JP2003150876A - How to issue and use a virtual credit card - Google Patents

Abstract

(57) [Summary] [Problem] Do not issue a real credit card,
A method is provided for issuing secure credit card information to a user's mobile phone for use. A credit card is issued by acquiring credit card data from a credit card issuance center via a network and holding the data in a portable terminal. Requesting credit to the user of the credit card data, obtaining a password issued in response to the credit request, confirming the validity of the credit card data in the store system, and determining that the credit card data is valid. In such a case, the merchandise purchase price is paid by presenting the credit card data indicating that the payment of the product purchase price is completed at the store.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method of using a credit card, and more particularly to a method of using a credit card which utilizes a credit card function without owning a card.

[0002]

2. Description of the Related Art Conventionally, cash, credit cards, debit cards, electronic money, and the like have been used as payment means used by consumers for purchasing goods and services (goods and the like). Of these, cash is exchanged for goods on the spot, and debit cards are also a mechanism in which the purchase amount is immediately deducted from the bank deposit balance. Further, electronic money is charged as a value in the IC card, and the IC card consumes the value corresponding to the amount of the purchased article. These are the actual amount of cash on hand, the deposit balance of the bank cash card used as a debit card, and the use of the value charged in the IC card as a limit, and even if it is dropped or stolen, these amounts are the maximum loss. Become.

On the other hand, payment using a credit card is
It is called credit settlement as opposed to so-called immediate settlement as described above. A card user (user) applies to a credit card company to issue a credit card, and after the credit card company conducts a credit check on the user, if the user has credit, the credit is given. (Credit)
Issue credit cards to users. A user brings a credit card to a credit card member store, presents the credit card when purchasing an article, and applies for use.
The card number recorded in the credit card is read by a card reader provided in the member store and transmitted from the member store to the card company through a telephone line or a dedicated line. The credit card company checks the user's usage limit amount from the received card number, and if the usage application does not exceed the usage limit amount, sends the usage permission (approval number) to the member store. Upon obtaining the authorization number, the member store receives the payment signature from the user.
Here, the user does not actually make a financial settlement by using the card, but obtains the article with credit given by the card company, and the payment is made by the card company giving the credit to the user. Therefore, if a credit card is dropped or stolen and it is used improperly after being noticed, the user usually loses more than his or her own money due to credit. In this way, when making a payment using a credit card, bring a credit card and use it.
For security, it is important not to lose it, to improve the reliability of sending and receiving information, and to notify the card company immediately if it is lost. However, it cannot be denied that it is entrusted to the actions of the user, except for improving the reliability of information transmission and reception.

In addition to the above, conventional documents relating to credit cards include, for example, Japanese Unexamined Patent Publication No. 10-143570 (conventional example 1) and Japanese Unexamined Patent Publication No. 2001-67396 (conventional example 2). In the conventional example 1, a card issuing organization, a card number, and information for identifying a card user are recorded in an IC card. The IC card is used by being inserted in or connected to a mobile terminal such as a mobile phone. The information recorded in the IC card is read out from the mobile terminal to make an inquiry to the card company. When you receive an answer from the credit card company that the credit card can be credited with a mobile phone, you will open a handwritten slip at the member store.

In Conventional Example 1, a credit card is not a plastic card having a magnetic storage area, but I
It uses a C card. Although the information recorded on the IC card makes it more difficult for others to steal the information, the IC card is still managed by the user and the risk of loss or theft is not reduced. Even using a mobile phone for transmitting information only discloses the use of general security of communication by the mobile phone.

[0006] In the conventional example 2, a settlement organization issues a temporary settlement number to a user, sets usage conditions including an expiration date in the temporary settlement number, and the temporary settlement presented from a store requested for credit payment. Based on the number, the usage conditions and the validity of the credit contract are determined, and the store is instructed whether to accept the payment.

[0007]

Recently, the penetration rate of mobile phones is said to be 50% or 60% of the total population. In such a situation, it is necessary to use a removable IC memory card as a standard specification of a mobile phone and to use the IC card as a credit card, because new terminals and facilities are required. Be done. Like the conventional example 2, based on the temporary payment number presented by the store,
By judging the use conditions and the validity of the credit contract and instructing the store whether or not to settle the payment, it is possible to reduce the leakage of important items such as the fixed number of the credit card.

However, since the temporary settlement number is a disposable number, a huge number is required, and issued numbers, unissued numbers, used numbers, valid numbers, invalid numbers, etc. are managed. It is hard to do. In addition, it is a system that forces the user to obtain the temporary payment number each time he / she uses it (shopping), and is unlikely to be a convenient method for users.

Therefore, an object of the present invention is to issue a highly secure credit card information to a user's mobile phone without issuing a real credit card and to store a credit stored in a terminal such as a mobile phone. An object of the present invention is to provide a convenient virtual credit card system used when purchasing an article or the like by credit using card information. Another object of the present invention is to provide a virtual credit issuance method from when a user applies for issuance of a virtual credit card to when it is issued. Another object of the present invention is to provide a virtual credit card use application processing method when a user purchases an article using a virtual credit card.
Another object of the present invention is to provide a virtual credit card terminal device used by a user when issuing and applying for a virtual credit card. An object of the present invention is to provide a virtual credit card usage application processing system provided in a store. Other purposes will be described as appropriate in the following description.

[0010]

In order to achieve the above object, a method of using credit card data of the present invention is to obtain credit card data from a credit card issuing center via a network and store the credit card data in a portable terminal. ,
A method of using credit card data for presenting the credit card data at a store and paying a product purchase price, wherein the store system confirms the validity of the credit card data and determines that the credit card data is valid. Request credit to the user of the credit card data from the store system to the credit card issuing center, and the payment of the merchandise purchase price is completed upon receiving a response to the credit request. The virtual credit card should always be held in the mobile terminal, but the present invention is not limited to this as long as it can be obtained when necessary. The basic configuration is such that a mobile phone is used as a mobile terminal and credit card data is held in a storage unit of the mobile phone. The virtual credit data itself held and used in the mobile terminal includes a credit card number and a code indicating the validity of the credit card number. Besides, the configuration of the present invention will be clarified by the examples described later.

[0011]

DETAILED DESCRIPTION OF THE INVENTION The following terms are used in this specification.
For terms and phrases not particularly explained here, general terminology at the time of application is applied. A credit card, a real credit card, a house card, a real house card, an IC card, a real IC card, an IC memory card, a real IC memory card, and an IC credit card are cards that actually exist for virtual. It refers to a card. A credit card and an actual credit card are synonymous, and functionally include a house card and an IC credit card, and include both an IC card and a plastic card in terms of materials and raw materials. The IC card generally refers to a card provided on a plastic card whose base is an IC chip, and is also called an IC memory card. When the information to be used as a credit card is stored, it is called an IC credit card in terms of function.

[0012] A virtual credit card is defined in terms of a credit function in contrast to an actual card-shaped credit card. The virtual credit card is synonymous with the virtual credit card function. A process performed for a credit using a virtual credit card is called a virtual credit process. Credit card information is synonymous with card information and includes virtual credit card information. The credit card information includes at least information about the user, a credit card or virtual credit card number, and an expiration date. Details will be described later. Users and users refer to those who use credit cards or virtual credit cards. A credit card company is also simply referred to as a card company. In addition, the card company may be the same as the case where the member store and the card issuing company are different, and the card issued in the same case is a house card. A member store is a store that sells goods and the like, and is a place where users use the virtual credit function.

FIG. 1 shows an outline of the entire system of the present invention. A system 110 owned or managed by a credit card company, a user terminal 120, and a store system 130 are connected by a network 140. Network 14
0 may be a telephone line or a dedicated line, regardless of whether it is wired or wireless. The system 110 is, for example, a large-sized computer or a server system, and as shown in FIG.
Control means 102 such as a microchip for controlling the whole
0, the input / output unit 1040 is connected by a wiring 1050. In the memory 1030, a terminal information obtaining means 320 at the time of issuing an application from the user, a virtual credit issuing program 1031 executed by the control means 1020 in response to the issuing application, and a control means 1020 in response to a credit confirmation application from the store. Credit Confirmation Program 10
32, depending on the execution result of the credit confirmation program 1032, the credit settlement program 1035 for performing existing credit settlement, the member data 1033, and the member-only homepage 1034 created for the member are recorded and held. Although not shown, in the processing of the system 110, the memory 103
In addition to 0, data and programs to be held are also recorded and held.

In the present embodiment, the user terminal 120 will be described assuming a mobile phone. However, the user terminal is not limited to the mobile phone as long as it is a portable device having a communication function in terms of convenience. Of course, it may be a PDA or a small personal computer (PC). The configuration of the mobile phone 120 is shown in FIG. A communication unit 1120 serving as a communication interface at a radio wave transmitting / receiving unit such as an antenna or a data port for transmitting / receiving data, a speaker for outputting voice, an output device 1150 capable of displaying image data (including a bar code, of course) and character data. , An input device 114 including a microphone for collecting sounds and keys for inputting character codes
Equipped with 0. Then, a virtual credit card 1161 issued by a credit card company, terminal information 1162 which is a unique value or information given to a mobile phone in advance in order to specify each mobile phone, and another system through a network ( For example, it has a browser program 1165 for accessing the credit card company system 110) and displaying the home page indicated by a predetermined URL on the output device 1150, and a memory 1160 for recording and holding the other area 1166. Other area 1166
Are application programs executed by the mobile phone 120, programs and data for using the mobile phone. These configurations are connected by a wiring 1110.

The store system 130 is a PO in this embodiment.
S system is assumed. FIG. 12 shows the store system 13
The structure of 0 is shown. The input unit 1250 is a key or a bar code reader for inputting the price of the product sold at the store and the card information of the user. A liquid crystal, a CRT, a printer, or the like can be used as the output unit 1240 that outputs the input contents, the total price of the product, the processing result when using the virtual credit card, and the like, but a speaker that outputs sound may be used. In the memory 1260, when a user uses a virtual credit card, a store authentication program 1261 used for authenticating whether the virtual credit card is valid data in a store, product information and card information are bar-coded. The barcode reading program 1262 for reading the barcode, the read POS data 1263, and the store number data 1264 are recorded and held. The control unit 1230 controls the entire store system 130, and the above configuration is connected by the wiring 1210. Although not shown, the memory 1260 has processing programs and data necessary for data processing with the credit card company system 110 and the mobile phone 120, and processing programs necessary for fulfilling a function as a POS terminal. And data are retained.

Returning to FIG. 1, the relationship among the credit card company system 110, the mobile phone 120, and the store system 130 will be described. The user terminal 120 connects to the system 110 via the network 140 and makes a virtual credit card usage application (151). The system 110 that has received the use application obtains the terminal information in the member management means 1034 and issues the virtual credit card 1161 to the user who has passed the credit issue examination according to the virtual credit card issue program 1031. This is equivalent to transmitting data. Specific processing will be described later. The mobile phone 120 stores the virtual credit card 1161 in the memory 1160. When the user uses the virtual credit card 1161, the data is presented at the store 130 at 153. When the virtual credit card 1161 is stored as text data, the data is presented to the store clerk and the key is used to input the data. When the virtual credit card 1161 is stored as a barcode, the barcode is displayed on the screen 1150 and read by the barcode reader of the store system 130. A two-dimensional code is suitable for the barcode because of the amount of data. A virtual credit card may be read directly from the data port of the mobile phone 120 by providing a data port in the communication means 1220 of the store system 130 and providing the function of an input means.

The store system makes a credit request to the system 110 of the credit card company (154). At this time, the request data includes the terminal information 1162 (which can be omitted if it is available in the system 110 of the credit card company without explicitly including it), the store number data 1264, and the credit amount. When the system 110 receives the credit confirmation request (154), it executes the credit confirmation program 1032, confirms the terminal information 1162 and the store number data 1264 in the credit card company system 110, and if the confirmation is obtained (155), the credit settlement program 1035.
Is executed and the result is notified to the store system 130 (156). The result notification includes the password, and this transmission corresponds to the conventional transmission of the approval number. The store system uses the password thus obtained and the virtual credit card to activate the store authentication program 1261 to perform local authentication.

FIG. 2 illustrates the card issuing process between the user and the credit card company. Here, as a premise, it is assumed that the user applies for the credit card company as a user who uses the virtual credit card and is recognized, but the virtual credit card itself is not yet held in the mobile phone 120. In order to be recognized by the credit card company as a user of the virtual credit card, the user may apply for the virtual credit member in writing as in the conventional case,
You may access the homepage of the credit card company from the mobile phone 120 and register as a new member.

Thus, it is assumed that the user already has a membership number. The user accesses the credit card company site (221) from the user terminal 120 (21).
1). The credit card company is the site (221)
You may refer to the virtual credit membership agreement at.
Then, the user inputs the intention to issue a virtual credit card (212), the membership number, the membership expiration date, and the user's name (213), and transmits it as card issue application information (201) (214). .

The credit card company system 110 receives the card issuance application information and transmits the credit member homepage 221 to the user. If a virtual card member contract is posted on this credit member homepage, the contract will be forcibly shown to the user, and a note regarding the use of the virtual credit card can be called up. Subsequently, the credit card company obtains the terminal information unique to the user terminal 120 used by the user for issuing the card information issuance (222). From this terminal information, the user terminal 120 can use the virtual credit card. Determine if there is (22
3) If it is determined that the credit card is available, authentication is performed as a member who uses the virtual credit card (224). When the authentication is completed, the credit card company system 110 then transmits and displays the dedicated home page of the virtual credit member on the user terminal. This allows the user to know that he / she has been authenticated as a member of the virtual card. In the credit card company system 110, the validity period of the virtual credit card to be issued is set, apart from the validity period of the qualification that authenticates the user as a member, and the password for ensuring the security of this virtual credit card is set. Set, issue a virtual credit card number, encrypt it with a password, and create a two-dimensional code of the encrypted data (22 above)
5). Once the two-dimensional code is created, the user will create a download-only website that will be used exclusively for downloading the two-dimensional code (226), and will then be notified of the completion of issuing the virtual credit card to the user. Is sent (203). The user applies for the download of the virtual card from the URL designated in the received mail 216 (204), and after downloading the virtual credit card (205), the memory 11
The downloaded virtual credit card 1161 is stored using the appropriately set area of 60 as the storage location (217).

Next, the details of the virtual credit card issuing process will be described with reference to FIG. When the credit card company system 110 authenticates that the user is a member, it issues a credit card number (301). A check code is added to the credit number (302) to create a value 1 (303). The check code is a code used to verify the data decryption at the store, and is a code that guarantees the validity of the value (specifically, the credit card number) obtained as a result of the decryption. In the present embodiment, the check code is a value obtained by applying a one-way function to the credit card number in consideration of using the check code later in the store system as verification of the validity of the credit card number. For example, the value 1 is “credit card number” + “check code (4 digit number)”.
This value 1 is encrypted with the private key (305) of the credit card company system (304) and becomes encrypted data (306). On the other hand, the obtained terminal information (116
A password is generated from (2) (309) and a value of 2 (31
0) was created and the credit card company system
The encrypted data created in 06 and this value 2 are used to combine by the combining function F (307). The synthesizing function F may be a function whose value is synthesized, and may be a mere exclusive OR. In this way, the value 3 (308) is created, this value 3 (308) is transmitted to the user terminal as the virtual credit card (1161), and the user terminal records the virtual credit card 1161 in the memory 1160 (116).
0). In addition, the credit card company system 110,
The terminal information 320 is transmitted together with the value 3, and the user terminal records the terminal information 320 in the area 1162 of the memory 1160. Here, when transmitting the value 3 and the terminal information from the credit card system 110 to the user terminal 120, 2
It may be converted into a dimensional code and sent, or converted into data in a form suitable for data communication and sent.

FIG. 4 shows a case of re-issuing the virtual credit card issued in 225 of FIG. 2 within the valid period of the virtual credit card set in the credit card company system. This is because, for example, when the user has received a virtual credit card issuance notification in advance (203 in FIG. 2) within the valid period of the virtual credit card and it took time to download the virtual credit card, A process for confirming the terminal information of the user terminal when downloading is included. When the user accesses the URL indicated by the e-mail 216 included in the received completion notification from the terminal 120, the credit card system 110
The download home page indicated by the URL is provided to the user, the terminal information of the user terminal is obtained, and it is authenticated whether the virtual credit card can be used at the terminal. At this time, it may be authenticated whether it is the same as the terminal used at the time of issuing the prepared virtual credit card, and only if it is the same, the download process may be performed. When it is determined that the user terminal is authenticated and the virtual credit card can be downloaded, the download is started, and the virtual credit card is stored in the memory 1160 of the terminal 120 as the same processing as 217 of FIG. save. The virtual credit card stored may be the two-dimensional code data 218 or data in a form suitable for communication (412).

The processing of the user terminal 120 and the store system 130 when the user uses the virtual credit card in the store will be mainly described with reference to FIG. The user brings the user terminal 120 to the store and purchases the product. When a virtual credit card is used to pay for the product (511), the virtual credit card is designated from the memory of the terminal 120 (512), and the virtual card is read from the memory 1160. The virtual credit card can be designated by the user, for example, possessing electronic money in the terminal, or by having a credit settlement means that simply presents a credit card number and data indicating the expiration date and uses the same as in the past. In this case, it corresponds to the designation of which is used as the settlement method. In this embodiment, the virtual card is displayed on the output device 1150 of the terminal 120 with the two-dimensional code 5131. The store system 130 uses the code reader 5211 to read the virtual card according to the two-dimensional code reading program 1262 (521). Then, the encrypted virtual card is decrypted (522). Here, according to the store authentication program 1261, the two-dimensional code is read (52
3) The terminal information is extracted from the read data and transmitted to the credit card company system (526), the virtual card is decrypted (524), and the validity of the virtual card is verified (525). At this time, it is necessary to input a password (514) for canceling the security of the virtual card from the credit card company system 110.

The processing of the store authentication program 1261 in the store system will be described with reference to FIG. The user visits the store, brings the product to the store cashier, and tells the cashier that the purchase and payment of the product will be done with a virtual credit card. The cashier operates the store system 130. The user takes out the terminal 120 and stores it in the memory 116.
The virtual credit card 1161 is read from 0. Value 3 which is a virtual credit card 1161
(609) and terminal information (1162) are presented to the cashier. The cashier uses the input unit 1250 of the store system 130 to input the value 3 (609) and the terminal information (116).
The reading 1 (601) of 2) is performed. Value 3 and terminal information
When the two-dimensional code is displayed on the output device 1150 of the user terminal 120, a two-dimensional code reader is used as the input unit 1250. When a two-dimensional code is used, the value 3 (609) and the terminal information (1162) are different from each other.
A two-dimensional code may be used, or two pieces of information may be combined to form one two-dimensional code. If stored as data, data may be transmitted and received from the user terminal to the store system by wireless communication such as Bluetooth.
Then, the request for credit 154 is transmitted to the credit card company system 110 together with the terminal information (61).
1).

When the credit card company system receives a credit request, it gives an identifier for identifying a transaction such as a session ID to the set of the credit request and the terminal information.
In addition, store system and credit card company system 1
The data transmitted / received to / from 10 is associated with the session ID given at the time of requesting credit. Next, the password (value 2 (610)) is issued from the memory 1030 of the credit card company system by the password issuing program set corresponding to the terminal information, and is transmitted to the store system 130.

In Conventional Example 2, the value sent to the credit card company system must be changed every time, so the credit card number must be managed so that the same value is not used at least in the latest period.

In the case of this embodiment, it is not necessary to change the card number every time, and in practice, the same card number can be used within the expiration date, so that number management becomes easy. Further, in the history management means 1038, the credit number (154) is managed by pairing the identification number of the store system that has received the issued password and the issued password. If the requests are from different store systems, the same password is issued. If the request is from the same store system, a value different from the previously issued password will be issued. This is to prevent unauthorized use of credit card data by a third party when the previously used password and credit card data are recorded in the store system.

In the store system, the password (value 2 (6
10)) is received. Next, in the store system 130, the read credit card data 1161 (value 3 (60
9)) and the obtained password (values 2, 610) are used to perform the calculation by the inverse function 603 of the composite function F, and the value 4
(604) is obtained. The composite function F is the composite function 307 in FIG. Therefore, the value obtained by the inverse function is 4
(604) has the same contents as the encrypted data 306 of FIG. The value 4 (604), that is, the encrypted data 306, is the data encrypted with the secret key 305 of the credit card company system 110, and the public key 606 that forms a pair with the secret key 305 is used for decryption (605). ). The decrypted decrypted data (607) is the value 1 (30
It has the same contents as 3).

Here, the store system knows that the lower four digits of the decrypted data 607 are the check code,
It verifies that the credit card number is correct from the check code (608). Since the store system 130 knows that the check code can be obtained by applying the one-way function used in 301 of FIG. 3 to the number attached before the check code, the same one-way function is obtained in step 608. To the number before the check code. Then, if the number before the check code, that is, the credit card number is correct, the obtained value and the check code of the last four digits become the same value, and it is possible to verify that the check code is correct, that is, the credit card number is correct. it can. If the check code is correct in step 608, the result is YES, and the authentication using the shop authentication program 1261 shown in FIG. 1 is completed. Finally, the fact that the check code is correct may be transmitted to the credit card company system together with the session ID given to which credit.

If the check code is not correct, step 608 becomes NO and the fact that the virtual credit card cannot be used means that the credit card company system 110 is in use.
Be transmitted to. Credit card company system 110
Performs payment cancellation processing based on the session ID. The user is also notified that it cannot be used. In this authentication process, the credit card number is not sent, and even if there is an illicit person who obtained the password of value 2, the virtual credit card cannot be used (not authenticated). Here, since the credit card company system 110 obtains the store number data 1264 from the memory 1260 of the store system, it can know from which store the request came.

In this mechanism, there is a possibility that a password is recorded in the store where the request for using the virtual credit card is received, and it is necessary to disable the same virtual credit card. Even if the virtual credit card has been used once, the decryption 605 has not been successful because the password has not been obtained at another store. That is, it is not necessary to use a disposable number, and a new virtual credit card may be obtained only when credit settlement is desired at the same store. If you get a new one, you can simply overwrite your old virtual credit card. By overwriting in this way, it can be prevented that it is impossible to distinguish which card is valid.

Since it is considered that it is rare to use credit card payment at the same store in a short period of time, by appropriately setting the expiration date of the virtual credit card, the virtual credit card accumulated in the user terminal can be used at any store. It can be used within the expiration date. In addition, if it is something like a house card, there is a high possibility that it will be used at the same store, but since there is a plurality of credit settlement terminals in one store, the authentication processing of the virtual credit card is performed at the local settlement terminal. Considering this, it can be said that there is practically no problem if they are not processed by the same payment terminal. Therefore, unless the user makes multiple credit payments at the same department in a short period of time, the user can purchase by simply presenting the virtual credit card stored in the mobile phone.

Alternatively, if the store system 130 guarantees that the password cannot be saved, the same virtual credit card can be used without considering the number of times of use at the store.

On the other hand, as a security measure against the fact that the virtual credit card is recorded in the mobile phone, for example, in order to use this card, the personal identification number only known to the user may be entered in the mobile phone. By implementing such a personal authentication function in a mobile phone, it is possible to obtain higher security than existing credit cards.

The data passed from the user terminal 120 to the store system 130 will be described with reference to FIG. Virtual credit card 1 held in user terminal 120
161 is passed to the store system 130 and a value of 3 (609)
Treated as. Store system 130 has a value of 2 (610)
There are three ways to receive the following. Case 1 is a case where the password (610) is passed from the credit card company system 110. On the other hand, in the password generation 309 of FIG. 3, if the value 2 is generated from the terminal information, it may be passed from the user terminal 120.

