JP2008061178A - Authentication server, enterpriser server and e-commerce method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication server, enterpriser server and e-commerce method in which a true site and a false site can be easily and surely confirmed. <P>SOLUTION: There are provided: a private information storage device 103 storing private information of an authentication terminal; a secret information storage device 104 which stores secret information transmitted from an authentication server when the authentication server authenticates the authentication terminal and an enterpriser server; an authentication image generating means 111 which generates an authentication image including an authentication parameter and transmits the authentication image to a communication terminal; an authentication parameter storage device 101 which stores the authentication parameter; an authentication information collating means 113 which determines whether or not private information included in the authentication information is coincident with the private information stored in the private information storage device 103, the authentication information including the authentication parameter; and a content editing means 115 which edits and distributes the secret information. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a technology using a communication network such as the Internet, and more particularly to an authentication server, a business server, and an electronic commerce method using them, which can prevent cyber crimes such as phishing scams using the Internet.

  Currently, information and communication can be performed anywhere and anytime due to the spread of the Internet and mobile terminals. Cyber crimes such as fraud using the Internet, which were detected by police nationwide in the first half of 2006 (January to June), The number of cases increased by 190 from the same period in 2005 to 1802, which was the worst since 2000 when statistics were started. With the development of the Internet society, the rapid increase in cybercrime is conspicuous, but the number of frauds that trick money in Internet auctions increased by 9% from the same period in 2005 to 733 cases, accounting for about 40% of the total and will continue to increase A trend is predicted.

  Various types of encryption have been considered so that information to be communicated is not leaked to others, and information is frequently transmitted to a server using an encrypted protocol such as HTTPS (Hypertext Transfer Protocol Security). However, a so-called phishing damage that creates a fake site, steals a user ID or password from the fake site, and performs illegal transfer processing on behalf of the original user is increasing.

In the case of a mobile network in which mobile terminals are connected to each other, the standard of the mobile terminal is determined by the communication carrier. For example, the server authenticates the mobile terminal with high accuracy by acquiring a device identifier that identifies the mobile terminal. be able to. On the other hand, it is difficult to authenticate a computer or the like in a PC network in which a computer is connected to the Internet. That is, according to a protocol such as a browser or HTTP (Hypertext Transfer Protocol) used to connect to the Internet or the like with a computer, it is impossible to acquire an identifier for identifying the computer and transmit it to the server like a portable terminal. It is. In practice, the encrypted ciphertext created by the server is stored in the browser cookie, and the ciphertext is sent to the server at the time of authentication, or the user is prompted to enter the password when connecting to the server. is there. The user information database that stores the authentication information of users who are connected to the partner site on the web via the network and are allowed to access the partner site, and the authentication information input to the partner site are acquired and stored in the user information database. There is an authentication system that includes a control unit that performs authentication processing based on this and transmits an authentication result to a partner site (for example, Patent Document 1).
JP 2003-6164 A

  However, in the above-mentioned patent document 1, if authentication is performed only in the authentication system, it is not necessary to authenticate a plurality of partner sites. There is nothing. On the other hand, with the spread of mobile terminals such as mobile phone terminals, there are many users who enjoy various services using mobile terminals, and personal information such as names and addresses may be registered when providing services. In this case, it is very difficult to register such personal information in a portable terminal having a poor input user interface, and many users desire registration on a computer. However, there is a problem at the time of user authentication as described above in registration with a computer, and development of a system that overcomes this problem is desired.

  Regardless of whether it is a PC network or a mobile network, there is currently no means for easily and reliably determining whether a user is a genuine site or a fake site.

  In view of the above problems, an object of the present invention is to provide an authentication server, a business server, and an electronic commerce method using these, which can easily and reliably confirm a genuine site and a fake site.

  In order to achieve the above object, the first aspect of the present invention is certified by a first communication network, a plurality of communication terminals connected to the first communication network, a plurality of business server, and an accreditation body. The present invention relates to an electronic commerce method using a system including an authentication server, a second communication network to which an operator server and an authentication server are connected, and a plurality of authentication terminals connected to the second communication network. That is, the electronic commerce method according to the first aspect of the present invention includes (b) storing each piece of company information of a plurality of company servers in the company information storage device of the authentication server; Storing private information of each of the plurality of authentication terminals in the private information storage device of the server; and (c) storing secret information transmitted from the plurality of authentication terminals in the secret information storage device of the authentication server; (D) Business information stored in the business information stored in the business operator information storage device and business information included in the access request received by the business server authentication means of the authentication server from the specific authentication terminal via the second communication network. Verifying the user information and authenticating a specific operator server, and (e) the private information authentication means of the authentication server And a step of collating private information stored in the private information storage device and authenticating a specific authentication terminal, and (f) secret information transmitting means of the authentication server, the business server authentication means is a specific business server And when the private information authenticating means authenticates the specific authentication terminal, the private information authenticating means transmits the secret information stored in the secret information storage device to the specific operator server. Furthermore, in the electronic commerce method according to the first aspect of the present invention, the secret information transmitted to the specific operator server is associated with the specific authentication terminal from the specific operator server via the first communication network. It is transmitted to a specific communication terminal among a plurality of attached communication terminals.

According to a second aspect of the present invention, a first communication network, a plurality of communication terminals connected to the first communication network, a plurality of operator servers, an authentication server certified by an accreditation body, and an operator server, The present invention relates to an electronic commerce method using a system including a second communication network to which an authentication server is connected and a plurality of authentication terminals connected to the second communication network. That is, the electronic commerce method according to the second aspect of the present invention includes: (a) a private information storage device of an enterprise server stores private information of each of a plurality of authentication terminals; The secret information storage device stores the secret information specific to the specific authentication terminal transmitted from the authentication server when the authentication server authenticates the specific authentication terminal and the specific operator server; (c) An authentication image generation unit of the business server generates an image code including an authentication parameter as an authentication image, and transmits the authentication image to a specific communication terminal among a plurality of communication terminals associated with the specific authentication terminal; (D) the authentication parameter storage device of the operator server stores the authentication parameter; and (e) the authentication information verification means of the operator server includes a specific authentication terminal. Determining whether the authentication information acquired from the authentication information includes authentication parameters and the private information included in the authentication information matches the private information of a specific authentication terminal stored in the private information storage device; F) The content editing means of the provider server reads the unique secret information stored in the secret information storage device, edits this unique secret information together with information necessary for the commercial transaction, creates content, and performs specific communication. And delivering to the terminal.
According to a third aspect of the present invention, there is provided a first communication network, a plurality of communication terminals connected to the first communication network, a plurality of operator servers, an authentication server certified by an accreditation body, and an operator server. The present invention relates to an authentication server used in an electronic commerce system including a second communication network to which an authentication server is connected and a plurality of authentication terminals connected to the second communication network. That is, the authentication server according to the third aspect of the present invention includes (a) an operator information storage device storing the operator information of each of the plurality of operator servers, and (b) the private of each of the plurality of authentication terminals. A private information storage device storing information, a secret information storage device storing secret information transmitted from a plurality of authentication terminals, and (c) an access request received from a specific authentication terminal via the second communication network. The business server authentication means for authenticating a specific business server by collating the business information contained in the business information stored in the business information storage device, and (d) private information included in the access request Private information authentication means for verifying a specific authentication terminal by verifying private information stored in a private information storage device, and (e) operator server authentication If the stage authenticates a specific provider server and the private information authenticating means authenticates a specific authentication terminal, the secret information transmission that transmits the secret information stored in the secret information storage device to the specific provider server Means. Furthermore, in the authentication server according to the third aspect of the present invention, the secret information transmitted to the specific operator server is associated with the specific authentication terminal from the specific operator server via the first communication network. The data is transmitted to a specific communication terminal among the plurality of communication terminals.

  According to a fourth aspect of the present invention, there is provided a first communication network, a plurality of communication terminals connected to the first communication network, a plurality of operator servers, an authentication server certified by an accreditation body, and an operator server. The present invention relates to a provider server used in an electronic commerce system including a second communication network to which an authentication server is connected and a plurality of authentication terminals connected to the second communication network. That is, the business entity server according to the fourth aspect of the present invention includes (a) a private information storage device storing private information of each of a plurality of authentication terminals, and (b) an authentication server identified as a specific authentication terminal. When authenticating an operator server, a secret information storage device that stores secret information specific to a specific authentication terminal transmitted from the authentication server and (c) an image code including an authentication parameter is generated as an authentication image and specified. An authentication image generating means for transmitting an authentication image to a specific communication terminal among a plurality of communication terminals associated with the authentication terminal; (d) an authentication parameter storage device for storing the authentication parameter; The authentication information acquired from the authentication terminal includes an authentication parameter, and the private information included in the authentication information is stored in the private information storage device. (F) Read out the unique secret information stored in the secret information storage device and edit this unique secret information together with the information necessary for commercial transactions. Content editing means for creating content and distributing it to a specific communication terminal.

  In order to achieve the above object, the fifth aspect of the present invention has been certified by a first communication network, a plurality of communication terminals connected to the first communication network, a plurality of operator servers, and an accreditation body. The present invention relates to an electronic commerce method using a system including an authentication server, a second communication network to which an operator server and an authentication server are connected, and a plurality of authentication terminals connected to the second communication network. That is, the electronic commerce method according to the fifth aspect of the present invention includes (b) storing each piece of company information of a plurality of company servers in the company information storage device of the authentication server; Storing private information of each of the plurality of authentication terminals in the private information storage device of the server; and (c) storing secret information transmitted from the plurality of authentication terminals in the secret information storage device of the authentication server; (D) Business information stored in the business information stored in the business operator information storage device and business information included in the access request received by the business server authentication means of the authentication server from the specific authentication terminal via the second communication network. Verifying the user information and authenticating the specific operator server, and (e) the private information authenticating means of the authentication server includes the private information included in the access request. And a step of collating private information stored in the private information storage device and authenticating a specific authentication terminal, and (f) a business server authentication unit authenticating a specific business server, and a private information authentication unit However, when authenticating a specific authentication terminal, the authentication parameter generation means of the authentication server generates an authentication parameter, transmits this authentication parameter to the specific operator server and the specific authentication terminal, and the secret information of the authentication server And transmitting the secret information stored in the secret information storage device to a specific operator server. Furthermore, in the electronic commerce method according to the fifth aspect of the present invention, a specific communication terminal among a plurality of communication terminals associated with a specific authentication terminal uses an authentication parameter acquired from the specific authentication terminal, When accessing a specific operator server, after authenticating this authentication parameter, the secret information transmitted to the specific operator server is transmitted from the specific operator server to the specific communication terminal via the first communication network. It is transmitted.

  A sixth aspect of the present invention includes a first communication network, a plurality of communication terminals connected to the first communication network, a plurality of operator servers, an authentication server certified by an accreditation body, and an operator server. The present invention relates to an authentication server used in an electronic commerce system including a second communication network to which an authentication server is connected and a plurality of authentication terminals connected to the second communication network. That is, the authentication server according to the sixth aspect of the present invention includes (a) an operator information storage device storing the operator information of each of the plurality of operator servers, and (b) the private of each of the plurality of authentication terminals. A private information storage device storing information; (c) a secret information storage device storing secret information transmitted from a plurality of authentication terminals; and (d) received from a specific authentication terminal via a second communication network. Service provider authentication means for authenticating a specific service server by verifying service provider information included in the access request and the service provider information stored in the service provider information storage device, and (e) included in the access request Private information authenticating means for authenticating a specific authentication terminal by collating private information with private information stored in a private information storage device, and (f) a service provider When the authentication unit authenticates a specific operator server and the private information authentication unit authenticates a specific authentication terminal, an authentication parameter is generated, and the authentication parameter is transmitted to the specific operator server and the specific authentication terminal. Authentication parameter generation means to be transmitted, and (g) when the business server authentication means authenticates a specific business server and the private information authentication means authenticates a specific authentication terminal, the secret information is sent to the specific business server. And secret information transmitting means for transmitting secret information stored in the storage device. Furthermore, in the authentication server according to the sixth aspect of the present invention, a specific communication terminal among a plurality of communication terminals associated with a specific authentication terminal is specified using an authentication parameter acquired from the specific authentication terminal. When the authentication server is accessed, the authentication information is authenticated, and the secret information transmitted to the specific provider server is transmitted from the specific provider server to the specific communication terminal via the first communication network. It is characterized by being.

  According to a seventh aspect of the present invention, there is provided a first communication network, a plurality of communication terminals connected to the first communication network, a plurality of operator servers, an authentication server certified by an accreditation body, and an operator server. The present invention relates to an electronic commerce method using a system including a second communication network to which an authentication server is connected and a plurality of authentication terminals connected to the second communication network. That is, the electronic commerce method according to the seventh aspect of the present invention includes: (a) a private information storage device of an enterprise server stores private information of each of a plurality of authentication terminals; And (c) storing the secret information specific to the specific authentication terminal transmitted from the authentication server when the authentication server authenticates the specific authentication terminal and the specific operator server, When the authentication server authenticates the specific authentication terminal and the specific business server, the authentication parameter generation means of the business server generates an authentication parameter, transmits the authentication parameter to the specific authentication terminal, Storing authentication parameters in the authentication parameter storage device, and (d) a specific communication terminal among a plurality of communication terminals associated with the specific authentication terminal When the authentication parameter is accessed using the authentication parameter, the authentication information verification unit of the operator server determines whether or not the authentication parameter included in the access matches the authentication parameter stored in the authentication parameter storage device; E) When the authentication parameter match is confirmed, the content editing means of the provider server reads the unique secret information stored in the secret information storage device, and edits this unique secret information together with information necessary for the commercial transaction. And creating content and distributing it to a specific communication terminal.

  According to an eighth aspect of the present invention, there is provided a first communication network, a plurality of communication terminals connected to the first communication network, a plurality of provider servers, an authentication server certified by an accreditation body, and a provider server. The present invention relates to a provider server used in an electronic commerce system including a second communication network to which an authentication server is connected and a plurality of authentication terminals connected to the second communication network. That is, the business entity server according to the eighth aspect of the present invention includes (a) a private information storage device storing private information of each of a plurality of authentication terminals, and (b) an authentication server is identified as a specific authentication terminal. A secret information storage device that stores secret information unique to a specific authentication terminal transmitted from the authentication server, and (c) the authentication server connects the specific authentication terminal and the specific business server. In the case of authentication, an authentication parameter is generated, and an authentication parameter generating means for transmitting the authentication parameter to a specific authentication terminal, (d) an authentication parameter storage device for storing the authentication parameter, (e) a specific authentication terminal, When a specific communication terminal among a plurality of associated communication terminals accesses using an authentication parameter, the authentication parameter included in the access is changed to the authentication parameter. Authentication information matching means for determining whether or not the authentication parameter stored in the meter storage device matches, and (f) unique secret information stored in the secret information storage device when the authentication parameter match is confirmed. And content editing means for editing the unique secret information together with information necessary for commercial transactions to create content and distributing it to a specific communication terminal.

  ADVANTAGE OF THE INVENTION According to this invention, the authentication server which can confirm a genuine site and a fake site simply and reliably, a provider server, and the electronic commerce method using these can be provided.

  Next, first to third embodiments of the present invention will be described with reference to the drawings. In the following description of the drawings, the same or similar parts are denoted by the same or similar reference numerals. However, the first to third embodiments described below exemplify a system for embodying the technical idea of the present invention, a server and a method used in this system, and the technology of the present invention. The philosophy is not limited to the systems exemplified in the following first to third embodiments and the servers and methods used in the systems. The technical idea of the present invention can be variously modified within the technical scope described in the claims.

(First embodiment)
As schematically shown in FIG. 1, the electronic commerce system according to the first embodiment of the present invention is connected to a first communication network 4 a and the first communication network 4 a. A plurality of communication terminals 2a, 2b, ..., 2e, ..., a plurality of operator servers 1a, 1b, ..., 1e, ... The authentication server 5 certified by the accreditation body, the second communication network 4b to which the provider servers 1a, 1b,..., 1e,. A plurality of authentication terminals 3a, 3b, ..., 3e, ... are connected to the communication network 4b. The authentication server 5 corresponds to a server of a so-called “official site”, which is obtained by examining and accrediting information provided by a business operator (server homepage establishment person) by a trusted certification organization.

  Each of the plurality of authentication terminals 3a, 3b,..., 3e,... Is typically a mobile information device such as a mobile phone terminal equipped with a private information storage device 302. The private information includes the ID and password of the authentication terminal itself such as the user ID of the authentication terminal and the portable terminal ID. Furthermore, the private information includes any of the user's name, the user's address, the delivery address of the product, e-mail address, credit card number, bank account name, salary, asset, family composition information, physical characteristics, etc. May be included. The password used as private information may be fingerprint authentication information, but in the first embodiment, it is assumed that it is authentication information that is issued by the business server 1a and cannot be tampered with.

  The first communication network 4a and the second communication network 4b have a relationship in which at least some of the communication networks do not cross each other, as in the case of a PC network (fixed communication network) and a mobile network (mobile communication network). It is a system communication network. For example, if the first communication network 4a is a PC network and the second communication network 4b is a wireless communication network (mobile network) including a digital communication network connected to the Internet via a relay processing device, for example, the PC A part of the network and the Internet are common, and the first communication network 4a and the second communication network 4b are communication networks that do not cross each other. In this case, the second communication network 4b is connected to the plurality of relay processing devices connected to the Internet, the plurality of mobile communication subscriber switches connected to the respective relay processing devices, and the respective mobile communication subscriber switches. It is possible to comprise a plurality of wireless repeaters and a plurality of authentication terminals connected to the respective wireless repeaters. In the second communication network 4b, transmission is made from a plurality of authentication terminals 3a, 3b,..., 3e,..., A, 3b,. The received information is transmitted to the relay processing device via the corresponding wireless relay device and mobile communication subscriber exchange, and the relay processing device mediates data between the Internet and the digital communication network. In the second communication network 4b, the wireless repeater is arranged for each communication area (cell) that is a range where radio waves can be communicated, and a plurality of authentication terminals 3a, 3b,..., 3e,. .. Base stations that directly communicate with radio waves a, 3b,..., 3e,. The mobile communication subscriber exchange has a control function of a radio repeater. The relay processing device moves along the communication area (with the movement of the plurality of authentication terminals 3a, 3b,..., 3e,..., A, 3b,..., 3e,. When the position of the cell) changes, it is called by the wireless repeater and a plurality of authentication terminals 3a, 3b,..., 3e,..., A, 3b,. Always keep track of the location of ... and enable continuous connection to all communications. The relay processing apparatus not only has a connection point to the Internet but also has a connection with another communication carrier such as a subscriber telephone by a POI (interconnection point).

  Each of the plurality of operator servers 1a, 1b,..., 1e,..., The authentication server 5 and the plurality of communication terminals 2a, 2b,. Each is a general computer system including a central processing control device, a memory and the like. Each of the plurality of authentication terminals 3a, 3b,..., 3e,... Is typically a portable information device such as a mobile phone terminal, but the basic structure is a computer system. It is. Therefore, by installing a software program for executing a predetermined process necessary for the electronic commerce system according to the first embodiment in a general computer system, a plurality of business server 1a, 1b,... .., 1e,..., Authentication server 5, a plurality of communication terminals 2a, 2b,..., 2e,..., And a plurality of authentication terminals 3a, 3b,. · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · · ·.

  Therefore, in the electronic commerce system according to the first embodiment, each of the plurality of operator servers 1a, 1b,..., 1e,. Through the first communication network 4a, it becomes possible to trade with one of the plurality of communication terminals 2a, 2b,..., 2e,. Can be connected to any one of the plurality of authentication terminals 3a, 3b,..., 3e,. It is possible to increase the security of commercial transactions by accrediting any of the above. That is, the provider servers 1a, 1b,..., 1e,... Are private information provided in any of the authentication terminals 3a, 3b,. (User side private information) is used to authenticate any of the corresponding communication terminals 2a, 2b,..., 2e,.

  Note that “electronic commerce” in the electronic commerce system according to the first embodiment is not limited to the case where electronic commerce is actually performed, but includes a lottery, application for quizzes, marketing of advertising media, and the like. It is a concept. Accordingly, the plurality of provider servers 1a, 1b,..., 1e,... Described in FIG. In the electronic commerce system according to the embodiment, a plurality of communication terminals 2a, 2b,..., 2e,... And a plurality of provider servers 1a, 1b,. .., 1e,... Are connected to each other via the first communication network 4a and the second communication network 4b to realize open platform technology including various services.

  In the following description, for the sake of convenience, among the plurality of provider servers 1a, 1b, ..., 1e, ..., the provider server 1a, the plurality of communication terminals 2a, 2b, ... .., 2e,..., Communication terminal 2a, a plurality of authentication terminals 3a, 3b,..., 3e,. The server 1a is allowed to perform business transactions with the communication terminal 2a via the first communication network 4a after the authentication server 5 is authorized. At this time, the authentication terminal 3a is connected to the communication terminal via the second communication network 4b. The case where 2a is certified and the security of commercial transactions is enhanced will be described as an example. However, for the sake of convenience, other provider servers 1b, 1c,..., 1e,..., And other communication terminals 2b, 2c,. .., Information processing between the other authentication terminals 3b, 3c,..., 3e,. ..., 1e, ..., other communication terminals 2b, 2c, ..., 2e, ..., other authentication terminals 3b, 3c, ..., 3e, ... Of course, the operations and the like are completely similar processes and operations.

  Further, as can be easily understood from the following description, according to the electronic commerce system according to the first embodiment of the present invention, by using the private information of the authentication terminal 3a, the communication terminal having no private information. 2a can be authenticated, but is not limited to the one-to-one correspondence between the authentication terminal 3a and the communication terminal 2a as illustrated below.

  That is, when considering the first communication network 4a that is a fixed communication network and the second communication network 4b that is a mobile communication network, the user is connected to the second communication network (mobile communication network) 4b and can move. If two authentication terminals 3a are provided, a plurality of communication terminals 2a, 2b, ..., 2e, ... connected to the first communication network (fixed communication network) 4a Authentication can be similarly received via one authentication terminal 3a. Therefore, the plurality of communication terminals 2a, 2b,..., 2e,... Connected to the first communication network (fixed communication network) 4a and the second communication network (mobile communication network). The combination of the plurality of authentication terminals 3a, 3b,..., 3e,... Connected to 4b includes (number of communication terminals) :( number of authentication terminals) = 2: Various combinations including combinations of 1, 3: 1, 4: 1,... Are allowed and can be arbitrarily selected.

  The combination of the first communication network 4a, which is a fixed communication network, and the second communication network 4b, which is a mobile communication network, is an example, and both the first communication network 4a and the second communication network 4b are mobile. Of course, it may be a communication network, and both the first communication network 4a and the second communication network 4b may be fixed communication networks.

<Operator server>
As shown in FIG. 2, the operator server 1a used in the electronic commerce system according to the first embodiment includes an authentication parameter storage device 101, an authentication information storage device 102, a private information storage device 103, a content storage device 104, a secret storage device. Information storage device 105, authentication image generation means 111, authentication information acquisition means 112, authentication information collation means 113, authentication result acquisition means 114, content editing means 115, commercial transaction control means 116, content distribution means 117, secret information acquisition means 118, Input / output control means 121 and the like are provided.

  The authentication parameter storage device 101 is a storage device that stores authentication parameters such as a one-time password for authenticating the authentication terminal 3a. The authentication information storage device 102 is a storage device that stores authentication information for authenticating the authentication terminal 3a transmitted from the authentication terminal 3a. The private information storage device 103 is a storage device that stores in advance private information for authenticating the authentication terminal 3a. The content storage device 104 is a storage device that stores content such as a top page of a web homepage established by the business server 1a, main content below the top page, and content below the main content. The secret information storage device 105 is a storage device that stores secret information such as “password” transmitted from the authentication server 5.

  Upon receiving the authentication confirmation notification for the authentication terminal 3a from the authentication server 5, the authentication image generation unit 111 generates an authentication parameter, generates an image code including the authentication parameter as an authentication image, and transmits the authentication code via the first communication network 4a. It is a logic circuit (module) that transmits to the communication terminal 2 a and further stores the authentication parameter in the authentication parameter storage device 101. The image code including the authentication parameter (authentication image) is preferably a two-dimensional code of various standards such as data matrix, QR code, PDF417, maxi code, Vericode, etc. in terms of information amount (capacity). Not limited to dimensional codes, various figure codes, and 1D codes of various standards such as “JAN”, “ITF”, “CODE39”, “NW-7”, “CODE128”, etc. A combination code such as a stack barcode in which a one-dimensional code such as a barcode is stacked in a two-dimensional code may be used. In addition, although described as “image code including authentication parameters (authentication image)”, in a broader sense, text code (character code) may be used as long as the authentication terminal 3a can decode the information. In the case of a text code, a text code having a large number of digits that cannot be instantaneously decoded (wiretapped) is preferable.

  The “authentication parameter” generated by the authentication image generation unit 111 and stored in the authentication parameter storage device 101 is information including one or more of a random number such as a one-time password and a date and time that can be uniquely specified. The date and time of the authentication parameter may be the date and time when the authentication parameter is generated or the date and time when the authentication request of the communication terminal 2a is received. The authentication parameter storage device 101 may also store a valid date and time that is a time limit for validating the authentication parameter.

  The authentication information acquisition unit 112 acquires the information of the authentication image optically acquired by the authentication terminal 3 a from the communication terminal 2 a via the second communication network 4 b and stores it in the authentication information storage device 102. ). Here, the authentication image information may be character information obtained by decoding the authentication image optically acquired by the authentication terminal 3a from the communication terminal 2a in the authentication terminal 3a, or acquired by the authentication terminal 3a from the communication terminal 2a. The information received as the image code from the authentication terminal 3a may be information decoded by the business server 1a. Further, when the authentication terminal 3a acquires the authentication image information from the communication terminal 2a, the authentication terminal 3a optically captures the authentication image presented on the screen of the communication terminal 2a and decodes it inside the authentication terminal 3a. Also good. Further, the present invention is not limited to the acquisition of optical authentication image information, but infrared communication, various short-range wireless communication, etc. are used between the communication terminal 2a and the authentication terminal 3a, or a removable disk or various recording media is used. By using the authentication terminal 3a, the authentication image data may be acquired.

  The authentication information collating unit 113 refers to the authentication parameter storage device 101, the authentication information storage device 102, and the private information storage device 103, and the authentication image generation unit 111 generates the authentication image information acquired by the authentication information acquisition unit 112. It is determined whether the private information included in the authentication information sent from the authentication terminal 3a matches the private information stored in the private information storage device 103 in advance. , A logic circuit (module) that transmits the result to the communication terminal 2a. Further, if the authentication parameter storage device 101 stores the authentication parameter validity date and time, the date and time included in the authentication information acquired by the authentication information acquisition unit 112 is the validity of the authentication parameter stored in the authentication parameter storage device 101. Authentication may be permitted before the date and time, and authentication may be disabled when the authentication parameter is after the valid date and time.

  The authentication result acquisition unit 114 is a logic circuit (module) that acquires the authentication result of the authentication terminal 3a and the business server 1a in the authentication server 5 from the authentication server 5. The secret information acquisition unit 118 confirms that the authentication result acquisition unit 114 authenticates the authentication terminal 3a and the business server 1a from the authentication server 5, and then acquires the secret information from the authentication server 5. (Module). Here, the “secret information” may be character information such as secret words, or may be an image code such as a specific figure or a two-dimensional code. The secret information acquired by the secret information acquisition unit 118 from the authentication server 5 is stored in the secret information storage device 105.

  The content editing means 115 reads out (extracts) the secret information acquired from the authentication server 5 and stored in the secret information storage device 105, and edits it with, for example, information necessary for commercial transactions on the web top page or main content A logic circuit (module) stored in the content storage device 104. The web top page and main content stored in the content storage device 104 are distributed by the content distribution means 117 to the communication terminal 2a via the first communication network 4a. The content editing unit 115 edits the main content of the web and the content below it as information necessary for the business transaction, and the content below the main content is stored in the content storage device 104 as well. Content below the main content stored in the content storage device 104 is also distributed by the content distribution means 117 to the communication terminal 2a via the first communication network 4a. Further, the content editing unit 115 edits the authentication image generated by the authentication image generation unit 111 into, for example, a web top page and stores it in the content storage device 104. Then, the content distribution unit 117 performs the first communication. You may make it deliver to the communication terminal 2a via the network 4a.

  The commercial transaction control means 116 is a logic circuit (module) that executes various processes such as order processing and settlement processing necessary for commercial transactions, using the main contents of the web and the contents below it.

  The input / output control means 121 controls the input and output of the operator server 1a, and the first communication network 4a, the second communication network 4b, the authentication image generation means 111, the authentication information acquisition means 112, the authentication information collation means 113 is a logic circuit (module) that transmits the information to means such as authentication result acquisition means 114, content editing means 115, commercial transaction control means 116, content distribution means 117, and secret information acquisition means 118.

<Authentication server>
As shown in FIG. 3, the authentication server 5 used in the electronic commerce system according to the first embodiment includes an operator information storage device 501, a private information storage device 502, a secret information storage device 503, and an operator server registration means 511. Provider server authentication unit 512, private information registration unit 513, private information authentication unit 514, secret information registration unit 515, secret information transmission unit 516, input / output control unit 521, and the like.

  The business entity information storage device 501 is a business of each of a plurality of business enterprise servers 1a, 1b, ..., 1e, ... that has entered the electronic commerce system according to the first embodiment. This is a storage device for storing person information in advance. The company information includes a plurality of company servers 1a, 1b,..., 1e,..., Respective company IDs, company servers 1a, 1b,. ... including own ID and password. Further, the business operator information may include any information such as the business name, business address, email address, bank account name, and the like. The private information storage device 502 is a storage device that stores in advance private information for authenticating each of the plurality of authentication terminals 3a, 3b,..., 3e,. The secret information storage device 503 registers (stores) secret information such as “secret words” transmitted in advance from a plurality of authentication terminals 3a, 3b,..., 3e,. It is.

  The operator server registration means 511 examines information provided by the operators of the plurality of operator servers 1a, 1b,..., 1e,. A logical circuit (module) that stores in advance business operator information identifying a plurality of business server servers 1a, 1b,..., 1e,. It is. The provider server authentication unit 512 collates the provider information included in the access request received via the second communication network 4b with the provider information stored in the provider information storage device 501 in advance, and It is a logic circuit (module) that authenticates the operator server. As described above, in the explanation of the electronic commerce according to the first embodiment, since the operator server 1a, the communication terminal 2a, and the authentication terminal 3a are focused on, respectively, the authentication terminal 3a to the operator server 1a When the authentication server 5 receives the access request including the provider information via the second communication network 4b, the provider server authentication unit 512 of the authentication server 5 receives the provider information included in the received access request and the business in advance. The company information stored in the company information storage device 501 is collated to authenticate the company server 1a.

  The private information registration means 513 includes a plurality of authentication terminals 3a, 3b,..., 3e,... That use the electronic commerce system according to the first embodiment via the second communication network 4b. .. Is a logic circuit (module) that receives in advance private information for authenticating each of these and registers them in the private information storage device 502. The private information authenticating means 514 verifies the private information included in the access request received via the second communication network 4b and the private information stored in the private information storage device 502 in advance to authenticate a specific authentication terminal. It is a logic circuit (module). For example, when the authentication server 5 receives an access request from the authentication terminal 3a via the second communication network 4b, the private information authenticating means 514 of the authentication server 5 reads the business operator information included in the received access request and the business information in advance. The operator information stored in the person information storage device 501 is collated to authenticate the authentication terminal 3a.

  The secret information registration unit 515 receives unique secret information transmitted from each of the plurality of authentication terminals 3a, 3b,..., 3e,... Via the second communication network 4b. These are logic circuits (modules) that are registered in the secret information storage device 503, respectively. The secret information transmission means 516 authenticates a specific provider server by collating the provider information included in the access request by the provider server authentication means 512 with the provider information stored in the provider information storage device 501 in advance. When the private information authentication unit 514 collates the private information included in the access request with the private information stored in advance in the private information storage device 502 and authenticates a specific authentication terminal, this specific operator server Is a logic circuit (module) that transmits the corresponding unique secret information stored in the secret information storage device 503. For example, the secret information transmission unit 516 authenticates the operator server 1a by verifying the operator information by the operator server authentication unit 512, and authenticates the authentication terminal 3a by verifying the private information by the private information authentication unit 514. In this case, secret information unique to the authentication terminal 3a stored in the secret information storage device 503 is extracted and transmitted to the provider server 1a.

  The input / output control unit 521 controls the input and output of the authentication server 5, and the first communication network 4a, the second communication network 4b, the business server registration unit 511, the business server authentication unit 512, and private information registration. It is a logic circuit (module) that transmits the information to means such as means 513, private information authentication means 514, secret information registration means 515, secret information transmission means 516, and the like.

<Communication terminal>
As shown in FIG. 1, the communication terminal 2a using the electronic commerce system according to the first embodiment includes an authentication image data storage device 201, an authentication image receiving unit 211, an authentication image presenting unit 212, a content receiving unit 214, Commercial transaction data editing means 215 and the like are provided.

  The authentication image reception unit 211 is a logic circuit (module) that receives the authentication image generated by the authentication image generation unit 111 of the provider server 1 a illustrated in FIG. 2 and stores the authentication image in the authentication image data storage device 201.

  The authentication image presenting means 212 displays an authentication image data stored in the authentication image data storage device 201 on the screen of the display device of the communication terminal 2a, and performs an electronic circuit for performing an electronic process for presenting the authentication image data to the authentication terminal 3a. Software (module) that executes the processing. As the display device of the communication terminal 2a, a known display device such as a liquid crystal display (LCD) or a cathode ray tube (CRT) can be used.

  The content receiving means 214 receives the top page of the web distributed by the content distribution means 117 of the provider server 1a via the first communication network 4a, the main content in the lower layer, and the content in the lower layer, and the communication terminal. 2a is an electronic circuit displayed on the screen of the display device 2a and software (module) for executing the processing.

  The commercial transaction data editing means 215 uses the web main content displayed on the screen of the display device of the communication terminal 2a and the contents below it to perform various kinds of order processing and settlement processing necessary for electronic commerce with the business server 1a. This is a logic circuit (module) that executes the process.

<Authentication terminal>
The authentication terminal 3a using the electronic commerce system according to the first embodiment is preferably a mobile terminal, but is not limited to a mobile terminal. In the case of a mobile terminal, a camera-equipped mobile terminal equipped with a solid-state imaging camera using an image sensor is suitable as the authentication terminal 3a. In any case, as shown in FIG. 1, the authentication terminal 3a that uses the electronic commerce system according to the first embodiment includes an authentication image data storage device 301, a private information storage device 302, an authentication image acquisition unit 311, an authentication Information transmitting means 312 is provided.

  The authentication image acquisition unit 311 is used to store a camera that captures an image displayed on the display device of the communication terminal 2a by the authentication image presenting unit 212 of the communication terminal 2a and the captured image in the authentication image data storage device 301. Software necessary for the electronic circuit and its processing. If the authentication terminal 3a is a portable terminal, a CCD image sensor or a COMS image sensor can be used as the authentication image acquisition means 311. Further, a composite image sensor having a CCD image sensor on the outside and a COMS image sensor on the inside may be used. As already described, various codes such as a data matrix, QR code, PDF417, maxi code, veri code, etc. can be used for the authentication image. If the camera has 1 million pixels or more, preferably 300,000 pixels or more, and preferably 1 million pixels or more, it functions as the authentication image acquisition unit 311. However, in a broader sense, the authentication image acquisition unit 311 does not need to take an image, and any unit may be used as long as the authentication image transmitted to the communication terminal 2a can be acquired by the authentication terminal 3a.

  The authentication image data storage device 301 is a storage device for temporarily storing the code read from the authentication image acquisition unit 311. For example, a flash RAM or the like can be adopted as these storage devices.

  The private information storage device 302 is a storage device that stores private information unique to the authentication terminal 3a. As already described, the private information includes the ID and password of the authentication terminal 3a itself such as the user ID of the authentication terminal 3a and the portable terminal ID. Furthermore, the private information includes any of the user's name, the user's address, the delivery address of the product, e-mail address, credit card number, bank account name, salary, asset, family composition information, physical characteristics, etc. May be included.

  The authentication information transmission means 312 edits the private information stored in the private information storage device 302 and the image information stored in the authentication image data storage device 301 to create authentication information, and uses this authentication information for the second communication. A processor that executes processing to be transmitted to the operator server 1a via the network 4b, and includes logical circuits such as telephone function control means, image code decoding means, and data editing means as its logical configuration. Here, the telephone function control means is a logic circuit that performs processing necessary to control the telephone function of a conventional standard portable terminal. Voice communication control, various setting processes, function control provided for the mobile terminal, and the like are performed by the input device, the transmission device, and the reception device. The image code decoding means is a logic circuit that acquires the data read by the authentication image acquisition means 311 and performs processing necessary to check whether the image code (two-dimensional code) is valid. Further, the image code decoding means is a logic circuit that performs processing necessary to convert the image code (two-dimensional code) read by the authentication image acquisition means 311 into character data. By passing through the image code decoding means, the image code (two-dimensional code) can be converted (decoded) from simple image data to computer-readable data. The data editing means is a logic circuit that performs processing at the meta level necessary for editing and integrating the private information stored in the private information storage device 302 and the authentication parameters obtained from the image code decoding means. Authentication information goes out to the business server 1a. Details of the processing at the “meta level” are described in US Pat. No. 6,269,365 and US Pat. No. 6,138,116.

  A database system that can be used by multiple product provider terminals that provide different services on an open platform is based on a three-level structure of “application level”, “local level”, and “meta level” interposed between them. It is a “heterogeneous database integration system” composed of The top-level “application level” is a layer in which multiple product provider terminals of an arbitrary industry are directly involved in an arbitrary service (commerce) on an open platform. Is the level to build. In the open platform, a plurality of product provider terminals and corresponding mobile terminals make inquiries about information necessary for each service (commercial transaction) through application software, and obtain the results. Application software first describes or converts the data required for services (commerce) on open platforms into a predefined format (hereinafter referred to as “script format”) in a heterogeneous database integration system, and then issues it to the lower level meta level. And obtain the result of the inquiry. Hereinafter, an inquiry expressed in a script format is simply referred to as a “script”.

  The “local level” at the lowest level includes a plurality of databases and database management systems (hereinafter referred to as “database systems”) individually connected to a plurality of product provider terminals of different industries connected to a multi-database environment. This is a layer having a generic name. Each database system is individually managed, operated, inquired, updated, managed, etc. in a closed environment or closed system corresponding to the service contents of multiple product provider terminals in different industries. It is a possible database system. However, each database system existing at the local level generally has a database processing system unique to the system, and the same operation procedure for each database is not guaranteed.

  The “meta level” located in the intermediate layer of the three-layer structure is a system including a meta database system including a script interpretation device, a meta database, and a meta database management system provided in the processing control device. In each database system existing at the meta level, the script query received from the application level is first interpreted by the script interpreter, and communicated with the database system existing at the meta level and the database system existing at the local level. That is, after being converted into a format further defined in the heterogeneous database integration system (hereinafter referred to as “meta-primitive format”) by the script interpreter, this is inquired and issued to the database system existing at the meta level and local level, Get the result. In this way, the application level and the meta level are interfaced by a script, and the meta level and the local level are interfaced by a query converted into a meta primitive format, and are connected to each other.

  That is, the data editing means forming a part of the authentication information transmitting means 312 has functions of editing integration and structuring at the meta level of private information and authentication parameters. Here, in addition to the metadata, action information required for each transaction (action) is embedded in the image code in which the authentication parameter is embedded. For this reason, when the action information included in the image code is optically read (in accordance with the command of the read action information), the edit integration process in the meta-level database system is automatically started. That is, in order to enable various commercial transactions on the open platform, the data editing means forming a part of the authentication information transmitting means 312 edits and integrates authentication parameters and private information at the meta level according to the read action information command. can do.

<Electronic commerce method>
Next, the electronic commerce method according to the first embodiment of the present invention will be described with reference to the flowcharts shown in FIGS.

  (A) First, in step S101 of FIG. 4, the authentication server 5 is a provider of a plurality of provider servers 1a, 1b,..., 1e,. The information provided by is reviewed according to the prescribed examination guidelines. Although a part of this examination may be performed by a human, the authentication server 5 can examine a necessary item with a predetermined software program. Then, using the business server registration means 511 of the authentication server 5, only business servers 1a, 1b,..., 1e,. 1a, 1b,..., 1e,... Are registered (stored) in the provider information storage device 501 using the provider information that identifies each other. Here, it is assumed that the business operator server 1 a is registered in the business operator information storage device 501. Further, in step S102, the private information registration means 513 of the authentication server 5 uses a plurality of authentication terminals 3a, 3b,... That use the electronic commerce system according to the first embodiment via the second communication network 4b. .., 3e,... Sequentially receive private information for authenticating each of the authentication terminals 3a, 3b,..., 3e,. Registration is sequentially performed in the information storage device 502. Here, it is assumed that the private information of the authentication terminal 3 a is registered in the private information storage device 502.

  (B) Next, in step S103 of FIG. 4, the secret information registering unit 515 of the authentication server 5 performs a plurality of authentications in which private information has already been registered in the private information storage device 502 via the second communication network 4b. The unique secret information sequentially transmitted from each of the terminals 3a, 3b, ..., 3e, ... is received and registered in the secret information storage device 503 sequentially. Here, it is assumed that the secret information of the authentication terminal 3 a is registered in the secret information storage device 503.

  (C) Then, in step S104 of FIG. 4, it is assumed that there is a request for access to the operator server 1a from the authentication terminal 3a to the authentication server 5 via the second communication network 4b. When there is an access request from the authentication terminal 3a to the business server 1a, the business server authentication means 512 of the authentication server 5 in step S201, the business information of the business server 1a included in the received access request and the business in advance. The operator information of the operator server 1a stored in the operator information storage device 501 is collated to authenticate the operator server 1a. Further, in step S201, the private information authenticating means 514 of the authentication server 5 obtains the private information of the authentication terminal 3a included in the received access request and the private information of the authentication terminal 3a previously stored in the private information storage device 502. Verification is performed to authenticate the authentication terminal 3a. In step S201, if the business server authentication unit 512 cannot authenticate the trader information of the business server 1a, or if the private information authentication unit 514 cannot authenticate the private information of the authentication terminal 3a, an error (non-authentication) occurs in the authentication terminal 3a. Is displayed, and the subsequent processing is terminated. On the other hand, if the vendor information of the operator server 1a and the private information of the authentication terminal 3a are authenticated in step S201, the secret information transmission means 516 of the authentication server 5 performs the communication between the operator server 1a and the authentication terminal 3a in step S202. At the same time as the notification of completion of authentication to the business server 1a, secret information unique to the authentication terminal 3a stored in the secret information storage device 503 is transmitted to the business server 1a. Notification of the completion of authentication between the business server 1a and the authentication terminal 3a may be made by transmitting secret information to the business server 1a.

  (D) When the authentication result acquisition means 114 of the business server 1a receives the secret information of the authentication terminal 3a, the business server 1a is informed by the secret information acquisition means 118 of the business server 1a in step S203 of FIG. At the same time that the secret information is stored in the information storage device 105, the authentication parameter generation unit 111 is used to generate an authentication parameter including information such as a one-time password and date and time, and stores the authentication parameter in the authentication parameter storage device 101. The authentication image generation unit 111 further generates an image code including an authentication parameter as an authentication image. In step S204, the business server 1a transmits the generated authentication image to the communication terminal 2a.

  (E) When the authentication image receiving unit 211 of the communication terminal 2a receives the authentication image from the business server 1a, the communication terminal 2a stores the received image in the authentication image data storage device 201, and further the authentication image presenting unit 212. The received image is displayed (presented) on the display device of the communication terminal 2a in step S205 of FIG.

  (F) When the authentication image is presented on the display device of the communication terminal 2a by the authentication image presenting means 212 in step S205, the authentication image acquisition means 311 of the authentication terminal 3a is displayed on the display device of the communication terminal 2a in step S206 of FIG. The authentication image displayed (presented) is taken and stored in the authentication image data storage device 301. Further, in step S207 of FIG. 5, the data editing means forming part of the authentication information transmitting means 312 of the authentication terminal 3a stores the authentication image information stored in the authentication image data storage device 301 and the private information storage device 302. The authentication information is created by editing and integrating the private information of the authenticated terminal 3a at the meta level. In step S208 of FIG. 5, the authentication information transmission unit 312 of the authentication terminal 3a transmits the created authentication information to the business server 1a.

  (G) When the authentication information acquisition unit 112 of the provider server 1a receives the authentication information from the authentication terminal 3a via the second communication network 4b, the authentication information acquisition unit 112 stores the received authentication information in the authentication information storage Store in device 102. As already described, the authentication image information may be character information obtained by decoding the authentication image optically acquired by the authentication terminal 3a from the communication terminal 2a in the authentication terminal 3a, or the authentication of the operator server 1a. Information obtained by decoding the image data in the information acquisition unit 112 may be used. Further, in step S209 of FIG. 5, the operator server 1a uses the authentication information matching unit 113 to store the authentication parameters of the authentication terminal 3a stored in the authentication parameter storage device 101 in advance, and the authentication terminal 3a stored in advance in the private information storage device 103. Are compared with the authentication parameters of the authentication terminal 3a and the private information of the authentication terminal 3a included in the authentication information stored in the authentication information storage device 102, respectively.

  (H) If the authentication information verification unit 113 cannot authenticate the authentication terminal 3a in step S209, an error (non-authentication) is displayed on the authentication terminal 3a, and the subsequent processing is terminated. On the other hand, in step S209, if the authentication information collating unit 113 authenticates the authentication terminal 3a as a regular authentication terminal, the content editing unit 115 of the business server 1a causes the secret of the business server 1a in step S301 of FIG. The secret information stored in the information storage device 105 is read (extracted), edited, for example, on the web top page or main content, together with information necessary for commercial transactions, and stored in the content storage device 104. The top page and main content of the web stored in the content storage device 104 and possibly the contents below it are communicated by the content distribution means 117 via the first communication network 4a in step S302 of FIG. Delivered to the terminal 2a.

  (I) In step S303 of FIG. 5, the content receiving means 214 of the communication terminal 2a is configured to display the top page of the web distributed from the provider server 1a via the first communication network 4a, the main content below it, The content or the like is received and displayed on the screen of the display device of the communication terminal 2a. If the user of the communication terminal 2a cannot confirm the secret information on the screen of the display device of the communication terminal 2a in step S304 of FIG. 5, the owner of the business server 1a is a fake business operator. Exit. In step S304 of FIG. 5, if the user of the communication terminal 2a can confirm the secret information on the screen of the display device of the communication terminal 2a, the user of the business server 1a is authenticated as a legitimate business operator, and the process proceeds to step S305. move on. In step S305, the user of the communication terminal 2a uses the commercial transaction data editing means 215 of the communication terminal 2a, and uses the main content of the web displayed on the screen of the display device of the communication terminal 2a and the content below it to the business server Various processes such as order processing and settlement processing necessary for electronic commerce with 1a are executed. Since the procedure after step S305 is the same as the normal electronic commerce by information processing between the commerce data editing unit 215 of the communication terminal 2a and the commerce control unit 116 of the business server 1a, the description thereof is omitted.

  According to the electronic commerce method according to the first embodiment of the present invention, it is possible to easily and reliably authenticate an authentic site while performing authentication on the two networks of the first communication network 4a and the second communication network 4b. Can see fake sites.

  That is, according to the electronic commerce method according to the first embodiment, the authentication terminal 3a acquires the authentication image information transmitted to the communication terminal 2a via the first communication network 4a, and the authentication terminal 3a acquires the authentication image. The authentication server 5 authenticates the communication terminal 2a by authenticating the authentication image generated by sending the authentication image information back to the operator server 1a via the second communication network 4b. Check whether the operator information of the original operator server 1a and the private information of the authentication terminal 3a match, and if they match, display secret information that only the client can know on the display device of the communication terminal 2a. Therefore, the secret information can be displayed only when the provider server 1a is a genuine site, and authenticity determination can be easily and reliably performed.

  Furthermore, if the situation (environment) is a combination of the first communication network 4a that is a fixed communication network and the second communication network 4b that is a mobile communication network, the authentication terminal 3a that is originally a mobile terminal (portable terminal). In the communication terminal 2a, which is a fixed terminal with a rich user interface, the information that must be input in the first communication network (fixed communication network) is input in a high security level. ) It can be transmitted to the operator server 1a via 4a.

<Electronic Commerce Method According to First Modification of First Embodiment>
Next, an electronic commerce method according to a first modification of the first embodiment of the present invention will be described with reference to the flowcharts shown in FIGS. The system configuration used for the electronic commerce method according to the first modification of the first embodiment of the present invention is as shown in FIGS.

  (A) The processing from step S101 to step S203 in FIG. 6, that is, the secret information transmission means 516 of the authentication server 5 is specific to the authentication terminal 3a stored in the secret information storage device 503 in step S202 in FIG. The secret information of the authentication terminal 3a is acquired by the authentication result acquisition unit 114 of the provider server 1a. In step S203 of FIG. 6, the provider server 1a acquires the secret information of the authentication terminal 3a. A series of procedures until 118 stores the secret information in the secret information storage device 105 of the provider server 1a and simultaneously generates an authentication image using the authentication image generation unit 111 and stores it in the authentication parameter storage device 101 is as follows. 4 is completely the same as the series of procedures from step S101 to step S203 in FIG.

  (B) In the electronic commerce method according to the first modification of the first embodiment, the content editing unit 115 of the business server 1a edits the authentication image embedded in the top page of the web in step S213 of FIG. Processing is performed to create first content (for example, a web top page). Thereafter, in step S214 of FIG. 6, the business entity server 1a transmits the first content in which the generated authentication image is embedded to the communication terminal 2a.

  (C) When the content receiving unit 214 of the communication terminal 2a receives the first content from the provider server 1a, the content receiving unit 214 extracts the authentication image embedded in the received first content, and the authentication image data storage device Store in 201. Furthermore, the communication terminal 2a uses the content receiving unit 214 to display (present) the received first content on the display device of the communication terminal 2a in step S215 of FIG.

  (D) When the first content is displayed (presented) on the display device of the communication terminal 2a in step S215, the authentication image acquisition means 311 of the authentication terminal 3a displays on the display device of the communication terminal 2a in step S216 of FIG. The authentication image embedded in the (presented) first content is photographed and stored in the authentication image data storage device 301. Further, in step S217 of FIG. 7, the data editing means forming a part of the authentication information transmitting means 312 of the authentication terminal 3a stores the authentication image information stored in the authentication image data storage device 301 and the private information storage device 302. The authentication information is created by editing and integrating the private information of the authenticated terminal 3a at the meta level. In step S218 of FIG. 7, the authentication information transmitting unit 312 of the authentication terminal 3a transmits the created authentication information to the business server 1a.

  (E) When the authentication information acquisition unit 112 of the provider server 1a receives the authentication information from the authentication terminal 3a via the second communication network 4b, the authentication information acquisition unit 112 stores the received authentication information in the authentication information storage Store in device 102. Further, in step S219 of FIG. 7, the operator server 1a uses the authentication information matching unit 113 to store the authentication parameters of the authentication terminal 3a stored in the authentication parameter storage device 101 in advance, and the authentication terminal 3a stored in the private information storage device 103 in advance. Are compared with the authentication parameters of the authentication terminal 3a included in the authentication information stored in the authentication information storage device 102 and the private information of the authentication terminal 3a.

  (F) If the authentication information collating unit 113 cannot authenticate the authentication terminal 3a in step S219, an error (non-authentication) is displayed on the authentication terminal 3a, and the subsequent processing is terminated. On the other hand, if the authentication information collating unit 113 authenticates the authentication terminal 3a as a regular authentication terminal in step S219, the content editing unit 115 of the business server 1a is set to the secret of the business server 1a in step S311 of FIG. The secret information stored in the information storage device 105 is read (extracted), edited to the second content (for example, the main content of the web) together with information necessary for commercial transactions, and stored in the content storage device 104. The top page and main content (second content) of the web stored in the content storage device 104 and possibly lower-layer content are sent to the first communication network 4a in step S312 of FIG. Is distributed to the communication terminal 2a.

  (G) In step S313 of FIG. 7, the content receiving means 214 of the communication terminal 2a displays the top page of the web distributed from the provider server 1a via the first communication network 4a and the main content (second content) below it. ), The lower layer contents and the like are received and displayed on the screen of the display device of the communication terminal 2a. If the user of the communication terminal 2a cannot confirm the secret information in the main content (second content) on the screen of the display device of the communication terminal 2a in step S314 in FIG. 7, the owner of the business server 1a is a fake business operator. Therefore, the subsequent processing is terminated. In step S314 of FIG. 7, if the user of the communication terminal 2a can confirm the confidential information in the main content (second content) on the screen of the display device of the communication terminal 2a, the owner of the business server 1a is a legitimate business operator. And the process proceeds to step S315. In step S315, the user of the communication terminal 2a uses the commercial transaction data editing means 215 of the communication terminal 2a, and uses the main content of the web displayed on the screen of the display device of the communication terminal 2a and the content below it to the business server Various processes such as order processing and settlement processing necessary for electronic commerce with 1a are executed. Since the procedure after step S315 is the same as the normal electronic commerce by information processing between the commerce data editing unit 215 of the communication terminal 2a and the commerce control unit 116 of the business server 1a, the description thereof is omitted.

  According to the electronic commerce method according to the first modification of the first embodiment of the present invention, the first communication network 4a and the second communication network 4a are similar to those of the first embodiment shown in FIGS. The authentic site and the fake site can be easily and reliably confirmed while performing authentication with the two networks of the communication network 4b.

  That is, according to the electronic commerce method according to the first modification of the first embodiment, the authentication image information included in the first content transmitted to the communication terminal 2a via the first communication network 4a is authenticated. The communication terminal 2a is authenticated by sending back the authentication image information acquired by the terminal 3a to the operator server 1a via the second communication network 4b. Further, when the authentication server 5 certified by a certain trusted certification authority confirms whether all of the business information of the business server 1a that is the authentication image generation source matches the private information of the authentication terminal 3a, and matches Since the secret information that only the client can know is edited to be embedded in the second content and displayed on the display device of the communication terminal 2a, it is embedded in the second content only when the provider server 1a is a genuine site. Confidential information can be confirmed, and authenticity determination can be made easily and reliably.

<Electronic Commerce Method According to Second Modification of First Embodiment>
Next, an electronic commerce method according to a second modification of the first embodiment of the present invention will be described with reference to the flowcharts shown in FIGS. The system configuration used for the electronic commerce method according to the second modification of the first embodiment of the present invention is as shown in FIGS.

  (A) The processing from step S101 to step S103 in FIG. 8, that is, the secret information registration means 515 of the authentication server 5 is connected to the plurality of authentication terminals 3a, 3b,... Via the second communication network 4b. .., 3e,..., 3e,... Are sequentially received, and the series of procedures for sequentially registering them in the secret information storage device 503 is performed in steps S101 to S101 in FIG. Since the series of steps up to step S103 is exactly the same, redundant description is omitted. In step S104 of FIG. 4, the case has been described where there is an access request to the operator server 1a from the authentication terminal 3a to the authentication server 5 via the second communication network 4b, but the second modification of the first embodiment is provided. In the electronic commerce method according to the example, a case will be described in which an access request to the business server 1a is directly made from the communication terminal 2a in step S220.

  (B) When the business server 1a receives the access request in step S220, in step S221 in FIG. 8, the business server 1a uses the authentication image generation unit 111 to perform authentication including information such as a one-time password and date / time. An image is generated and stored in the authentication parameter storage device 101. Further, in step S222, the operator server 1a transmits the generated authentication image to the communication terminal 2a.

  (C) When the authentication image receiving unit 211 of the communication terminal 2a receives the authentication image from the business server 1a, the communication terminal 2a stores the received image in the authentication image data storage device 201 and further the authentication image presenting unit 212. The received image is displayed (presented) on the display device of the communication terminal 2a in step S223 of FIG.

  (D) When the authentication image is presented by the authentication image presenting means 212 on the display device of the communication terminal 2a in step S223, the authentication image acquisition means 311 of the authentication terminal 3a is displayed on the display device of the communication terminal 2a in step S224 of FIG. The authentication image displayed (presented) is taken and stored in the authentication image data storage device 301. Further, in step S225 of FIG. 8, the data editing means forming part of the authentication information transmitting means 312 of the authentication terminal 3a stores the authentication image information stored in the authentication image data storage device 301 and the private information storage device 302. The authentication information is created by editing and integrating the private information of the authenticated terminal 3a at the meta level. In step S226 of FIG. 8, the authentication information transmitting unit 312 of the authentication terminal 3a transmits the created authentication information to both the authentication server 5 and the operator server 1a.

  (E) In step S226, when the authentication information acquisition unit 112 of the provider server 1a receives the authentication information from the authentication terminal 3a via the second communication network 4b, the authentication information acquisition unit 112 receives the received authentication information. Is stored in the authentication information storage device 102. On the other hand, when the authentication server 5 receives the authentication information from the authentication terminal 3a, the operator server authentication means 512 of the authentication server 5 preliminarily stores the operator information of the operator server 1a included in the received authentication information in step S227. The company information of the company server 1a stored in the company information storage device 501 is collated to authenticate the company server 1a. Further, in step S227, the private information authenticating means 514 of the authentication server 5 obtains the private information of the authentication terminal 3a included in the received authentication information and the private information of the authentication terminal 3a previously stored in the private information storage device 502. Verification is performed to authenticate the authentication terminal 3a. In step S227, if the business server authentication unit 512 cannot authenticate the trader information of the business server 1a, or if the private information authentication unit 514 cannot authenticate the private information of the authentication terminal 3a, an error (non-authentication) occurs in the authentication terminal 3a. Is displayed, and the subsequent processing is terminated. On the other hand, if the provider information of the operator server 1a and the private information of the authentication terminal 3a are authenticated in step S227, the secret information transmitting means 516 of the authentication server 5 performs the communication between the operator server 1a and the authentication terminal 3a in step S228. At the same time that the notification of authentication completion is sent to the business server 1a, secret information unique to the authentication terminal 3a stored in the secret information storage device 503 is sent to the business server 1a (transmission of secret information to the business server 1a) (It is good also as notification of the completion of authentication with the provider server 1a and the authentication terminal 3a). In step S228, when the authentication result acquisition unit 114 of the business server 1a receives the secret information from the authentication terminal 3a, the business server 1a stores the secret information acquisition unit 118 in the secret information storage device 105 of the business server 1a. Store confidential information.

  (F) On the other hand, if the authentication information acquisition means 112 of the provider server 1a receives the authentication information from the authentication terminal 3a via the second communication network 4b in step S226 of FIG. 8, the authentication of the provider server 1a The information acquisition unit 112 stores the received authentication information in the authentication information storage device 102. Further, in step S229 of FIG. 9, the operator server 1a uses the authentication information matching unit 113 to store the authentication parameters of the authentication terminal 3a stored in the authentication parameter storage device 101 in advance, and the authentication terminal 3a stored in the private information storage device 103 in advance. Are compared with the authentication parameters of the authentication terminal 3a and the private information of the authentication terminal 3a included in the authentication information stored in the authentication information storage device 102, respectively. If the authentication information verification unit 113 cannot authenticate the authentication terminal 3a, an error (non-authentication) is displayed on the authentication terminal 3a, and the subsequent processing is terminated. On the other hand, if the authentication information collating unit 113 authenticates the authentication terminal 3a as a regular authentication terminal in step S229, the content editing unit 115 of the business server 1a is set to the secret of the business server 1a in step S301 of FIG. The secret information stored in the information storage device 105 is read (extracted), edited, for example, on the web top page or main content, together with information necessary for commercial transactions, and stored in the content storage device 104. The top page and main content of the web stored in the content storage device 104 and possibly lower layer content are communicated by the content distribution unit 117 via the first communication network 4a in step S302 of FIG. Delivered to the terminal 2a.

  (G) In step S303 of FIG. 9, the content receiving unit 214 of the communication terminal 2a is configured to display the top page of the web distributed from the provider server 1a via the first communication network 4a, the main content below it, The content or the like is received and displayed on the screen of the display device of the communication terminal 2a. If the user of the communication terminal 2a cannot confirm the confidential information on the screen of the display device of the communication terminal 2a in step S304 in FIG. 9, the owner of the business server 1a is a fake business operator. Exit. In step S304 of FIG. 9, if the user of the communication terminal 2a can confirm the secret information on the screen of the display device of the communication terminal 2a, the user of the business server 1a is authenticated as a legitimate business operator, and the process proceeds to step S305. move on. In step S305, the user of the communication terminal 2a uses the commercial transaction data editing means 215 of the communication terminal 2a, and uses the main content of the web displayed on the screen of the display device of the communication terminal 2a and the content below it to the business server Various processes such as order processing and settlement processing necessary for electronic commerce with 1a are executed. Since the procedure after step S305 is the same as the normal electronic commerce by information processing between the commerce data editing unit 215 of the communication terminal 2a and the commerce control unit 116 of the business server 1a, the description thereof is omitted.

  According to the electronic commerce method according to the second modification of the first embodiment of the present invention, while performing authentication in the two networks of the first communication network 4a and the second communication network 4b, You can be sure of authentic sites and fake sites. That is, according to the electronic commerce method according to the first embodiment, the authentication terminal 3a acquires the authentication image information transmitted to the communication terminal 2a via the first communication network 4a, and the authentication terminal 3a acquires the authentication image. The communication terminal 2a is authenticated by sending back the authentication image information sent back to the operator server 1a via the second communication network 4b. Further, when the authentication server 5 certified by a certain trusted certification authority confirms whether all of the business information of the business server 1a that is the authentication image generation source matches the private information of the authentication terminal 3a, and matches Since the secret information that only the client can know is displayed on the display device of the communication terminal 2a, the secret information can be displayed only when the business server 1a is a genuine site, and authenticity determination can be performed easily and reliably.

(Second Embodiment)
In the case of the electronic commerce system and the electronic commerce method according to the first embodiment of the present invention, when the authentication server 5 authenticates the authentication terminal 3a or the operator server 1a, the authentication terminal 3a via the second communication network 4b. Request from is essential. However, considering the combination of the first communication network 4a, which is a fixed communication network, and the second communication network 4b, which is a mobile communication network, radio interference due to changes in sunspots, natural disasters, etc. There may be a situation where the second communication network (mobile communication network) 4b cannot be used for reasons such as when radio waves do not reach the authentication terminal 3a which is a mobile terminal (portable terminal).

  The electronic commerce system and the electronic commerce method according to the second embodiment of the present invention use a first communication network 4a that is a fixed communication network and a second communication network 4b that is a mobile communication network. When the authentication terminal 3a, which is a terminal (mobile terminal), moves to an area where the second communication network (mobile communication network) 4b cannot be used, or for some reason, the second communication network (mobile communication network) 4b temporarily Even when an unusable time zone occurs, it is possible to authenticate the business server 1a and the communication terminal 2a via the first communication network (fixed communication network) 4a, and easily and reliably authentic sites and fake sites. Provide confirmed and highly secure electronic commerce.

  The entire basic logical configuration is the same as that of the electronic commerce system according to the first embodiment shown in FIG. 1, and the electronic commerce system according to the second embodiment of the present invention is also a fixed communication network. First communication network 4a and communication terminals 2a, 2b,..., 2e,... Which are a plurality of fixed terminals connected to the first communication network 4a. 1a, 1b,..., 1e,..., An authentication server 5 certified by a specific accredited authority, and these operator servers 1a, 1b,. ... and a second communication network 4b which is a mobile communication network to which the authentication server 5 is connected, and authentication terminals 3a and 3b which are a plurality of mobile terminals (portable terminals) connected to the second communication network 4b. , ..., 3e ..... equipped and the like. In the first embodiment, the authentication server 5 is a so-called “official site” server or the like, which is obtained by examining and accrediting information provided by a business operator (server homepage establishment person) by a trusted certification organization. It is the same.

  Each of the plurality of authentication terminals 3a, 3b,..., 3e,... Has an authentication image data storage device 301, a private information storage device 302, an authentication image acquisition unit 311 as shown in FIG. Since it is a mobile terminal such as a mobile phone terminal provided with the authentication information transmitting means 312 and the details are as described in the first embodiment of the present invention, a duplicate description is omitted. Each of the plurality of communication terminals 2a, 2b, ..., 2e, ... includes an authentication image data storage device 201, an authentication image receiving means 211, an authentication image presenting means as shown in FIG. 212 is a fixed terminal (computer system) provided with a content receiving unit 214, a commercial transaction data editing unit 215, and the like, and the details are as described in the first embodiment, and thus a duplicate description is omitted.

  As in the first embodiment, the “electronic commerce” in the electronic commerce system according to the second embodiment is not limited to the case where an electronic commerce is actually performed, and lottery and quiz applications, It is a broad concept including marketing of advertising media. Therefore, the operator servers 1a, 1b,..., 1e,... According to the second embodiment are various and many operator servers including different types of business. In the electronic commerce system according to the embodiment, a plurality of communication terminals 2a, 2b,..., 2e,. .., 1e,... Are connected to each other via a first communication network (fixed communication network) 4a and a second communication network (mobile communication network) 4b, and an open platform including various services Realize the technology.

  In the following description, for the sake of convenience, among the plurality of provider servers 1a, 1b, ..., 1e, ..., the provider server 1a, the plurality of communication terminals 2a, 2b, ... .., 2e,..., Exemplary communication terminal 2a and a plurality of authentication terminals 3a, 3b,..., 3e,. , But other business servers 1b, 1c,..., 1e,..., Other communication terminals 2b, 2c,. ..., information processing between the other authentication terminals 3b, 3c,..., 3e,..., And commercial transactions based on the information processing, and further these other provider servers 1b, 1c,. ..., 1e, ..., other communication terminals 2b, 2c, ..., 2e, ..., other authentication terminals 3b, 3c, ... ·, 3e, each of operations of ..... is it is quite similar processing and operations are the same as in the first embodiment.

<Operator server>
As shown in FIG. 10, the operator server 1a used in the electronic commerce system according to the second embodiment includes an authentication parameter storage device 101, an authentication information storage device 102, a content storage device 104, a secret information storage device 105, and an access. Image storage device 106, authentication information acquisition means 112, authentication information collation means 113, authentication result acquisition means 114, content editing means 115, commercial transaction control means 116, content distribution means 117, secret information acquisition means 118, input / output control means 121, Access image generation means 131, authentication parameter acquisition means 132, and the like are provided. Among these, the authentication parameter storage device 101, the authentication information storage device 102, the content storage device 104, the secret information storage device 105, the authentication information acquisition unit 112, the authentication information collation unit 113, the authentication result acquisition unit 114, the content editing unit 115, and the commercial transaction. Since the control means 116, the content distribution means 117, the secret information acquisition means 118, and the input / output control means 121 are as described in the first embodiment, redundant description is omitted.

  The access image storage device 106 is a storage device that stores access image data, which is an image code including business information necessary for accessing the business server 1a.

  The access image generation unit 131 generates an image code including business information necessary for accessing the business server 1a as an access image, and transmits it to the communication terminal 2a via the first communication network (fixed communication network) 4a. Furthermore, it is a logic circuit (module) that stores the generated access image in the access image storage device 106 of the business server 1a. The image code for realizing the access image is preferably a two-dimensional code of various standards such as a data matrix, QR code, PDF417, maxi code, Vericode, etc. in terms of information amount (capacity). There is no limitation, and various graphic codes and various one-dimensional codes such as “JAN”, “ITF”, “CODE39”, “NW-7”, “CODE128”, etc. A combination code such as a stack barcode obtained by stacking such one-dimensional codes like a two-dimensional code may be used. Note that the access image may be a text code (character code) as long as it can describe information necessary for accessing the business server 1a in a broader sense. In the case of a text code, a text code having a large number of digits that cannot be instantaneously decoded (wiretapped) is preferable.

  The authentication parameter acquisition unit 132 receives and acquires the plurality of authentication parameters generated by the authentication server 5 via the first communication network (fixed communication network) 4a, and further acquires the acquired plurality of authentication parameters. It is a logic circuit (module) that stores authentication parameters in the authentication parameter storage device 101.

<Authentication server>
As shown in FIG. 11, the authentication server 5 used in the electronic commerce system according to the second embodiment includes an operator information storage device 501, a private information storage device 502, a secret information storage device 503, a mail address storage device 504, Authentication parameter storage device 505, business server registration unit 511, business server authentication unit 512, private information registration unit 513, private information authentication unit 514, secret information registration unit 515, secret information transmission unit 516, input / output control unit 521, A mail address acquisition unit 531, an authentication parameter transmission unit 532, an authentication parameter generation unit 533, and the like are provided. Among these, the authentication parameter storage device 101, the authentication information storage device 102, the content storage device 104, the secret information storage device 105, the authentication information acquisition unit 112, the authentication information collation unit 113, the authentication result acquisition unit 114, the content editing unit 115, and the commercial transaction. Since the control means 116, the content distribution means 117, the secret information acquisition means 118, and the input / output control means 121 are as described in the first embodiment, redundant description is omitted.

  The mail address storage device 504 is a storage device that stores the email address of the authentication terminal 3a. The authentication parameter storage device 505 includes a plurality of authentications that can be transmitted via the first communication network 4a even when the authentication terminal 3a, which is a mobile terminal, moves to a place where the second communication network 4b is disconnected. A storage device for storing parameters. The “authentication parameter” is a temporary password with an expiration date. The authentication parameter storage device 505 also stores various dates and times that are the basis of the expiration date of the authentication parameter. Various “date and time” include the date and time when the authentication parameter is generated, the date and time when the authentication request is received from the communication terminal 2a, and the like.

  The authentication parameter generation means 533 generates a plurality of necessary authentication parameters when the vendor information of the business server 1a and the private information of the authentication terminal 3a are authenticated, and further generates the generated authentication parameters as an authentication parameter storage device 505. Is a logic circuit (module) to be stored. The authentication parameter transmission unit 532 is a logic circuit (module) that transmits the authentication parameter generated by the authentication parameter generation unit 533 to both the authentication terminal 3a and the operator server 1a. The mail address acquisition means 531 is a logic circuit (module) that automatically acquires the electronic mail address of the authentication terminal 3a when the authentication server 5 receives the authentication information from the authentication terminal 3a.

<Electronic Commerce Method According to Second Embodiment>
Next, an electronic commerce method according to the second embodiment of the present invention will be described with reference to the flowcharts shown in FIGS.

  (A) The process from step S101 to step S103 in FIG. 12, that is, the secret information registration means 515 of the authentication server 5 receives a plurality of authentication terminals 3a, 3b,... Via the second communication network 4b. A series of procedures from receiving unique secret information sequentially transmitted from each of 3..., 3e,... And sequentially registering them to the secret information storage device 503 is the first embodiment. Since the series of procedures from step S101 to step S103 of FIG. 4 described in the electronic commerce method according to FIG. The electronic commerce method according to the second embodiment will be described from the stage where an access request for the business server 1a is made directly from the communication terminal 2a in step S230.

  (B) When the business server 1a receives the access request in step S230, in step S231 in FIG. 12, the business server 1a uses the access image generation unit 131 to access including business information of the business server 1a. An image is generated and stored in the access image storage device 106. Further, in step S232, the operator server 1a transmits the generated access image to the communication terminal 2a.

  (C) When the authentication image receiving unit 211 of the communication terminal 2a receives the access image from the provider server 1a, the communication terminal 2a stores the received image in the authentication image data storage device 201, and further the authentication image presenting unit 212. The received access image is displayed (presented) on the display device of the communication terminal 2a in step S233 of FIG.

  (D) When the access image is presented by the authentication image presenting means 212 on the display device of the communication terminal 2a in step S233, the access image acquisition means 311 of the authentication terminal 3a is displayed on the display device of the communication terminal 2a in step S234 of FIG. The access image displayed (presented) is taken and stored in the authentication image data storage device 301. Further, in step S235 of FIG. 12, the data editing means forming part of the authentication information transmitting means 312 of the authentication terminal 3a stores the access image information stored in the authentication image data storage device 301 and the private information storage device 302. The authentication information is created by editing and integrating the private information of the authenticated terminal 3a at the meta level. Then, in step S236 of FIG. 12, the authentication information transmitting unit 312 of the authentication terminal 3a transmits the created authentication information to the authentication server 5.

  (E) When the authentication server 5 receives the authentication information from the authentication terminal 3a in step S236, the authentication server 5 automatically acquires the email address of the authentication terminal 3a using the mail address acquisition means 531 in step S237, It is stored in the mail address storage device 504. Further, in step S238, the business server authentication unit 512 of the authentication server 5 stores the business server information of the business server 1a included in the received authentication information and the business server stored in the business server information storage device 501 in advance. The operator information of 1a is collated and the operator server 1a is authenticated. Further, in step S238, the private information authenticating means 514 of the authentication server 5 obtains the private information of the authentication terminal 3a included in the received authentication information and the private information of the authentication terminal 3a previously stored in the private information storage device 502. Verification is performed to authenticate the authentication terminal 3a. In step S238, if the business server authentication unit 512 cannot authenticate the trader information of the business server 1a, or if the private information authentication unit 514 cannot authenticate the private information of the authentication terminal 3a, an error (non-authentication) occurs in the authentication terminal 3a. Is displayed, and the subsequent processing is terminated.

  (F) On the other hand, if the vendor information of the operator server 1a and the private information of the authentication terminal 3a are authenticated in step S238, the expiration date is used using the authentication parameter generation means 533 of the authentication server 5 in step S239 of FIG. Generate multiple authentication parameters such as temporary passwords. Furthermore, if the vendor information of the operator server 1a and the private information of the authentication terminal 3a are authenticated in step S238, the secret information transmission means 516 of the authentication server 5 performs the communication between the operator server 1a and the authentication terminal 3a in step S240. At the same time that the notification of authentication completion is sent to the business server 1a, secret information specific to the authentication terminal 3a stored in the secret information storage device 503 is sent to the business server 1a (transmission of secret information to the business server 1a) (It is good also as notification of the completion of authentication with the provider server 1a and the authentication terminal 3a). In step S239 of FIG. 13, the plurality of authentication parameters generated by the authentication parameter generation unit 533 are written in the authentication parameter storage device 505. Further, in step S241, the authentication server 5 uses the authentication parameter transmission unit 532 to transmit the generated plurality of authentication parameters to the authentication terminal 3a, and in step S242, transmits the generated plurality of authentication parameters to the operator server 1a. To do. The authentication parameter acquisition unit 132 of the business server 1a receives and acquires the transmitted authentication parameter, and stores the acquired plurality of authentication parameters in the authentication parameter storage device 101.

  (G) When the authentication terminal 3a receives the plurality of authentication parameters transmitted in step S241 from the operator server 1a, the authentication terminal 3a sends the plurality of authentication parameters to the display device of the authentication terminal 3a in step S243 of FIG. Display (present). In step S244 of FIG. 13, the user of the communication terminal 2a acquires a plurality of authentication parameters displayed on the display device of the authentication terminal 3a by visual observation or the like. The acquisition of the authentication parameter of the communication terminal 2a is not limited to the visual observation of the human being, but the communication terminal 2a and the authentication terminal 3a use infrared communication, various short-range wireless communication, etc. The authentication terminal 3a may acquire authentication image data using a disk or various recording media. Alternatively, an optical reading unit such as a CCD camera may be provided as an attachment on the communication terminal 2a side, and the authentication terminal 3a may optically acquire a plurality of authentication parameters using the optical reading unit. If the authentication terminal 3a optically acquires a plurality of authentication parameters, the plurality of authentication parameters are displayed on the display device of the authentication terminal 3a in the form of an image code, and the optical reading means of the communication terminal 2a An image code in which a plurality of authentication parameters are embedded may be acquired. The user of the communication terminal 2a that has acquired the plurality of authentication parameters selects a specific authentication parameter from among the plurality of authentication parameters, and together with the selected authentication parameter, in step S245 in FIG. To access.

  (H) When the authentication information acquisition unit 112 of the provider server 1a receives the authentication parameter from the communication terminal 2a via the second communication network 4b in step S245 of FIG. 13, the authentication information acquisition unit 112 acquires the authentication information of the provider server 1a. The means 112 stores the received authentication parameter in the authentication information storage device 102. Further, in step S246 of FIG. 13, the operator server 1a uses the authentication information collating unit 113 to store the authentication parameters of the authentication terminal 3a stored in the authentication parameter storage device 101 in advance, and the authentication parameters stored in the authentication information storage device 102. Compare authentication parameters and verify authentication parameters. If the authentication information verification unit 113 cannot authenticate the authentication parameter, an error (non-authentication) is displayed on the communication terminal 2a, and the subsequent processing is terminated. On the other hand, if the authentication information collating unit 113 authenticates the authentication parameter in step S246, the content editing unit 115 of the business server 1a is stored in the secret information storage device 105 of the business server 1a in step S301 of FIG. The read secret information is read (extracted), edited on the top page or main content of the web, for example, together with information necessary for commercial transactions, and stored in the content storage device 104. The top page and main content of the web stored in the content storage device 104 and possibly the contents below it are communicated by the content distribution means 117 via the first communication network 4a in step S302 of FIG. Delivered to the terminal 2a.

  (I) In step S303 of FIG. 13, the content receiving means 214 of the communication terminal 2a is configured to display the top page of the web distributed from the provider server 1a via the first communication network 4a, the main content in the lower layer, and the lower layer in the lower layer. The content or the like is received and displayed on the screen of the display device of the communication terminal 2a. If the user of the communication terminal 2a cannot confirm the confidential information on the screen of the display device of the communication terminal 2a in step S304 in FIG. 13, the owner of the business server 1a is a fake business operator. Exit. In step S304 of FIG. 13, if the user of the communication terminal 2a can confirm the secret information on the screen of the display device of the communication terminal 2a, the user of the business server 1a is authenticated as a legitimate business operator, and the process proceeds to step S305. move on. In step S305, the user of the communication terminal 2a uses the commercial transaction data editing means 215 of the communication terminal 2a, and uses the main content of the web displayed on the screen of the display device of the communication terminal 2a and the content below it to the business server Various processes such as order processing and settlement processing necessary for electronic commerce with 1a are executed. Since the procedure after step S305 is the same as the normal electronic commerce by information processing between the commerce data editing unit 215 of the communication terminal 2a and the commerce control unit 116 of the business server 1a, the description thereof is omitted.

  According to the electronic commerce method according to the second embodiment of the present invention, the case where the authentication terminal 3a is located in a place where the second communication network 4b is disconnected, the case of equipment maintenance and natural disasters are included. Even if the second communication network 4b is temporarily unavailable for some reason, the communication can be performed by acquiring authentication parameters that can be transmitted via the first communication network 4a in advance. Direct and safe business transactions between the terminal 2a and the business server 1a are possible. That is, it is accompanied by an authentication process using the second communication network 4b by acquiring in advance a plurality of authentication parameters issued with an expiration date at a time via the second communication network 4b. In addition, a direct and safe commercial transaction is possible between the communication terminal 2a and the business server 1a via the first communication network 4a. Furthermore, the authentic site and the fake site can be confirmed easily and reliably while performing authentication with the two systems of the first communication network 4a and the second communication network 4b.

  In the electronic commerce method according to the second embodiment, a predetermined character string may be combined with the authentication parameter in order to increase the security strength of the authentication parameter distributed via the second communication network 4b. For example, a rule of “put“ T ”in front of the third character and“ H ”in front of the fourth character” is set in advance, and the authentication server 5 passes through the second communication network 4b. When the character string “guess” is distributed, the actual authentication parameter (password) transmitted to the business server 1a via the first communication network 4a is “guTeHss”.

<Automatic e-mail address acquisition>
When registering the mobile mail address in the authentication terminal 3a on the authentication server 5 side, generally, the URL described in the e-mail sent from the authentication terminal 5a to the authentication server 5 once sent from the authentication terminal 3a The authentication server 3 is again accessed from the authentication terminal 3a. If the authentication terminal 3a has set reception rejection as a spam mail countermeasure, the reply mail from the authentication server 5 is not delivered to the authentication terminal 3a, so this flow is not completed.

  The automatic e-mail address acquisition method described below avoids such a problem, and the mobile phone e-mail address of the authentication server 5 can be surely registered even when reception refusal is set in the authentication terminal 3a. Is. In a normal implementation, the authentication terminal 3a can register the e-mail address of the authentication server 5 by only the following three steps.

  (A) For example, when the access image is presented by the authentication image presentation unit 212 on the display device of the communication terminal 2a in step S233 of FIG. 12, the access image acquisition unit 311 of the authentication terminal 3a performs communication in step S234 of FIG. When the access image displayed (presented) on the display device of the terminal 2a is taken, a page as shown in FIG. 14A is guided to the screen of the display device of the authentication terminal 3a.

  (B) When the “mail transmission” button is pressed on the page shown in FIG. 14A, the mail software is automatically started as shown in FIG. 14B, and the e-mail address of the authentication server 5 is changed. Is displayed. As shown in FIG. 14B, when a “send” button is pressed on a page on which a predetermined format and an e-mail address are displayed, the mail transmission is completed and the mail software is automatically terminated. Move to the page shown in. In step S236 of FIG. 12, the authentication information transmitting unit 312 of the authentication terminal 3a transmits the generated authentication information to the authentication server 5, but more generally (apart from the electronic commerce method according to the second embodiment). “Empty mail” may be transmitted to the authentication server 5.

