certification and use |
US6092202A (en) * | 1998-05-22 | 2000-07-18 | N*Able Technologies, Inc. | Method and system for secure transactions in a computer system |
US7110984B1 (en) * | 1998-08-13 | 2006-09-19 | International Business Machines Corporation | Updating usage conditions in lieu of download digital rights management protected content |
CA2505920A1 (en) * | 2002-04-03 | 2003-10-09 | Swivel Secure Limited | System and method for secure credit and debit card transactions |
US8464353B2 (en) * | 2003-10-03 | 2013-06-11 | Hewlett-Packard Development Company, L. P. | Method and system for content downloads via an insecure communications channel to devices |
US7490245B2 (en) * | 2004-07-24 | 2009-02-10 | Lenovo (Singapore) Pte. Ltd. | System and method for data processing system planar authentication |
US7668313B2 (en) * | 2005-10-31 | 2010-02-23 | Texas Instruments Incorporated | Recipient-encrypted session key cryptography |
US8024579B2 (en) | 2006-12-29 | 2011-09-20 | Lenovo (Singapore) Pte Ltd. | Authenticating suspect data using key tables |
US8109444B2 (en) * | 2007-09-12 | 2012-02-07 | Devicefidelity, Inc. | Selectively switching antennas of transaction cards |
JP2009187501A (ja) * | 2008-02-08 | 2009-08-20 | Noboru Hishinuma | 支払システム、および、支払方法 |
-
2009
- 2009-11-09 JP JP2009256218A patent/JP4656458B1/ja active Active
-
2010
- 2010-11-05 CN CN201080041107.0A patent/CN102576435B/zh active Active
- 2010-11-05 WO PCT/JP2010/069754 patent/WO2011055804A1/ja active Application Filing
- 2010-11-05 EP EP10828363.1A patent/EP2500880A4/en active Pending
- 2010-11-05 US US13/496,159 patent/US10491395B2/en active Active
-
2012
- 2012-11-08 HK HK12111300.8A patent/HK1170589A1/xx unknown
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002133533A (ja) | 2000-10-26 | 2002-05-10 | Nec Infrontia Corp | オーダ決済システム |
JP2003016527A (ja) * | 2001-06-27 | 2003-01-17 | Fujitsu Ltd | 取引端末装置 |
JP2003162758A (ja) * | 2001-11-28 | 2003-06-06 | Nec Corp | 認証システム及びそれに用いる認証方法 |
WO2004017255A1 (ja) * | 2002-08-16 | 2004-02-26 | Fujitsu Limited | 取引端末装置および取引端末制御方法 |
JP2005182315A (ja) | 2003-12-17 | 2005-07-07 | Sumitomo Mitsui Card Co Ltd | 決済装置、決済システム、決済方法およびコンピュータプログラム |
JP2006178544A (ja) | 2004-12-20 | 2006-07-06 | Canon Inc | データ処理装置及びそのプログラム更新方法 |
JP2009256218A (ja) | 2008-04-14 | 2009-11-05 | Toray Ind Inc | 銅前駆体組成物およびそれを用いた銅膜の製造方法。 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2500880A4 |
Also Published As
Publication number | Publication date |
---|---|
CN102576435A (zh) | 2012-07-11 |
US10491395B2 (en) | 2019-11-26 |
CN102576435B (zh) | 2015-05-13 |
EP2500880A4 (en) | 2016-08-10 |
JP4656458B1 (ja) | 2011-03-23 |
US20120173435A1 (en) | 2012-07-05 |
HK1170589A1 (en) | 2013-03-01 |
JP2011100401A (ja) | 2011-05-19 |
EP2500880A1 (en) | 2012-09-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4656458B1 (ja) | ハンディターミナル、及びハンディターミナルによる決済方法 | |
US11544988B2 (en) | Multimode retail system | |
US20130046697A1 (en) | Using Mobile Device to Prevent Theft of User Credentials | |
US8675868B1 (en) | Encrypting an address-dependent value along with code to prevent execution or use of moved code | |
JP5357783B2 (ja) | 確認済取引データ生成のための方法及び装置 | |
US20130246800A1 (en) | Enhancing Security of Sensor Data for a System Via an Embedded Controller | |
US7293700B2 (en) | Transaction terminal device and transaction terminal control method | |
JP4636809B2 (ja) | 情報処理端末およびその情報安全保護方法 | |
CA2703612A1 (en) | System and method for authenticated payment terminal display prompt control | |
JP2008244992A (ja) | 端末装置及びプログラム | |
US8423783B2 (en) | Secure PIN management of a user trusted device | |
US20080114685A1 (en) | System and method for preventing unauthorized installation of a software program | |
WO2009149715A1 (en) | Secure link module and transaction system | |
JP2005157930A (ja) | 機密情報処理システムおよびlsi | |
JP2007206928A (ja) | ライセンス認証方法及びライセンス認証装置 | |
JP4918133B2 (ja) | データ保管方法、クライアント装置、データ保管システム、及びプログラム | |
US11551220B2 (en) | Method for processing transaction data, corresponding communications terminal, card reader and program | |
CN116415313A (zh) | 一种安全一体机、安全一体机的保护方法及装置 | |
CN114510688A (zh) | 设备解锁方法、装置、计算机可读存储介质及电子设备 | |
JP5062707B2 (ja) | 追加機能ユニットの有効化/無効化方法、そのシステム及びそのプログラム並びに追加機能ユニット | |
EP3021249A1 (en) | System for securely entering a private code | |
JP2002230511A (ja) | 多重認証可搬情報処理媒体 | |
JP2002055772A (ja) | 入力装置および情報処理装置 | |
WO2012111189A1 (ja) | 追加機能ユニットの有効化/無効化方法、そのシステム及びそのプログラム並びに追加機能ユニット | |
JP2001184567A (ja) | 取引処理装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080041107.0 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10828363 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13496159 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2390/CHENP/2012 Country of ref document: IN Ref document number: 2010828363 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |