JP2002298042A - Method and system for settlement of credit card, settling server, initial authentication method, authentication method, and authentication server - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a credit card settling method capable of performing the settlement of a credit card by a cell phone. SOLUTION: By gaining an access to a settlement server 2 with a cell phone 1, a trade number with term of validity (for example, disposable key effective one time only) is given, and an application for request of purchase of a commodity utilizing the credit card is made to a member shop server 3 by using the trade number. The member shop server 3 notifies the settlement server 2 of the trade number and, as the result, receives the answer of authority processing from the settlement server 2. By using a site stick as a storage device having a proper ID called the SSID and as the trade number corresponding to the SSID, an authentication server for issuing SS authentication number may be installed separately from the settlement server.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a credit card settlement system for making a credit card settlement from a portable telephone, and more particularly to a method of using hardware resources in a computer system constituting the system.

[0002]

2. Description of the Related Art In recent years, models that can connect to the Internet are not limited to general computer systems,
It is spreading to mobile phones using mpact HTML technology and WAP technology.

On the other hand, with the rapid development of the Internet, various technologies relating to electronic commerce using credit cards have been proposed.

[0004] However, there has not been proposed any technology for enabling electronic commerce in which a credit card is settled by a mobile phone as described above.

[0005]

SUMMARY OF THE INVENTION Accordingly, an object of the present invention is to provide a credit card settlement method which enables a credit card to be settled by a portable telephone.

Another object of the present invention is to provide a credit card settlement system embodying the above-described credit card settlement method, and in particular, to provide a settlement server and an authentication server constituting the system.

[0007]

SUMMARY OF THE INVENTION In order to solve the above-mentioned problems, the present invention generally proposes the following two methods. That is, in the first method, the user:
By accessing the settlement server with the mobile phone, a transaction number (for example, a single-use key valid only once) with an expiration date is given, and an application for credit is applied based on the transaction number. On the other hand, in the second method, a user combines a specific storage means (an external storage device storing a unique memory ID and a URL of an authentication server, which can be connected to the mobile phone) with the mobile phone. In this state, the authentication server is accessed, the transaction number corresponding to the combination of the mobile phone and the specific storage means is given from the authentication server, and the use of the credit is applied using the transaction number. By using such a method, the information sent and received between the credit card member and the member store is not a credit card number etc., but a transaction number with an expiration date Security against data tampering by a third party can be enhanced.

[0008] More specifically, according to the present invention, the following credit card settlement methods can be obtained.

That is, according to the present invention, the first
As a credit card payment method (first credit card payment method) corresponding to the above method, the mobile phone number of a mobile phone owned by a credit card member (including a "number for specifying a mobile phone". The same applies in the following description. )
And a first step of storing in advance a password given to the member in association with the member, receiving a notification of the mobile phone number from the member, generating a transaction number corresponding to the mobile phone number, A second step of notifying the member of the transaction number and storing the notified transaction number and the mobile phone number in association with each other; and from a member store receiving a request for product purchase from the member using the mobile phone, A third step of receiving notification of the transaction number and password used by the member when requesting the purchase of the product, and a fourth step of acquiring the mobile phone number stored in association with the notified transaction number. Performing the member authentication and performing the authorization process based on the relationship between the password notified in the third step and the mobile phone number acquired in the fourth step. There, the credit card settlement method characterized by comprising a fifth step to answer the result of the authorization process on the merchant can be obtained.

[0010] The first credit card settlement method is as follows.
It is mainly realized as a computer process on a settlement server.

[0011] It is also possible to add the following modifications to the first credit card settlement method described above.

That is, in the fourth step,
Obtaining a credit card number stored in advance together with a number specifying the mobile phone, and receiving the password notification from the member using the mobile phone instead of the fifth step; Performing a member authentication based on the relationship between the number specifying the mobile phone and the credit card number obtained in the step and the password notified from the member in the step, performing an authorization process, and determining a result of the authorization process. Answering the member store.

In the first step, a card number of the credit card of the member is stored in association with the mobile phone number and the password, and member information about the member is stored in the card number. In the third step, in addition to the notification of the transaction number and the password from the member store, further, the member receives a notification of the price of the product that the member desires to purchase, and In the step, after performing the member authentication, the card number of the member is obtained from the mobile phone number, the member information of the member is further obtained based on the card number, and the authorization process is performed. , It may be good.

[0014] Further, after the fifth step, a sixth step of notifying the member that the settlement of the credit card has been completed may be further provided.

Further, in the second step, a life is set for the generated transaction number, and in the fourth step, a mobile phone number corresponding to the received transaction number is obtained. In the fifth step, whether the received transaction number is valid is determined based on the set life, and in the fifth step, the life is expired as a result of the life determination in the fourth step. In this case, an authorization processing result indicating that credit transaction is impossible may be generated.

The transaction number has a prescribed expiration date. In particular, the transaction number may be valid only for one transaction. In this case, if the transaction number is used once in the transaction, The association between the transaction number and the mobile phone number stored in the second step may be canceled.

Further, according to the present invention, as an initial authentication method in the credit card settlement method (second credit card settlement method) corresponding to the above-mentioned second method, a specific storage means having a unique memory ID and a portable memory are used. For users who use the phone in combination with the telephone, the memory ID
A first step of prompting the user to input a card number and a member attribute of a credit card of which the user is a member, and prompting for a password, A second step of notifying the credit card company of the input card number, member attribute, and memory ID, and requesting the user to determine whether the user is a regular member; and determining from the credit card company And when the user is recognized as a regular member, the input mobile phone number, the memory ID, and the password are stored in association with each other, and the specific storage is performed for the user. Notifying that the use start registration of the means has been performed, while recognizing that the user is not a regular member, Initial authentication process for a particular memory means, characterized in that it comprises a third step of notifying to reject use start registration is obtained.

This initial authentication method is realized as a computer process on the authentication server.

Further, according to the present invention, in the second credit card settlement method, as an authentication method executed after execution of the initial authentication method, a fourth step of receiving the mobile phone number and the memory ID from the user is performed. When,
A fifth step of comparing the correspondence between the mobile phone number and the memory ID received from the user based on the mobile phone number and the memory ID stored in the third step; A sixth step of assigning a transaction number to the user if the correspondence is valid and storing the transaction number in association with the memory ID; A credit card company that received a notification of the transaction number and password used by the user at the time of making a product purchase request at the merchant using the means was accompanied by a notification of the transaction number and password from the credit card company. A seventh step of receiving an inquiry about the memory ID corresponding to the transaction number, and a transaction notified by the credit card company. An eighth step of acquiring the corresponding memory ID by using a number as a key, and a password corresponding to the memory ID acquired in the eighth step and a password notified from the credit card company in the seventh step. A ninth step of performing matching,
If the check in the ninth step matches, the memory card ID corresponding to the notified transaction number is notified to the credit card company as a response to the inquiry, while the check does not match. A step of notifying the credit card company of a corresponding memory ID non-existence indicating that a memory ID corresponding to the notified transaction number does not exist as a response to the inquiry, An authentication method characterized by authenticating the validity / invalidity of the transaction number used for the purchase is obtained.

This authentication method is also realized as computer processing on the authentication server.

The following modifications can be made to this authentication method. That is, when the transaction number is given to the user in the sixth step, a life is set for the transaction number, and when the credit card company receives an inquiry in the seventh step, Before executing the eighth step, it is determined whether or not the transaction number notified from the credit card company is valid based on the set life, and the life of the transaction number in the seventh step is determined. As a result of the judgment, if the life has expired, the eighth
In the tenth step, the corresponding memory ID absence notification may be performed without executing the ninth step.

The transaction number has an expiration date, but may be valid only for one transaction. In this case, if the transaction number is used once in the transaction, the transaction number The association between the transaction number and the mobile phone number stored in step 6 may be canceled.

Further, according to the present invention, in the second credit card settlement method, a credit card executed by a credit card company corresponding to an operation of the initial authentication method and an authentication server executing the authentication method. As a settlement method, a step of storing in advance member information including a member attribute of a credit card member and a card number of a credit card possessed by the member, and, in response to a request from the authentication server executing the initial authentication method, the member Determining, based on the information, whether the user is a credit card member; and, if the user is a credit card member, generating a response indicating that the user is a regular member. Together with the memory ID
And storing the card number in association with the card number;
Receiving a notification of the transaction number and password used by the user at the time of the product purchase request from the member store where the user has performed a product purchase request using the mobile phone; and Transmitting the transaction number and the password to the authentication server and inquiring about the memory ID corresponding to the transaction number; and responding to the inquiry from the authentication server to notify the absence of the corresponding memory ID. If the memory ID is included in the response obtained from the authentication server in response to the inquiry, Obtain the card number stored in association with the memory ID included in the answer, and based on the member information including the obtained card number Performs authorization processing, credit card payment method characterized by comprising the step of notifying the result of the authorization process on the merchant can be obtained.

This credit card settlement method is realized by computer processing on a settlement server.

Various modifications can be made to this credit card settlement method. For example, after or after notifying the member store of the result of the authorization processing, the user as the credit card member may be notified that the credit card payment has been completed. .

The present invention is a settlement server used in a credit card settlement system including a mobile phone owned by a credit card member to which a password is previously assigned and a member store server owned by a credit card member store. Upon receiving a notification of the mobile phone number of the mobile phone from the member, while setting a transaction number that is valid only for one transaction related to the credit card payment,
A transaction number assigning unit that notifies the transaction number to the mobile phone, a life setting unit that sets a validity period of the transaction number, a storage unit that stores the validity period of the transaction number in association with the transaction number, And a life judging means for accessing the storage unit to judge whether the transaction number is valid and returning a judgment result.

Preferably, a second storage unit is provided for associating the transaction number with the mobile phone number.

Preferably, there is provided a portable telephone number acquiring means for acquiring the portable telephone number from the transaction number in the second storage unit.

Preferably, there is provided an authorization means for performing an authorization process using the portable telephone number acquired by the portable telephone number acquiring means.

[0030]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, a credit card settlement method according to an embodiment of the present invention and a system for realizing the method will be described in detail with reference to the drawings.

(First Embodiment) A credit card settlement system according to a first embodiment of the present invention is, as shown in FIG. 1, a mobile phone 1 owned by a credit card member to which a password has been previously assigned. And a payment server 2 for performing payment by credit card, and a member store server 3 owned by the credit card member store. The mobile phone 1 is connected to a communication network 5 via a mobile phone base station 4.
And has a function of receiving various services provided on the communication network 5. For example, if the communication network 5 is T
In the case of a CP / IP network, the mobile phone 1 uses Co
If the mobile phone base station 4 is a WAP gateway or the like,
The mobile phone 1 can operate as a WAP client. The settlement server 2 and the member store server 3 are connected to a communication network 5 and can provide predetermined services on the network.

As shown in FIG. 2, the settlement server 2
Transaction number assigning unit 11, life setting unit 12, clock device 13,
It includes a life determining unit 14, a telephone number obtaining unit 15, and an authorization processing unit 16 for transmitting and receiving data on the communication network 5 via the transmitting and receiving device 20 and for storing the member information memory 1
7. Personal authentication memory 18 and telephone number search memory 1
9 can be registered and read out.
The settlement server 2 is a member information memory 17, a personal identification memory 18, a telephone number search memory 19, and the transmission / reception device 2.
0 may be provided.

Hereinafter, the function of each component of the settlement server 2 will be described in detail with reference to FIG. 3, together with the description of the card settlement procedure in the credit card settlement system according to the present embodiment.

Prior to execution of the card settlement procedure according to the present embodiment, member information is stored in the member information memory 17. This member information includes, for example, the card number of the member's credit card, the member's address, name, gender,
Birth date, phone number, etc. are included. In the present embodiment, it is assumed that the mobile phone number has been notified by the member in advance, and the mobile phone number of the mobile phone 1, the password previously given to the member, the card number of the member's credit card, Are stored in the personal authentication memory 18 in advance in association with each other.

In this state, when the member accesses the settlement server 2 using the portable telephone 1 and notifies the portable telephone number of the portable telephone 1 (step S1), the transaction number assigning section 11 of the settlement server 2 Then, it receives the notification of the mobile phone number via the transmission / reception device 20, and generates a transaction number corresponding to the mobile phone number (step S2). In the present embodiment, the transaction number is a disposable number valid only for one transaction. After generating the transaction number, the transaction number assigning unit 11 stores the generated transaction number and the mobile phone number (that is, the transaction number assigned) corresponding to the generated transaction number in the telephone number search memory 19. (The mobile phone number of the mobile phone owned by the member).

Next, the life setting section 12 sets a life (expiration date of the transaction number) for the transaction number generated by the transaction number assigning section 11 and stores the set life in the telephone number search memory 19. And it is stored in association with the mobile phone number (step S3). As understood from this, the telephone number search memory 19 stores the transaction number,
The mobile phone number and the life can be stored in association with each other. This telephone number search memory 19
Is used when the telephone number acquisition unit 15 searches for a mobile telephone number using the transaction number as a key, as described later.

When the life setting is performed by the life setting unit 12, the transaction number is notified to the member via the transmission / reception device 20. As a result, the member can conduct electronic commerce using the transaction number (specifically, purchase of goods on the member store site, etc.).

The member receiving the transaction number accesses the member store server 3 owned by the credit card member store, and notifies the merchandise to be purchased (step S).
5). At that time, the member notifies the member store server 3 of the transaction number given from the settlement server 2 and the password given in advance (step S6).

When the member store server 3 receives a request from a member to purchase a product using a transaction number or the like, the member store server 3 returns to its own member store I.
D to access the settlement server 2 (step S
7) The settlement server 2 is notified of the total price (purchase amount) of the product desired to be purchased by the member's credit card (step S8). At this time, the member store server 3
The transaction number and password received from the member (that is, the transaction number and password used in this commodity transaction) are also notified to the settlement server 2 (step S3).

The transaction number out of the member store ID, the purchase amount, the transaction number, and the password notified from the member store server 3 in this way is transmitted to the life determining unit 14 via the transmission / reception device 20.
On the other hand, the member store ID, the purchase amount, and the password are transmitted to the authorization processing unit 16 via the transmission / reception device 20.

When the life determination unit 14 of the settlement server 2 receives the transaction number from the member store server 3 via the transmission / reception device 20, the telephone number search memory 1 is based on the transaction number.
9 to retrieve the life span set in the transaction number. Then, based on the acquired life and the output of the clock device 13, it is determined whether or not the life of the target transaction number has expired (that is, whether the transaction number is invalid or valid) (S10).
Here, the clock device 13 is for measuring the passage of time, and in the present embodiment, it is assumed that the clock device 13 is always operating while the settlement server 2 is operating.

When the life determination unit 14 determines that the life of the transaction number has expired, it notifies the authorization processing unit 16 to that effect.
The transaction number determined to be valid is notified to the telephone number acquisition unit 15.

When receiving the transaction number from the life judging unit 14, the telephone number acquiring unit 15 accesses the telephone number searching memory 19 to acquire the mobile telephone number corresponding to the notified transaction number. (Step S11). The obtained mobile phone number is transmitted to the authorization processing unit 16.

When the mobile phone number is transmitted from the telephone number acquisition unit 15, the authorization processing unit 16 first accesses the personal authentication memory 18 and stores the password and the password received from the member store server via the transmission / reception device 20. Phone number acquisition unit 15
And the mobile phone number acquired by the user are stored in the memory 1 for personal authentication.
Then, a check is made as to whether or not they are stored in association with each other in step 8 (step S12). Thereby, the member authentication is performed.

Next, the authorization processing unit 16 acquires the corresponding card number from the personal identification memory 18 based on the mobile telephone number transmitted from the telephone number acquiring unit 15,
Furthermore, the member information memory 17 is accessed using the card number, and the member information about the corresponding credit card member is obtained.

Then, the authorization processing section 16 determines whether or not the credit card member can purchase credit based on the acquired member information (authorization processing).
Is performed (step S13). Here, the authorization processing unit 1
6 is a card payment using the transaction number using the mobile phone 1 as a result of receiving the notification that the life of the transaction number has expired by the life determination unit 14 and as a result of the member authentication check in step S12. If the person trying to perform is not recognized as a member, an authorization processing result is generated that prohibits credit transaction using the transaction number transmitted from the member store server 3.

The authorization processing result obtained in this way is returned from the authorization processing unit 16 to the member store server 3 via the transmission / reception device 20 (step S14).
Upon receiving the authorization processing result from the settlement server 2, the member store server 3 notifies the mobile phone 1 of the content (step S15).

On the other hand, the authorization processing unit 16 of the settlement server 2
Returns the result of the authorization processing to the member store server 3 in step S14, and then notifies the credit card member that the payment of the credit card has been completed (step S16). Then, the authorization processing unit 16
A set of a transaction number used in the transaction subjected to the authorization processing, a mobile phone number corresponding to the transaction number, and a life set for the transaction number are stored in the telephone number search memory 19 as a triple. delete.

As described above, in the credit card settlement method according to the present embodiment, the transaction number used in the communication between the user (credit card member) of the mobile phone 1 and the member store server 3 is one for the transaction only. Since it is a time key, even if the person who intercepted it also intercepts the password, unauthorized use can be prevented. Further, even if a third party who does not have the card settlement title and obtains the mobile phone 1 obtains a transaction number using the mobile phone 1 and performs a card payment, the third party notifies the member store server 3 of a product purchase request. In order to do so, it is necessary to notify the password assigned to the owner of the mobile phone 1, so that the security of so-called "spoofing" is improved.

(Modification of First Embodiment) To further enhance security, the following modification may be added to the processing according to the present embodiment. In S11, a credit card number stored in advance together with a number specifying the mobile phone is obtained. Member authentication is performed based on the relationship between the number specifying the mobile phone, the credit card number, and the password. Thereafter, an authorization process is performed, and the result of the authorization process is returned to the member store. Further, as shown in FIG. 4, the password may be notified from the member using the mobile phone. In S6 and S9 of FIG. 3, the password is notified together with the transaction number, but in S6a and S6 of FIG.
In 9a, only the transaction number is notified. Instead, the password is directly received from the mobile phone in S17. This reduces the risk that the password will be stolen at the merchant. Note that the timing of S17 is
5, after S6a, the relationship with S7 to S9a does not matter. However, when the password is not transmitted within a predetermined time from S7 to S9a, the transaction may be invalidated.

(Second Embodiment) As shown in FIG. 5, a credit card settlement system according to a second embodiment of the present invention includes a mobile phone 1 owned by a user and a mobile phone 1 owned by the user. Specific storage means (hereinafter, referred to as “site stick”) 6, a member store server 3 owned by a credit card member store, and a transaction number used in a product purchase transaction using the site stick 6 in the member store server 3 ( A site stick authentication number: described as "SS authentication number"), and an authentication server 7 for performing authentication on the issued SS authentication number, and a payment server 8 for performing credit card payment. . The site stick 6 is an external storage device that stores a unique memory ID (site stick ID: hereinafter referred to as “SSID”) and a URL of the authentication server 7.
The mobile phone 1 can incorporate a site stick 6 and is connected to a communication network 5 via a mobile phone base station 4 like the mobile phone according to the first embodiment. Has the function of receiving the various services provided in. The authentication server 7, the settlement server 8, and the member store server 3 are connected to the communication network 5,
A predetermined service can be provided on the same network.

The authentication server 7, as shown in FIG.
A use registration unit 71 for performing use registration of the site stick 6 as initial authentication, an SS authentication number issuing unit 72 for issuing an SS authentication number for a product purchase transaction using the site stick 6, a clock device 73, An SS authentication number authentication unit 74 for authenticating the authentication number;
And transmits / receives data on the communication network 5 via the communication network 5; a memory for site stick use registration (memory for SS use registration) 76; and a memory for SS authentication number authentication 77
Can register and read data. The use registration unit 71 includes an initial authentication reception unit 711, a determination result acquisition unit 712, and an SSID registration unit 713.
The S authentication number issuing unit 72 includes an SS authentication number assigning unit 721 and a life setting unit 722. The SS authentication number authentication unit 74 includes an inquiry reception unit 741 and a life determination unit 74.
2, SSID acquisition unit 743, password collation unit 744,
And an inquiry answering unit 745. The authentication server 7 may include the SS use registration memory 76, the SS authentication number authentication memory 77, and the transmitting / receiving device 75.

As shown in FIG. 7, the settlement server 8
Authentication unit 81, SSID-card number association processing unit 82, SSID inquiry unit 83, card number acquisition unit 8
4 and an authorization processing unit 85 for transmitting and receiving data on the communication network 5 via the transmission / reception device 86 and for registering and reading data in the member information memory 87 and the card number search memory 88. It is something. The settlement server 8 may include a member information memory 87, a card number search memory 88, and a transmission / reception device 86.

Hereinafter, the functions of the respective components of the authentication server 7 and the settlement server 8 will be described together with the description of the initial authentication, the subsequent authentication method, and the card settlement procedure in the credit card settlement system according to the present embodiment. This will be described in detail with reference to FIGS.

First, the user sets the site stick 6 for which initial use registration is to be performed on the mobile phone 1. Thereby, the SSID and the URL of the authentication server 7 to be accessed are transferred from the site stick 6 to the mobile phone 1 (steps S20 and S21), and the mobile phone 1 accesses the authentication server 7 indicated by the URL. .

Next, the user notifies the authentication server 7 that he / she wants to perform initial use registration of the site stick 6. Specifically, the user transmits to the authentication server 7 the mobile phone number and SSID of the mobile phone 1, the card number and member attribute of the credit card of which the user is a member, and the password to be registered. (Steps S22 to S24). The mobile phone number, SSID, card number, member attribute, and password transmitted from the mobile phone 1 are received by the initial authentication receiving unit 711 included in the use registration unit 71 of the authentication server 7.

When the initial authentication receiving unit 711 receives the five types of information, the judgment result obtaining unit 712 notifies the settlement server 8 of the card number, the member attribute, and the SSID, and the user Is requested (step S25).

Member information is stored in the member information memory 87 of the settlement server 8 in advance, and the settlement server 8 receives the judgment request from the authentication server 7, and stores the member information stored in the member information memory 87. It is determined whether or not the user is a credit card member based on. Here, the member information includes, for example, the card number of the member's credit card, the member's address, name, gender, date of birth, telephone number, and the like. More specifically, when a determination request including a card number or the like is received from the authentication server 7, the personal authentication unit 8
1 authenticates whether the user is a legitimate credit card member based on the member information stored in the member information memory 87 (step S26). As a result, the user is a legitimate member. If so, the SSID-card number association processing unit 82 stores the SSID and the card number in the card number search memory 88 in association with each other (step S27). In addition, the personal authentication unit 81 transmits the result of the authentication to the authentication server 7. This allows
The determination result acquisition unit 712 of the authentication server 7 determines in step S2
5 receives the result of the request for judgment.

The SSID registration unit 713 of the authentication server 7
According to the determination result obtained by the determination result obtaining unit 712, if the user is recognized as a regular member, it is determined that registration to start using a site stick is to be performed. On the other hand, if the user is recognized as a non-regular member, It is determined that notification of registration refusal is made (step S29). Then, if registration to start using the site stick is to be performed, S
The mobile phone number, the SSID, and the password input in step S22 are stored in the S use registration memory 76 in association with each other (step S30). Further, the SSID registration unit 713 notifies the user of the registration of the start of use of the site stick or notifies the registration rejection via the transmission / reception device 75 according to the recognition result of step S29 ( Step S31). Thus, the initial authentication of the site stick 6 ends. In this embodiment, the information formed by the initial authentication of the site stick is written in the SS use registration memory 76 of the authentication server 7, and the information such as the authentication result is stored in the site stick 6 itself. Is not written.

The procedure of card settlement using a site stick will be described. First, the user installs the site stick 6 that has been initially registered into the mobile phone 1. Thus, the SSID and the URL of the authentication server 7 to be accessed are transferred from the site stick 6 to the mobile phone 1 (steps S40 and S41), and the mobile phone 1 accesses the authentication server 7 indicated by the URL. .

Next, the user transmits a request for issuing an SS authentication number corresponding to the site stick 6 to the authentication server 7. Specifically, the user transmits the mobile phone number and the SSID of the mobile phone 1 to the authentication server 7 (Step S42). The mobile phone number and the SSID transmitted from the mobile phone 1 are received by the SS authentication number assigning unit 721 included in the SS authentication number issuing unit 72 of the authentication server 7.

Upon receiving a request for issuing an SS authentication number from the user, the SS authentication number assigning unit 721 notifies the SS authentication number issuance request together with the request for issuing an SS authentication number based on the mobile phone number and the SSID stored in the SS use registration memory 76. The correspondence between the obtained mobile phone number and the memory ID is collated (step S43).

Next, if the result of the comparison indicates that the correspondence is valid, the SS authentication number assigning unit 721 generates an SS authentication number, associates the generated SS authentication number with the SSID, and Stored in memory 77, SS
On the other hand, if it is determined that the authentication number is to be assigned, but the correspondence is incorrect, it is determined to notify the refusal of use of the site stick 6 (step S44). In the present embodiment, the SS authentication number is a disposable number valid only for one transaction.

Here, as a result of the collation by the SS authentication number assigning unit 721, if the correspondence is valid, the life setting unit 722 sets the life for the SS authentication number generated by the SS authentication number assigning unit 721. Then, the SS authentication number authentication memory 77 is stored in association with the SS authentication number and the SSID. As you can see from this,
The SS authentication number authentication memory 77 stores the SS authentication number, SS
The ID and the life can be stored in association with each other. This SS authentication number authentication memory 77
As described later, the SSID is used by the SSID acquisition unit 743 of the SS authentication number authentication unit 74 when searching for an SSID using the SS authentication number as a key.

Thereafter, the SS authentication number assigning section 721 notifies the user of the authentication result via the transmitting / receiving device 75 in accordance with the determination in step S44 (step S45). Here, when the above determination is the assignment of the SS authentication number, the SS authentication number is notified together with the notification of the authentication result. As a result, the user can perform electronic commerce using the SS authentication number (specifically, purchasing a product at a member store site, etc.).

The user who has obtained the SS certification number accesses the member store server 3 owned by the credit card member store and notifies the merchandise to be purchased (step S).
46). At this time, the user notifies the member store server 3 of the SS authentication number assigned from the authentication server 7 and the password registered at the time of initial authentication to the authentication server 7 (step S47).

When the member store server 3 receives a request from the user to purchase a product using the SS authentication number or the like, the member store server 3 accesses the settlement server 8 using its own member store ID (step S48), and the settlement server 8 On the other hand, the user notifies the total amount (purchase amount) of the product desired to be purchased by the credit card (step S49). At this time, the member store server 3 also notifies the settlement server 8 of the SS authentication number and password received from the user (that is, the SS authentication number and password used in this commodity transaction) (step S50).

Among the member store ID, the purchase amount, the SS authentication number and the password notified from the member store server 3 in this way, the SS authentication number and the password are transmitted and received by the transmitting / receiving device 86.
The member store ID and the purchase price are transmitted to the authorization processing unit 85 via the transmission / reception device 86.

The SSID inquiry unit 83 of the settlement server 8
When the SS authentication number and the password are received via the transmitting / receiving device 86, they are transmitted to the authentication server 7 and the S
The SSID corresponding to the S authentication number is inquired (step S51).

The inquiry receiving unit 741 included in the SS authentication number authentication unit 74 of the authentication server 7
When the inquiry of the SSID corresponding to the SS authentication number is received together with the notification of the authentication number and the password, the received SS authentication number is transmitted to the life determining unit 742. The inquiry receiving unit 741 transmits the password notified from the settlement server 8 to the password matching unit 745.

Next, the SS authentication number and the password are confirmed by the life determining unit 742, the SSID acquiring unit 743, and the password checking unit 744 (step S5).
2).

More specifically, upon receiving the SS authentication number from the inquiry receiving unit 741, the life determining unit 742 searches the SS authentication number authentication memory 77 based on the SS authentication number, and sets the SS authentication number to the SS authentication number. The life of the target SS authentication number is determined to be expired based on the obtained life (effective period) and the output of the clock device 73 based on the obtained life and the output of the clock device 73. Here, the clock device 73 is for measuring the passage of time, and in the present embodiment, it is assumed that the clock device 73 is always operating while the authentication server 7 is operating.

When the life determining section 742 determines that the life of the SS authentication number has expired, the inquiry answering section 7
45, if the SS authentication number is determined to be valid, the SS authentication number determined to be valid
Notify the D acquisition unit 743.

The SSID acquiring section 743 is provided with a life determining section 74.
2, the SS authentication number is retrieved from the SS authentication number authentication memory 77, and the SSID corresponding to the target SS authentication number is obtained.

The password collating unit 744 converts the password corresponding to the SSID acquired by the SSID acquiring unit 743 into an SSID.
The acquired password is acquired from the S use registration memory 76, and the acquired password is collated with the password accepted by the inquiry receiving unit 741 from the settlement server 8.

If the life determining unit 742 determines that the life of the SS authentication number has expired, the life determining unit 742
, The notification of the SS authentication number to the SSID acquisition unit 743 is not performed, and accordingly, the notification of the SSID from the SSID acquisition unit 743 to the password verification unit 744 is also performed. Therefore, when the life of the SS authentication number has expired, the SSID acquisition unit 743 and the password verification unit 744 in the present embodiment do not operate.

The inquiry response section 745 responds to the inquiry of the settlement server 8 in step S51 by using SS
It is determined whether the notification of the ID or the notification of the absence of the corresponding SSID is performed (step S53). Specifically, the inquiry answering unit 745 determines that the SSID corresponding to the SS authentication number notified from the settlement server 8 is to be notified when the matching in the password matching unit 745 matches, while the password matching unit If the collation at 745 does not match, or the result of the
If the life of the S certification number has expired, the corresponding SS
It is determined that an ID absence notification is to be made.

Thereafter, the inquiry / response unit 745 notifies the settlement server 8 of the SSID or the corresponding SSID absence notification via the transmission / reception device 75 in accordance with its own decision (step S54). Further, an inquiry response section 745
After notifying the settlement server 8 of the answer, the SS authentication number and the corresponding SSID and S
The lifetime set for the S authentication number is deleted from the SS authentication number authentication memory 77.

The card number acquiring section 84 of the settlement server 8
When receiving the SSID related to the inquiry from the authentication server 7,
It accesses the card number search memory 88 to acquire the corresponding card number, and notifies the authorization processing unit 85 of the card number as a card number acquisition result. When the corresponding SSID non-existence notification is received from the authentication server 7, the card number acquisition unit 84 cannot acquire the card number from the card number search memory 88 as a matter of course. In this case, the card number acquisition unit 84 notifies the authorization processing unit 85 that the card number could not be acquired as a card number acquisition result.

Upon receiving the card number acquisition result from the card number acquisition unit 84, the authorization processing unit 85 performs an authorization process in response thereto (step S55). For more information,
If the card number acquisition result indicates the card number acquired from the card number search memory 88, the authorization processing unit 85
Obtains the member information corresponding to the card number from the member information memory 87 and performs an authorization process, thereby generating an authorization process result indicating whether credit transaction is possible or not. On the other hand, when the corresponding SSID absence notification is received from the authentication server 7 in response to the inquiry of the SSID inquiry unit 83, the card number acquisition result indicates that the card number could not be acquired as described above. In this case, the authorization processing unit 85 generates an authorization processing result indicating that credit transaction is not possible.

The authorization processing result thus generated is transmitted to the member store server 3 via the transmission / reception device 86 (step S56).

Upon receiving the authorization processing result from the settlement server 8, the member store server 3 notifies the portable telephone 1 of the contents (step S57).

On the other hand, the authorization processing unit 85 of the settlement server 8
Responds to the member store server 3 with the result of the authorization processing in step S56, and then notifies the credit card member, the user of the mobile phone 1, of the completion of the credit card settlement (step S58). .

According to the present embodiment, in addition to the effects of the above-described first embodiment, even if mobile phone 1 is dropped, it is not a combination of sight stick 6 and mobile phone 1. Since the authentication server 7 cannot be accessed, further security protection is achieved.

[0085]

As described above, according to the present invention,
Instead of credit card numbers in product purchase transactions,
Since the transaction number or the SS authentication number issued each time is used, it is possible to prevent the credit card number from being stolen even when the credit card is settled by the mobile phone.

Further, since the transaction number or the SS certification number has an expiration date, the credit card settlement method according to the present invention uses the third party who intercepts the communication between the mobile phone and the member store. Is also useful as a measure to prevent falsification and unauthorized use of them.

Further, according to the present invention, in the communication between the portable telephone and the member store for merchandise purchase transaction, the transaction number or S
Since it is required to input not only the S-authentication number but also a password for identifying the user, a great effect is obtained in preventing so-called "spoofing".

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration of a credit card payment system according to a first embodiment of the present invention.

FIG. 2 is a diagram showing a configuration of a settlement server shown in FIG.

FIG. 3 is a diagram showing a credit card settlement procedure according to the first embodiment.

FIG. 4 is a diagram showing a credit card settlement procedure in a modification of the first embodiment.

FIG. 5 is a diagram showing a configuration of a credit card settlement system according to a second embodiment of the present invention.

FIG. 6 is a diagram showing a configuration of the authentication server shown in FIG.

FIG. 7 is a diagram showing a configuration of a settlement server shown in FIG. 5;

FIG. 8 is a diagram illustrating an initial authentication procedure of a site stick according to the second embodiment.

FIG. 9 is a diagram showing a credit card settlement procedure according to the second embodiment.

FIG. 10 is a diagram showing a credit card settlement procedure following the procedure shown in FIG. 9;

[Explanation of symbols]

 Reference Signs List 1 mobile phone 2 payment server 3 member store server 4 mobile phone base station 5 communication network 6 site stick 7 authentication server 8 payment server 11 transaction number assigning unit 12 life setting unit 13 clock device 14 life judgment unit 15 telephone number acquisition unit 16 authorization Processing unit 17 Member information memory 18 Identity authentication memory 19 Phone number search memory 20 Transmission / reception device 71 Usage registration unit 711 Initial authentication reception unit 712 Judgment result acquisition unit 713 SSID registration unit 72 SS authentication number issuing unit 721 SS authentication number assigning unit 722 Life setting unit 73 Clock device 74 SS authentication number authentication unit 741 Inquiry reception unit 742 Life judgment unit 743 SSID acquisition unit 744 Password verification unit 745 Inquiry response unit 75 Transmission / reception device 76 SS use registration memory 77 SS authentication number authentication memory 81Person authentication unit 82 SSID- card number correspondence processing unit 83 SSID inquiry unit 84 card number acquisition section 85 authorization processing unit 86 transmitting and receiving device 87 member information memory 88 card number search for the memory

Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat II (Reference) G06F 17/60 512 G06F 17/60 512

Claims (30)