Case 3 is a case where the terminal information 1162 held in the user terminal 120 is passed as it is. However, the mobile terminal information may not be generally read by the user terminal. Case 2 is
Password 1163 held in user terminal 120
Is read and converted into a two-dimensional code, or converted into communication data and passed as (701) value 2 (610) to the store system 130. When converted into a two-dimensional code, it is displayed on the screen 1150 of the user terminal and read by the two-dimensional code reader of the store system 130. When converted into communication data, it is transmitted from the communication means 1120 of the user terminal to the store system 130. Regarding the password input to the store system 130, the user may key in text data such as alphanumeric characters stored in the user terminal 120 into the store system, or the password stored in the store may be stored in the store. System 1
It is also possible to adopt a configuration in which a key is input to the keypad 30.

8 and 9, the store system 130
The management of the decryption key stored in will be described. Since the terminal information 1162 is a unique value set when the user terminal is manufactured, it is not changed. Therefore, in the event that the user terminal is stolen or lost, the terminal information 1162 cannot be changed. To prevent misuse, users need to take measures such as early delivery to credit card companies. On the other hand, the user ID-1 is different in that the storage location is the user's memory, but in any case, it is not unique to the user terminal and is set later and can be changed. In addition, reading the terminal information from the memory is easier than reading the terminal information from the user terminal, and the password stored by the user is often a number related to life such as a telephone number or birthday. , It is necessary to consider measures against password theft.

In FIG. 9, when it is assumed that the password (ID2) and the public key (ID1) described in FIGS. 7 and 8 are used in combination with a valid period, ID1 and ID2 are provided with a valid period. It is a figure which shows the setting at that time. ID1 and ID2
Since the expiration dates are set to be different from each other, even if one of the IDs is stolen, the credit card cannot be used if the expiration date has passed. In other words, if it is difficult to update the public key 606 stored in the store system 130 frequently,
Security can be secured by subdividing the expiration date of the password. On the other hand, since it is difficult to update the password set by the user frequently, security can be secured by subdividing the expiration date of the public key. Specifically, the break of the effective period of ID1 or ID2 is set during the effective period of another ID. That is, ID
The effective period of 1 is a1 until t1 and then changed to a
The validity period of 2 is changed to a3 until t3.
In such a case, the effective period of b1 used as ID2 is up to t2, and the changed effective period of b2 is t4.
You should set up to.

As described above, a mobile phone or a mobile terminal, which has a high diffusion rate, is provided with a credit card function without any particular improvement so that the credit card can be used for exchanging data. It is possible to allow the user to use the credit card function issued by each credit card company while maintaining security without having the user carry and present a bulky real credit card. For loss of a mobile phone, which is equivalent to loss of a credit card, it is highly likely that the user will find it lost or stolen due to the form of possession.In addition to the credit card function, personal information such as the name and address of an acquaintance is also available. Because of the inclusion, the probability that a user will submit a lost or stolen notification will increase, leading to improved security of the credit card function.

Since the information of the virtual credit card (which is encrypted) and the password information flow on different communication lines, it is difficult to eavesdrop on both. further,
Even if one eavesdrops on one of them, it cannot be used as it is. Since the virtual credit card authentication is closed by the store system, the product price can be settled with high security.

Since the card number issued in advance is used instead of issuing the card number each time in the settlement corresponding to the post-processing of shopping, it is possible for the user to improve the security although it is the same labor as the conventional one. You can

[0042]

According to the present invention, it is possible to provide a virtual credit card which is convenient and has high security for users.

[Brief description of drawings]

FIG. 1 is a diagram showing an overall system of the present invention.

FIG. 2 is a diagram showing a card issuing process between a user and a credit card company.

FIG. 3 is a diagram illustrating issuance of a virtual credit card.

FIG. 4 is a diagram explaining issuance of a virtual credit card.

FIG. 5 is a diagram showing a process in which a user uses a virtual credit card at a store.

FIG. 6 is a diagram illustrating processing of a store authentication program in the store system.

FIG. 7 is a diagram illustrating data passed from a user terminal to a store system.

FIG. 8 is a diagram showing a relationship between an inverse function of a composite function F and values 2 to 4.

FIG. 9 is a diagram for explaining a method for improving security over the frequency of updating keys.

FIG. 10 is a diagram showing a configuration of a credit card company system.

FIG. 11 is a diagram showing a configuration of a user terminal.