  (C) When the “Confirm” button is pressed on the page shown in FIG. 15C, the e-mail address is displayed on the page shown in FIG. Further, when the “Register” button is pressed on the page shown in FIG. 15C, the displayed e-mail address is automatically registered (acquired), and the page shown in FIG. 15D is displayed. Transition. More generally, even when “blank mail” is transmitted to the authentication server 5, the electronic mail address of the authentication server 5 can be automatically acquired in this manner. However, even if it is referred to as “blank mail”, in practice, only a few commands to be executed on the authentication server 5 side are embedded in the text.

  Conversely, the above three steps are the same when the authentication server 5 registers the e-mail address of the authentication terminal 3a.

  The above method leaves the electronic commerce method according to the second embodiment, guides the user to the member registration page, etc., on the display device of the authentication terminal 3a, and then registers the e-mail address of the member registration page establishment person It can also be applied to more general environments such as scenes. That is, the same applies to a case where a blank mail is transmitted by pressing a button displaying “mail to: ○○ △△ ○” on the member registration page. When the server opening the member registration page receives the mail, it immediately interprets it and displays the e-mail address on the page viewed by the user on the display device of the authentication terminal 3a. Then, as in the above procedure, send a blank e-mail to the displayed e-mail address, press the e-mail address confirmation button, confirm the e-mail address displayed at that time, and press the registration button to register as a member You can automatically obtain the email address of the server that opened the page.

(Third embodiment)
As in the second embodiment, the electronic commerce system and the electronic commerce method according to the third embodiment of the present invention are the first communication network 4a that is a fixed communication network and the second communication network that is a mobile communication network. When the communication network 4b is used, even when the authentication terminal 3a, which is a mobile terminal (portable terminal), moves to an area where the second communication network (mobile communication network) 4b cannot be used, the first communication network (fixed communication) It is possible to authenticate the business server 1a and the communication terminal 2a via the network) 4a, and provide highly secure electronic commerce in which a genuine site and a fake site are confirmed easily and reliably.

  In the electronic commerce system and the electronic commerce method according to the second embodiment, the authentication server 5 generates the authentication parameter. However, the business server 1a has the electronic commerce system and the electronic commerce method according to the third embodiment. A case where an authentication parameter is generated and transmitted to the authentication terminal 3a will be described. The basic logical configuration as a whole is the same as the electronic commerce system according to the first and second embodiments shown in FIG. 1, but the electronic commerce system according to the third embodiment of the present invention is the same as the electronic commerce system according to the third embodiment of the present invention. First communication network 4a that is a fixed communication network and communication terminals 2a, 2b,..., 2e, which are a plurality of fixed terminals connected to the first communication network 4a. , A plurality of operator servers 1a, 1b,..., 1e,..., An authentication server 5 certified by a specific trusted authority, and these operator servers 1a, 1b,. .., 1e,... And a second communication network 4b, which is a mobile communication network to which the authentication server 5 is connected, and a plurality of mobile terminals (portable terminals) connected to the second communication network 4b. Authentication terminals 3a and 3b ..., it provided 3e, the ..... like. The authentication server 5 corresponds to a server of a so-called “official site”, which is obtained by examining and accrediting information provided by a business operator (server homepage establishment person) by a trusted certification organization.

  Each of the plurality of authentication terminals 3a, 3b, ..., 3e, ... and the plurality of communication terminals 2a, 2b, ..., 2e, ... This is the same as the electronic commerce system according to the second embodiment, and redundant description is omitted. Similarly to the first and second embodiments, the “electronic commerce” in the electronic commerce system according to the third embodiment is not limited to the case where an electronic commerce is actually performed. It is a broad concept including application of quizzes, marketing of advertising media, etc., and it realizes open platform technology including various services.

  In the following description, for convenience, among the plurality of provider servers 1a, 1b, ..., 1e, ..., the provider server 1a, the plurality of communication terminals 2a, 2b, ... .., 2e,..., Exemplary communication terminal 2a and a plurality of authentication terminals 3a, 3b,..., 3e,. , But other business servers 1b, 1c,..., 1e,..., Other communication terminals 2b, 2c,. .., Other authentication terminals 3b, 3c,..., 3e,... Are similar in processing and operation as in the first and second embodiments. is there.

  As shown in FIG. 16, the operator server 1a used in the electronic commerce system according to the third embodiment includes an authentication parameter storage device 101, an authentication information storage device 102, a content storage device 104, a secret information storage device 105, and an access. Image storage device 106, mail address storage device 107, authentication information acquisition means 112, authentication information collation means 113, authentication result acquisition means 114, content editing means 115, commercial transaction control means 116, content distribution means 117, secret information acquisition means 118, An input / output control unit 121, an access image generation unit 131, an authentication parameter acquisition unit 132, an authentication parameter generation unit 141, a mail address acquisition unit 142, and the like are provided. Among these, the authentication parameter storage device 101, the authentication information storage device 102, the content storage device 104, the secret information storage device 105, the access image storage device 106, the authentication information acquisition unit 112, the authentication information collation unit 113, the authentication result acquisition unit 114, The content editing unit 115, the commercial transaction control unit 116, the content distribution unit 117, the secret information acquisition unit 118, the input / output control unit 121, the access image generation unit 131, and the authentication parameter acquisition unit 132 have been described in the second embodiment. Since it is as it is, the duplicate description is abbreviate | omitted.

  The mail address storage device 107 of the provider server 1a according to the third embodiment is a storage device that stores the electronic mail address of the authentication terminal 3a. Even if the authentication terminal 3a, which is a mobile terminal, moves to a place where the second communication network 4b is disconnected, the authentication parameter generation unit 141 of the business server 1a transmits via the first communication network 4a. A logic circuit (module) that generates a plurality of authentication parameters and that stores the generated authentication parameters in the authentication parameter storage device 101. The “authentication parameter” is a temporary password with an expiration date, as in the second embodiment. The authentication parameter storage device 101 also stores various dates and times that are the basis of the expiration date of the authentication parameter. Various “date and time” include the date and time when the authentication parameter is generated, the date and time when the authentication request is received from the communication terminal 2a, and the like. The mail address acquisition means 531 of the business server 1a is a logic circuit (module) that automatically acquires the electronic mail address of the authentication terminal 3a when the business server 1a receives the authentication information from the authentication terminal 3a.

  As shown in FIG. 16, the operator server 1a is provided with a mail address storage device 107, an authentication parameter generation means 141, and a mail address acquisition means 142, so that the electronic commerce system according to the third embodiment In the configuration of the authentication server 5 to be used, the mail address storage device 504, the mail address acquisition unit 531, the authentication parameter transmission unit 532, the authentication parameter generation unit in the configuration of the authentication server 5 according to the second embodiment shown in FIG. Therefore, the configuration of the authentication server 5 according to the third embodiment is a configuration corresponding to the configuration of the authentication server 5 according to the first embodiment shown in FIG.

<Electronic commerce method according to the third embodiment>
Next, an electronic commerce method according to a third embodiment of the present invention will be described with reference to the flowcharts shown in FIGS.

  (A) The processing from step S101 to step S255 in FIG. 17, that is, the data editing means that forms part of the authentication information transmitting means 312 of the authentication terminal 3a performs access image information stored in the authentication image data storage device 301. And a series of procedures until the authentication information is created by editing and integrating the private information of the authentication terminal 3a stored in the private information storage device 302 at the meta level has been described in the electronic commerce method according to the second embodiment. 12 is completely the same as the series of steps from step S101 to step S235 in FIG. In the electronic commerce method according to the third embodiment, in step S256 of FIG. 17, the authentication information transmitting unit 312 of the authentication terminal 3a transmits the created authentication information to both the authentication server 5 and the operator server 1a. It explains from.

  (B) As a result of the process in step S256, when the business server 1a receives the authentication information from the authentication terminal 3a, the business server 1a uses the mail address acquisition unit 142 in step S257 to send the e-mail address of the authentication terminal 3a. Is automatically acquired and stored in the mail address storage device 107.

  (C) On the other hand, when the authentication server 5 receives the authentication information from the authentication terminal 3a as a result of the process of step S256, the business server authentication means 512 of the authentication server 5 determines that the business included in the received authentication information in step S258. The operator information of the operator server 1a and the operator information of the operator server 1a stored in the operator information storage device 501 in advance are collated to authenticate the operator server 1a. Further, in step S258, the private information authenticating means 514 of the authentication server 5 obtains the private information of the authentication terminal 3a included in the received authentication information and the private information of the authentication terminal 3a previously stored in the private information storage device 502. Verification is performed to authenticate the authentication terminal 3a. In step S258, if the business server authentication unit 512 cannot authenticate the trader information of the business server 1a, or if the private information authentication unit 514 cannot authenticate the private information of the authentication terminal 3a, an error (non-authentication) occurs in the authentication terminal 3a. Is displayed, and the subsequent processing is terminated. On the other hand, if the vendor information of the operator server 1a and the private information of the authentication terminal 3a are authenticated in step S258, the secret information transmitting means 516 of the authentication server 5 performs the communication between the operator server 1a and the authentication terminal 3a in step S259. At the same time that the notification of authentication completion is sent to the business server 1a, secret information unique to the authentication terminal 3a stored in the secret information storage device 503 is sent to the business server 1a (transmission of secret information to the business server 1a) (It is good also as notification of the completion of authentication with the provider server 1a and the authentication terminal 3a).

  (D) On the other hand, when the secret information is transmitted from the authentication server 5 to the business server 1a in step S259, the business server 1a activates the authentication parameter generation unit 141 of the business server 1a in step S260 of FIG. Used to generate multiple authentication parameters such as temporary passwords with expiration dates. In step S260 of FIG. 18, the plurality of authentication parameters generated by the authentication parameter generation unit 141 are written in the authentication parameter storage device 101. Further, in step S261, the operator server 1a transmits the generated plurality of authentication parameters to the authentication terminal 3a.

  (E) When the authentication terminal 3a receives the plurality of authentication parameters transmitted in step S261 from the operator server 1a, the authentication terminal 3a transmits the plurality of authentication parameters to the display device of the authentication terminal 3a in step S262 of FIG. Display (present). In step S263 of FIG. 18, the user of the communication terminal 2a obtains a plurality of authentication parameters displayed on the display device of the authentication terminal 3a by visual observation. Similar to the second embodiment, the acquisition of the authentication parameter of the communication terminal 2a is not limited to the visual observation of the human being, but the infrared communication or various near-field between the communication terminal 2a and the authentication terminal 3a. The authentication terminal 3a may acquire authentication image data using distance wireless communication or the like, or using a removable disk or various recording media. Alternatively, an optical reading unit such as a CCD camera may be provided as an attachment on the communication terminal 2a side, and the authentication terminal 3a may optically acquire a plurality of authentication parameters using the optical reading unit. If the authentication terminal 3a optically acquires a plurality of authentication parameters, the plurality of authentication parameters are displayed on the display device of the authentication terminal 3a in the form of an image code, and the optical reading means of the communication terminal 2a An image code in which a plurality of authentication parameters are embedded may be acquired. The user of the communication terminal 2a that has acquired the plurality of authentication parameters selects a specific authentication parameter from among the plurality of authentication parameters, and together with the selected authentication parameter, in step S264 in FIG. To access.

  (F) When the authentication information acquisition unit 112 of the provider server 1a receives the authentication parameter from the communication terminal 2a via the second communication network 4b in step S264 of FIG. 18, the authentication information acquisition of the provider server 1a is acquired. The means 112 stores the received authentication parameter in the authentication information storage device 102. Further, in step S265 of FIG. 18, the operator server 1a includes the authentication parameter of the authentication terminal 3a stored in the authentication parameter storage device 101 in advance by the authentication information matching unit 113, and the authentication parameter stored in the authentication information storage device 102. Compare authentication parameters and verify authentication parameters. If the authentication information verification unit 113 cannot authenticate the authentication parameter, an error (non-authentication) is displayed on the communication terminal 2a, and the subsequent processing is terminated. On the other hand, if the authentication information collating unit 113 authenticates the authentication parameter in step S265, the content editing unit 115 of the business server 1a is stored in the secret information storage device 105 of the business server 1a in step S301 of FIG. The secret information is read (extracted), edited, for example, on the top page or main content of the web together with information necessary for commercial transactions, and stored in the content storage device 104. The top page and the main content of the web stored in the content storage device 104 and possibly the contents below it are communicated by the content distribution means 117 via the first communication network 4a in step S302 of FIG. Delivered to the terminal 2a.

  (I) In step S303 in FIG. 18, the content receiving means 214 of the communication terminal 2a is configured to display the top page of the web distributed from the provider server 1a via the first communication network 4a, the main content in the lower layer, and the lower layer in the lower layer. The content or the like is received and displayed on the screen of the display device of the communication terminal 2a. In step S304 in FIG. 18, if the user of the communication terminal 2a cannot confirm the secret information on the screen of the display device of the communication terminal 2a, the owner of the business server 1a is a fake business operator. Exit. In step S304 in FIG. 18, if the user of the communication terminal 2a can confirm the confidential information on the screen of the display device of the communication terminal 2a, the user of the business server 1a is authenticated as a legitimate business operator, and the process proceeds to step S305. move on. In step S305, the user of the communication terminal 2a uses the commercial transaction data editing means 215 of the communication terminal 2a, and uses the main content of the web displayed on the screen of the display device of the communication terminal 2a and the content below it to the business server Various processes such as order processing and settlement processing necessary for electronic commerce with 1a are executed. Since the procedure after step S305 is the same as the normal electronic commerce by information processing between the commerce data editing unit 215 of the communication terminal 2a and the commerce control unit 116 of the business server 1a, the description thereof is omitted.