[Claims] 1. A first step in which a number specifying a mobile phone of a mobile phone owned by a credit card member and a password assigned to the member are stored in association with each other in advance, and the mobile phone is specified from the member. Receiving the notification of the number to be generated, generates a transaction number corresponding to the number specifying the mobile phone, notifies the member of the transaction number, and associates the notified transaction number with the number specifying the mobile phone. A second step of storing; and a third step of receiving a notification of a transaction number and a password used by the member when requesting the purchase of a product from a member store that has received a request for purchase of a product using the mobile phone from the member. A fourth step of obtaining a number identifying the mobile phone stored in association with the notified transaction number; and a third step of: And performing authorization processing based on the relationship between the password notified in step 4 and the number specifying the mobile phone acquired in the fourth step, and returning the result of the authorization processing to the member store. And a credit card settlement method. 2. A first step in which a number specifying a mobile phone of a mobile phone of a credit card member and a password assigned to the member are stored in association with each other in advance, and the mobile phone is specified from the member. Receiving the notification of the number to be generated, generates a transaction number corresponding to the number specifying the mobile phone, notifies the member of the transaction number, and associates the notified transaction number with the number specifying the mobile phone. A second step of storing; and a third step of receiving a notification of a transaction number used by the member when requesting the purchase of goods from a member store that has received a request for purchase of goods using the mobile phone from the member. A fourth step of acquiring a number identifying the mobile phone stored in association with the notified transaction number; and A fifth step of receiving a notification of a word; performing a member authentication and an authorization process based on a relationship between the password notified in the fifth step and the number specifying the mobile phone acquired in the fourth step; And a sixth step of replying the result of the authorization processing to the member store. 3. In the fourth step, a credit card number stored in advance together with a number specifying the mobile phone is obtained, and the member uses the mobile phone instead of the fifth step. Receiving a notification of a password and performing a member authentication based on a relationship between the number specifying the mobile phone and the credit card number obtained in the fourth step and the password notified from the member in the step; 2. A credit card settlement method according to claim 1, further comprising the step of: performing an authorization process, and replying a result of the authorization process to the member store. 4. In the first step, a card number of the member's credit card is also stored in association with a number specifying the mobile phone and the password, and the member number is stored in the card number. In the third step, in addition to the notification of the transaction number and the password, in addition to the notification of the transaction number and the password, the member receives a notification of the price of the product that the member desires to purchase, In the fifth step, after performing the member authentication, the card number of the member is obtained from a number specifying the mobile phone, and the member information of the member is further obtained based on the card number. The credit card settlement method according to claim 1, wherein the authorization processing is performed. 5. The credit card settlement according to claim 4, further comprising a sixth step of notifying the member that the settlement of the credit card has been completed after the fifth step. Method. 6. In the second step, a life is set for the generated transaction number, and in the fourth step, a number specifying a mobile phone corresponding to the received transaction number is obtained. Before doing
Determining whether the received transaction number is valid based on the set life, and determining whether the life has expired in the fifth step as a result of the life determination in the fourth step. Is
6. The credit card settlement method according to claim 1, wherein an authorization processing result indicating that credit transaction is not possible is generated. 7. The transaction number is valid only for one transaction and, once used in the transaction,
7. The credit card settlement according to claim 1, wherein the association between the transaction number stored in the second step and a number specifying the mobile phone is canceled. Method. 8. A mobile phone owned by a credit card member to which a password has been previously assigned, a payment server for performing credit card payment, and a member store server owned by a credit card member store. A credit card payment system capable of performing payment of the mobile phone, wherein the payment server stores a number specifying a mobile phone of the mobile phone and the password in association with each other; Transaction number assigning means for receiving a notification of a number specifying the mobile phone from a telephone, generating a transaction number corresponding to the number specifying the mobile phone, and notifying the mobile phone of the transaction number, Second storage means for storing a transaction number and a number for identifying the mobile phone in association with each other; Notification receiving means for receiving a notification of a transaction number and a password used by the member when requesting the purchase of goods from the member store server which has received a request for purchase of goods using the mobile phone from a credit card member; and A telephone number obtaining means for obtaining, from the second storage means, a number specifying the mobile phone stored in association with the transaction number received by It is determined whether or not the password received by the receiving unit and the number specifying the mobile phone obtained by the telephone number obtaining unit are stored in association with each other, and the member is authenticated and the authorization process is performed according to the determination result. Authorization processing means for responding the result of the authorization processing to the member store server. Credit card payment system. 9. A settlement server used in a credit card settlement system comprising a mobile phone owned by a credit card member to which a password is previously assigned and a member store server owned by a credit card member store. First storage means for storing a number for specifying the mobile phone of the telephone in association with the password, and receiving a notification of the number for specifying the mobile phone from the member and corresponding to the number for specifying the mobile phone A transaction number assigning unit that generates a transaction number and notifies the member of the transaction number; a second storage unit that associates the notified transaction number with a number that specifies the corresponding mobile phone; The member store server, which receives a request from a member to purchase a product using the mobile phone, obtains the information used by the member when requesting the purchase of the product. A notification receiving unit for receiving a notification of a number and a password; and a telephone number obtaining unit for obtaining, from the second storage unit, a number specifying the mobile phone stored in association with the transaction number received by the notification receiving unit. Means, the first storage means is accessed, and the password received by the notification receiving means and the number identifying the mobile phone obtained by the telephone number obtaining means are stored in association with each other An authorization processing means for performing member authentication according to the result of the determination, performing authorization processing, and replying the result of the authorization processing to the member store server. 10. The settlement server according to claim 7, further comprising third storage means for storing member information of said member including a card number of said credit card of said member, wherein said first storage means is And the card number of the member's credit card is also stored in association with the number specifying the mobile phone and the password, and the notification accepting means transmits the transaction number and the password from the member store server. In addition to the notification, the member also receives a notification of the price of the product that the member desires to purchase. After performing the member authentication, the authorization processing means performs the first authentication based on the number specifying the mobile phone. The card number of the member is obtained from the storage means of (3), and the member information of the member is obtained from the third storage means based on the card number. -A settlement server for performing a sled process. 11. The authorization processing means, after replying a result of the authorization processing to the member store server,
9. The settlement server according to claim 8, wherein the member is notified that the settlement of the credit card is completed. 12. A life for setting a life for the transaction number generated by the transaction number assigning means and storing the life in the second storage means in association with the transaction number and a number for specifying a mobile phone. Setting means; clock means; acquiring the service life stored in association with the transaction number from the second storage means based on the transaction number received by the notification receiving means; And a life determining means for determining whether or not the life of the transaction number has expired from the output, wherein the authorization processing means determines that the life has expired as a result of the determination by the life determining means. The payment server according to any one of claims 9 to 11, wherein the server generates an authorization processing result that prohibits a credit transaction using the transaction number. 13. The transaction number generated by the transaction number assigning means is valid only for one transaction, and the authorization processing means, after performing the authorization processing, sets an object of the authorization processing. 13. The transaction number used in the transaction which has been completed and a number for specifying a mobile phone corresponding to the transaction number are deleted from the second storage means. Payment server. 14. A user who uses a combination of a specific storage means having a unique memory ID and a mobile phone is prompted to input the memory ID and a number specifying the mobile phone of the mobile phone, A first step of prompting the user to enter the card number and member attribute of the credit card of which the user is a member, and further prompting the entry of a password; and crediting the entered card number, member attribute and memory ID A second step of notifying the card company and requesting the user to determine whether or not the user is a regular member; and obtaining the result of the determination from the credit card company,
When the user is recognized as a regular member, the input number for specifying the mobile phone, the memory ID and the password are stored in association with each other, and the use of the specific storage unit is started for the user. A third step of notifying the user that registration has been performed, and notifying the user that the use start registration of the specific storage unit is to be refused if the user is recognized as not a regular member. An initial authentication method for a specific storage means, characterized by having: 15. An authentication method which is executed after execution of the initial authentication method according to claim 14, wherein: a fourth step of receiving a number specifying the mobile phone and the memory ID from the user; Based on the number identifying the mobile phone and the memory ID stored in the step (i), the number identifying the mobile phone and the memory I received from the user.