FIG. 12 is a diagram showing a store system

[Explanation of symbols] 110 ... Credit card company system 120 ... User terminal 130 ... Store system 140 ... Network 1010 ... Communication means 1020 ... Control means 1030 ... memory 1031 ... Virtual credit issuing program 1032 ... Credit confirmation program 1033 ... Member data 1034… Member-only homepage 1035 ... Credit settlement program 1040 ... Input / output means 1050 ... Wiring 1120 ... Communication means 1140 ... Input device 1150 ... Output device 1161 ... Virtual credit card 1162 ... Terminal information 1165 ... Browser program 1166 ... Other area 1110 ... Wiring 1210 ... Wiring 1230 ... Control means 1240 ... Output means 1250 ... Input means 1260 ... Memory 1261 ... Authentication program for stores 1262 ... Two-dimensional code reading program 1263 ... POS data 1264 ... Store number data

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) G07G 1/12 G07G 1/12 321P H04L 9/32 H04L 9/00 673A (72) Inventor Takeshi Matsuki Kanagawa 870 Kashimada, Sachi-ku, Kawasaki City, Ltd., Information Service Division, Hitachi, Ltd. (72) Inventor, Tatsuro Arai, 4-6, Surugadai Kanda, Chiyoda-ku, Tokyo Hitachi, Ltd. Net-PDA Bencher Company (72) Inventor, Mitsuru Iwamura Tokyo 2-14-17 Nakamura, Nerima-ku, Tokyo F-term (reference) 3E042 CC01 CC03 5J104 NA02 NA05 NA35 PA10

Claims (7)

[Claims] 1. Use of credit card data for obtaining credit card data from a credit card issuing center via a network, holding the credit card data in a mobile terminal, presenting the credit card data at a store, and paying for a product purchase price. A method of requesting credit to a user of the credit card data from the store system to the credit card issuing center, obtaining a password issued in response to a response to the credit request, and using the credit in the store system. A method of using credit card data, wherein the validity of the card data is confirmed using the password, and when it is judged to be valid, the payment of the product purchase price is completed. 2. The method of using credit card data according to claim 1, wherein the validity of the credit card data is that the credit card data is data issued from the credit card issuing center to the mobile terminal. 3. The method of using credit card data according to claim 1, wherein the validity of the credit card is confirmed by using the credit card data and a terminal number unique to the mobile terminal. 4. A mobile terminal capable of communicating with a credit card issuing center via a network is prepared, and the credit card issuing center is a mobile terminal capable of transmitting credit card data based on the terminal information received from the mobile terminal. In the case of indicating that the credit card data is downloadable, the mobile terminal is notified, and the mobile terminal holds the credit card data in the internal storage unit according to the content of the notification. How to issue a card. 5. A method of using a credit card for paying a product purchase price using a credit card, wherein credit card data is prepared in a mobile terminal owned by the purchaser, and the credit card data is input to a store system. , Make an approval request to the credit card issuing center connected by the network, enter the password issued as a response to the above approval request into the store system, and use the public key to obtain the value obtained by applying the first inverse function. Decrypt, apply a second inverse function to a portion of the decrypted value and compare it with other portions of the decrypted value to confirm the validity of the credit card data, How to use the credit card to complete the payment of the purchase price of the product when the above validity is confirmed. 6. A method of using a credit card for paying a product purchase price using a credit card, wherein credit card data and a password are prepared in a mobile terminal owned by the purchaser, and the credit card data and the password are stored in a store. The value which is input to the system and which has been subjected to the first inverse function is decrypted by the public key, and the second inverse function is caused to act on a part of the decrypted value and other decrypted values Check the legitimacy of the above credit card data, and if the above legitimacy is confirmed, request an authorization number from the credit card issuing center connected by the network and request the authorization number. How to use the credit card to receive the above response and complete the payment of the above item purchase price. 7. A credit card data obtained by preparing a mobile terminal capable of communicating with a credit card issuing center via a network, wherein the credit card issuing center encrypts a credit card number in response to a credit card issuing request received from the mobile terminal. Is sent to the mobile terminal, and the purchase of an article by credit using the credit card data is performed at a store, the credit card data cannot be used only at the same store.