A fifth step of collating the correspondence of D. If the result of the collation shows that the correspondence is valid, a transaction number is assigned to the user and the transaction number is associated with the memory ID. A sixth step of storing, and a notification of a transaction number and a password used by the user when the user makes a request to purchase a product at a member store using the mobile phone and the specific storage means. A seventh step of receiving an inquiry of the memory ID corresponding to the transaction number accompanied by the notification of the transaction number and the password from the credit card company received from the company; and using the transaction number notified from the credit card company as a key. An eighth step of acquiring the memory ID corresponding to the memory ID, and a password corresponding to the memory ID acquired in the eighth step. A ninth step of comparing the password and the password notified from the credit card company in the seventh step, and if the verification in the ninth step matches, the inquiry to the credit card company is made. While the memory ID corresponding to the notified transaction number is notified as a response to the above, if the verification does not match, the credit card company is notified of the transaction number as a response to the inquiry. And a tenth step of performing a corresponding memory ID non-existence notification indicating that the corresponding memory ID does not exist, and authenticating the validity / invalidity of the transaction number used in purchasing the product. 16. In the sixth step, when assigning the transaction number to the user, a life is set for the transaction number. In the seventh step, an inquiry is made from the credit card company. Upon receiving the information, before executing the eighth step, it is determined whether or not the transaction number notified from the credit card company is valid based on the set life, the seventh step If the life has expired as a result of the determination in the above, if the life has expired, the tenth step is performed without executing the eighth and ninth steps.
16. The authentication method according to claim 15, wherein the corresponding memory ID absence notification is performed. 17. The transaction number is valid only for one transaction, and once used in a transaction, identifies the transaction number and the mobile phone stored in the sixth step. 16. The method according to claim 15, wherein association with a number can be canceled.
6. The authentication method according to 6. 18. A credit card settlement method executed by a credit card company in response to an operation of an authentication server which executes the initial authentication method according to claim 14 and the authentication method according to claim 15. Storing in advance member information including a member attribute of the member and a card number of a credit card possessed by the member; and, in response to a request from the authentication server executing the initial authentication method, based on the member information, Determining whether the user is a credit card member; and if the user is the credit card member,
Generating a response that the user is a regular member, storing the memory ID and the card number in association with each other, and a membership in which the user has made a purchase request using the mobile phone. Receiving, from the store, the transaction number and password used by the user when he / she wishes to purchase the product; and transmitting the transaction number and password notified by the member store to the authentication server. Querying the memory ID corresponding to the transaction number; and, if the response obtained from the authentication server in response to the query is the notification of the absence of the corresponding memory ID, indicating to the member store that credit transaction is impossible. Notifying the result of the authorization processing; and, if the memory ID is included in the response obtained from the authentication server in response to the inquiry, the response The card number stored in association with the memory ID included in the is acquired, the authorization process is performed based on the member information including the acquired card number, and the result of the authorization process is sent to the member store. A credit card payment method. 19. The method according to claim 18, further comprising: receiving a notification of the password from the member using the mobile phone, instead of receiving the notification of the password from the member store.
The credit card payment method described. 20. In the step of receiving the transaction number and the password notification, instead of the step of obtaining a credit card number stored in advance and notifying the result of the authorization processing to the member store, Receiving a notification of the password using a telephone, performing a member authentication based on a relationship between a mobile phone number, the credit card number, and the password notified from the member in the step; performing an authorization process; 19. A credit card settlement method according to claim 18, further comprising a step of replying a result of the processing to the member store. 21. After the step of notifying the member store of the result of the authorization process, the method further includes the step of notifying the user who is a credit card member that the settlement of a credit card has been completed. 19. The credit card settlement method according to claim 18, wherein: 22. A mobile phone owned by a user and a specific memory ID owned by a specific storage means owned by the user.
A payment server having member information including a member attribute of a credit card member and a card number of the credit card of the member. An authentication server for use in a credit card payment system including a payment server for performing the transaction and a member store server owned by a credit card member store, wherein the user receives the memory I via the mobile phone.
D and the mobile phone number of the mobile phone, an initial authentication receiving means for receiving a card number and a member attribute of a credit card of which the user is a member, and further receiving a password; And a member attribute and the memory ID are notified to the payment server, and a determination result obtaining unit that requests determination of whether the user is a regular member and obtains a result of the determination from the payment server, A first storage unit, when the user is recognized as a regular member according to the determination result from the settlement server obtained by the determination result obtaining unit, the input to the first storage unit; The stored mobile phone number, the memory ID, and the password are stored in association with each other, and the specific storage unit is provided to the user. A memory ID registration unit for notifying that the use start registration has been performed, a second storage unit, and a transaction number issuance request accompanied by a notification of a mobile phone number and a memory ID from the user. Based on the mobile phone number and the memory ID stored in the storage means, the correspondence between the mobile phone number and the memory ID notified by the user is collated, and as a result of the collation, the correspondence is valid. A transaction number generating unit that generates a transaction number, assigns the transaction number to the user, and associates the transaction number with the memory ID and stores the transaction number in the second storage unit. When the user makes a request for product purchase at the member store server using the mobile phone and the specific storage means, a notification of the transaction number and password used by the user is received from the member store server. An inquiry receiving unit that receives an inquiry of the memory ID corresponding to the transaction number accompanied by a notification of the transaction number and a password from the settlement server; and a transaction number notified from the settlement server from the inquiry receiving unit. A memory ID obtaining unit that searches the second storage unit and obtains the memory ID corresponding to the notified transaction number; a password corresponding to the memory ID obtained by the memory ID obtaining unit; and the inquiry receiving unit A password verification unit that performs verification with a password received from the payment server; and, when the verification in the password verification unit matches as a response to the inquiry to the payment server, the password corresponds to the notified transaction number. The memory I
Inquiry for notifying the memory ID acquired by the memory ID acquiring means as D, and otherwise, notifying the corresponding memory ID non-existence notification indicating that the memory ID corresponding to the notified transaction number does not exist. An authentication server, comprising: a response unit, for authenticating the validity / invalidity of a transaction number used for purchasing a product. 23. Life setting means for setting a life for the transaction number generated by the transaction number assigning means, and storing the life in the second storage means in association with the transaction number and a memory ID; A clock unit, receiving the transaction number notified from the settlement server from the inquiry receiving unit, acquiring the lifetime stored in association with the notified transaction number from the second storage unit, And a life determining means for determining whether or not the life of the transaction number has expired from the output of the clock means, and wherein the inquiry response means determines that the life of the transaction number notified from the settlement server is When the life determining unit determines that the service is expired, generating the notification of the corresponding memory ID absence as a response to the inquiry to the settlement server. The authentication server according to claim 22, characterized in that: 24. The transaction number generated by the transaction number assigning means is valid only for one transaction, and the inquiry reply means notifies the settlement server of an answer, and 24. The authentication server according to claim 22, wherein the transaction number used in the transaction and the memory ID corresponding to the transaction number are deleted from the second storage unit. . 25. A mobile phone owned by a user and a specific memory ID owned by a specific storage means owned by the user.
And a specific storage unit used in combination with the mobile phone, and a memory ID of the specific storage unit owned by the user registered, and the user purchases a product with the member store based on the memory ID. A payment server used in a credit card payment system including an authentication server that issues a transaction number used for a transaction and authenticates the issued transaction number, and a member store server owned by a credit card member store. A first storage unit for storing member information including a member attribute of a credit card member and a card number of a credit card possessed by the member in advance; a second storage unit; Receiving the memory ID of the specific storage unit registered as the Memory ID-card number associating processing means for associating and storing the card number of the credit card held by the credit card member, and a member store where the user has made a purchase request using the mobile phone The server receives a notification of the transaction number and password used by the user when requesting the purchase of the product, and transmits the notified transaction number and password to the authentication server to correspond to the transaction number. A memory ID inquiring unit for inquiring a memory ID to be executed; and, if a memory ID is included in an answer obtained from the authentication server in response to the inquiry of the memory ID inquiring unit, the memory ID included in the answer is Card number obtaining means for obtaining the corresponding card number from the second storage means; When the corresponding card number can be obtained from the storage unit, the member information is obtained from the first storage unit based on the obtained card number, and an authorization process is performed. While notifying the member store server of the authorization processing result indicating any of the above, the response obtained from the authentication server in response to the inquiry of the memory ID inquiry unit indicates the absence of the corresponding memory ID. And authorization processing means for notifying the member store server of an authorization processing result indicating that credit transaction is impossible when the card number acquisition means cannot acquire the corresponding card number. A payment server characterized by the above-mentioned. 26. After the authorization processing means returns a result of the authorization processing to the member store server,
26. The settlement server according to claim 25, wherein the user as the credit card member is notified that the settlement of the credit card has been completed. 27. A settlement server used in a credit card settlement system including a mobile phone owned by a credit card member to which a password is previously assigned and a member store server owned by a credit card member store, wherein the member is A transaction number assigning means for receiving a notification of the mobile phone number of the mobile phone from the mobile phone, setting a valid transaction number for only one transaction related to the credit card settlement, and notifying the mobile phone of the transaction number, Life setting means for setting the validity period of the transaction number, a storage unit for storing the validity period of the transaction number in association with the transaction number, and receiving an inquiry about the validity of the transaction number from the outside, To judge whether the transaction number is valid and return the judgment result Settlement server equipped with. 28. The settlement server according to claim 27, further comprising a second storage unit for associating the transaction number with the mobile phone number. 29. The settlement server according to claim 28, further comprising: a mobile phone number obtaining unit configured to obtain the mobile phone number from the transaction number in the second storage unit. 30. The settlement server according to claim 29, further comprising an authorization unit for performing an authorization process using the mobile phone number obtained by the mobile phone number obtaining unit.