  According to the electronic commerce method according to the third embodiment of the present invention, when the authentication terminal 3a is moved (positioned) to a place where the second communication network 4b is disconnected, the maintenance of the device, or a natural disaster. Even if the second communication network 4b is temporarily unavailable for some reason including the above, an authentication parameter that can be transmitted via the first communication network 4a should be acquired in advance. Thus, a direct and safe commercial transaction between the communication terminal 2a and the business server 1a is possible. That is, it is accompanied by an authentication process using the second communication network 4b by acquiring in advance a plurality of authentication parameters issued with an expiration date at a time via the second communication network 4b. In addition, a direct and safe commercial transaction is possible between the communication terminal 2a and the business server 1a via the first communication network 4a. Furthermore, the authentic site and the fake site can be confirmed easily and reliably while performing authentication with the two systems of the first communication network 4a and the second communication network 4b.

  In the electronic commerce method according to the third embodiment, a predetermined character string may be combined with the authentication parameter in order to increase the security strength of the authentication parameter distributed via the second communication network 4b. For example, a rule that “Q” is placed before the third character and “R” is placed before the fifth character ”is set in advance, and the second communication network 4b is set from the business server 1a. When the character string “guess” is distributed via the first communication network 4a, the actual authentication parameter (password) transmitted to the operator server 1a is “guQesRs”.

(Other embodiments)
As described above, the present invention has been described according to the first to third embodiments. However, it should not be understood that the description and drawings constituting a part of this disclosure limit the present invention. From this disclosure, various alternative embodiments, examples and operational techniques will be apparent to those skilled in the art.

For example, in the electronic commerce method according to the first embodiment, in step S203 of FIG. 4, the authentication image generation unit 111 of the business server 1a generates an authentication parameter including information such as a one-time password and date and time. The case where the image code including the authentication parameter is generated as the authentication image, and the business server 1a transmits the generated authentication image to the communication terminal 2a in step S204 has been described. However, in the electronic commerce system and the electronic commerce method according to the second embodiment, the case where the authentication server 5 generates an authentication parameter will be described. In the electronic commerce system and the electronic commerce method according to the third embodiment, Similarly to the case where the operator server 1a generates the authentication parameter and transmits it to the authentication terminal 3a, similarly, in the electronic commerce method according to the first embodiment, at the timing equivalent to step S203 in FIG. The authentication server 5 may generate the authentication parameter or the authentication image, and transmit the authentication image from the authentication server 5 to both the communication terminal 2a and the operator server 1a at a timing equivalent to step S204 (for this reason) The authentication server 5 of the electronic commerce system according to the first embodiment is equivalent to the authentication image generation unit 111 of the business server 1a. It is a matter of course that there is a necessity with the witness image generating means, and the like.).
In the description of the first to third embodiments, particularly the description of the second and third embodiments, the case where a mobile terminal is used as the authentication terminal 3a has been exemplarily described. However, the authentication terminal 3a is a mobile terminal. Not necessarily. In addition to the portable terminal, a PHS, a PDA, a notebook computer, an electronic notebook or the like having an image reading function may be used. In addition, electronic devices such as a camera including a digital camera, a game machine, a car navigation device, a scanner, and a printer may be used. Furthermore, a structure that is built in or integrated into a part of a wristwatch, glasses, belt, shoes, or the like that can be worn or carried on the body may be used.

  As described above, the present invention naturally includes various embodiments not described herein. Therefore, the technical scope of the present invention is defined only by the invention specifying matters according to the scope of claims reasonable from the above description.

It is the outline of the logical system structure figure for demonstrating the whole electronic commerce system concerning the 1st Embodiment of this invention. It is a block diagram which shows the logical structure of the provider server used for the electronic commerce system which concerns on the 1st Embodiment of this invention. It is a block diagram which shows the logical structure of the authentication server used for the electronic commerce system which concerns on the 1st Embodiment of this invention. It is a flowchart (the 1) explaining the electronic commerce method which concerns on the 1st Embodiment of this invention. It is a flowchart (the 2) explaining the electronic commerce method which concerns on the 1st Embodiment of this invention. It is a flowchart (the 1) explaining the electronic commerce method which concerns on the modification (1st modification) of the 1st Embodiment of this invention. It is a flowchart (the 2) explaining the electronic commerce method which concerns on the modification (1st modification) of the 1st Embodiment of this invention. It is a flowchart (the 1) explaining the electronic commerce method which concerns on the modification (2nd modification) of the 1st Embodiment of this invention. It is a flowchart (the 2) explaining the electronic commerce method which concerns on the modification (2nd modification) of the 1st Embodiment of this invention. It is a block diagram which shows the logical structure of the provider server used for the electronic commerce system which concerns on the 2nd Embodiment of this invention. It is a block diagram which shows the logical structure of the authentication server used for the electronic commerce system which concerns on the 2nd Embodiment of this invention. It is a flowchart (the 1) explaining the electronic commerce method which concerns on the 2nd Embodiment of this invention. It is a flowchart (the 2) explaining the electronic commerce method which concerns on the 2nd Embodiment of this invention. It is a schematic diagram (the 1) explaining the automatic acquisition method of the email address relevant to the electronic commerce method concerning the 2nd Embodiment of this invention. It is a schematic diagram (the 2) explaining the automatic acquisition method of the email address relevant to the electronic commerce method which concerns on the 2nd Embodiment of this invention. It is a block diagram which shows the logical structure of the provider server used for the electronic commerce system which concerns on the 3rd Embodiment of this invention. It is a flowchart (the 1) explaining the electronic commerce method which concerns on the 3rd Embodiment of this invention. It is a flowchart (the 2) explaining the electronic commerce method concerning the 3rd Embodiment of this invention.

Explanation of symbols

1a, 1b,..., 1e ... operator server 2a, 2b,..., 2e ... communication terminal 3a, 3b, ..., 3e ... authentication terminal 4a ... first communication network 4b ... Second communication network 5 ... Authentication server 101 ... Authentication parameter storage device 102 ... Authentication information storage device 103 ... Private information storage device 104 ... Content storage device 105 ... Secret information storage device 106 ... Access image storage device 107 ... Email address Storage device 111 ... Authentication image generation means 112 ... Authentication information acquisition means 113 ... Authentication information collation means 114 ... Authentication result acquisition means 115 ... Content editing means 116 ... Commerce transaction control means 117 ... Content distribution means 118 ... Secret information acquisition means 121 ... Input Output control means 131 ... Access image generation means 132 ... Authentication parameter acquisition Means 141 ... Authentication parameter generation means 142 ... Mail address acquisition means 201 ... Authentication image data storage device 211 ... Authentication image reception means 212 ... Authentication image presentation means 214 ... Content reception means 215 ... Commercial transaction data editing means 301 ... Authentication image data storage device 302 ... Private information storage device 311 ... Access image acquisition means 311 ... Authentication image acquisition means 312 ... Authentication information transmission means 501 ... Operator information storage device 502 ... Private information storage device 503 ... Secret information storage device 504 ... Mail address storage device 505 ... authentication parameter storage device 511 ... company server registration means 512 ... company server authentication means 513 ... private information registration means 514 ... private information authentication means 515 ... secret information registration means 516 ... secret information transmission means 521 ... Input / output control means 531 ... Mail address acquisition means 532 ... Authentication parameter transmission means 533 ... Authentication parameter generation means

Claims (8)

A first communication network; a plurality of communication terminals connected to the first communication network; a plurality of operator servers; an authentication server certified by an accreditation organization; and the operator server and the authentication server connected to the first An electronic commerce method using a system including two communication networks and a plurality of authentication terminals connected to the second communication network,
Storing each company information of the plurality of company servers in the company information storage device of the authentication server;
Storing private information of each of the plurality of authentication terminals in the private information storage device of the authentication server;
Storing secret information transmitted from the plurality of authentication terminals in the secret information storage device of the authentication server;
The provider server authentication means of the authentication server includes the provider information included in the access request received from the specific authentication terminal via the second communication network, and the business stored in the provider information storage device. Verifying company information and authenticating a specific operator server;
Private information authenticating means of the authentication server collates private information included in the access request with private information stored in the private information storage device, and authenticates the specific authentication terminal;
When the secret information transmitting unit of the authentication server authenticates the specific provider server by the provider server authenticating unit and the private information authenticating unit authenticates the specific authentication terminal, the specific provider Transmitting the secret information stored in the secret information storage device to a server, and the secret information transmitted to the specific operator server is transmitted to the specific business via the first communication network. The electronic commerce method is transmitted from a person server to a specific communication terminal among the plurality of communication terminals associated with the specific authentication terminal. A first communication network; a plurality of communication terminals connected to the first communication network; a plurality of operator servers; an authentication server certified by an accreditation organization; and the operator server and the authentication server connected to the first An electronic commerce method using a system including two communication networks and a plurality of authentication terminals connected to the second communication network,
The private information storage device of the provider server stores the private information of each of the plurality of authentication terminals;
The secret information storage device of the provider server stores secret information specific to the specific authentication terminal transmitted from the authentication server when the authentication server authenticates the specific authentication terminal and the specific provider server. And steps to
An authentication image generation unit of the provider server generates an image code including an authentication parameter as an authentication image, and the authentication image is transmitted to a specific communication terminal among the plurality of communication terminals associated with the specific authentication terminal. Sending, and
The authentication parameter storage device of the operator server stores the authentication parameter;
The authentication information obtained from the specific authentication terminal by the authentication information verification unit of the provider server includes the authentication parameter, and private information included in the authentication information is stored in the private information storage device. Determining whether it matches the private information of a specific authentication terminal;
The content editing means of the provider server reads the unique secret information stored in the secret information storage device, creates the content by editing the unique secret information together with information necessary for commercial transactions, and Delivering to a communication terminal of the electronic commerce method. A first communication network; a plurality of communication terminals connected to the first communication network; a plurality of operator servers; an authentication server certified by an accreditation organization; and the operator server and the authentication server connected to the first An authentication server used in an electronic commerce system including two communication networks and a plurality of authentication terminals connected to the second communication network,
A company information storage device storing each company information of the plurality of company servers;
A private information storage device storing private information of each of the plurality of authentication terminals;
A secret information storage device storing secret information transmitted from the plurality of authentication terminals;
The operator information included in the access request received from the specific authentication terminal via the second communication network is matched with the operator information stored in the operator information storage device, and the specific operator server is Said operator server authentication means for authenticating;
Private information included in the access request is compared with private information stored in the private information storage device, and a private information authenticating means for authenticating a specific authentication terminal;
When the provider server authenticating unit authenticates the specific provider server and the private information authenticating unit authenticates the specific authentication terminal, it is stored in the secret information storage device in the specific provider server. The secret information transmitted to the specific operator server is transmitted from the specific operator server via the first communication network to the specific operator server. An authentication server, wherein the authentication server is transmitted to a specific communication terminal among the plurality of communication terminals associated with the authentication terminal. A first communication network; a plurality of communication terminals connected to the first communication network; a plurality of operator servers; an authentication server certified by an accreditation organization; and the operator server and the authentication server connected to the first An operator server used in an electronic commerce system including two communication networks and a plurality of authentication terminals connected to the second communication network,
A private information storage device storing private information of each of the plurality of authentication terminals;
When the authentication server authenticates a specific authentication terminal and a specific operator server, a secret information storage device that stores secret information unique to the specific authentication terminal transmitted from the authentication server;
An authentication image generating means for generating an image code including an authentication parameter as an authentication image, and transmitting the authentication image to a specific communication terminal among the plurality of communication terminals associated with the specific authentication terminal;
An authentication parameter storage device for storing the authentication parameter;
Whether the authentication information acquired from the specific authentication terminal includes the authentication parameter, and the private information included in the authentication information matches the private information of the specific authentication terminal stored in the private information storage device Authentication information verification means for determining whether or not,
Content editing means for reading out the unique secret information stored in the secret information storage device, editing the unique secret information together with information necessary for commercial transactions, creating a content, and delivering the content to the specific communication terminal; An operator server characterized by comprising: A first communication network; a plurality of communication terminals connected to the first communication network; a plurality of operator servers; an authentication server certified by an accreditation organization; and the operator server and the authentication server connected to the first An electronic commerce method using a system including two communication networks and a plurality of authentication terminals connected to the second communication network,
Storing each company information of the plurality of company servers in the company information storage device of the authentication server;
Storing private information of each of the plurality of authentication terminals in the private information storage device of the authentication server;
Storing secret information transmitted from the plurality of authentication terminals in the secret information storage device of the authentication server;
The provider server authentication means of the authentication server includes the provider information included in the access request received from the specific authentication terminal via the second communication network, and the business stored in the provider information storage device. Verifying company information and authenticating a specific operator server;
Private information authenticating means of the authentication server collates private information included in the access request with private information stored in the private information storage device, and authenticates the specific authentication terminal;
When the provider server authenticating unit authenticates the specific provider server and the private information authenticating unit authenticates the specific authentication terminal, the authentication parameter generating unit of the authentication server generates an authentication parameter. The authentication parameter is transmitted to the specific operator server and the specific authentication terminal, and the secret information transmitting means of the authentication server stores the secret stored in the secret information storage device in the specific operator server. Transmitting the information, and using the authentication parameter acquired by the specific communication terminal among the plurality of communication terminals associated with the specific authentication terminal from the specific authentication terminal, the specific communication terminal When accessing the operator server, after authenticating the authentication parameter, the secret information transmitted to the specific operator server is stored in the first communication network. An electronic commerce method characterized by being transmitted from the specific provider server to a specific communication terminal via a network. A first communication network; a plurality of communication terminals connected to the first communication network; a plurality of operator servers; an authentication server certified by an accreditation organization; and the operator server and the authentication server connected to the first An authentication server used in an electronic commerce system including two communication networks and a plurality of authentication terminals connected to the second communication network,
A company information storage device storing each company information of the plurality of company servers;
A private information storage device storing private information of each of the plurality of authentication terminals;
A secret information storage device storing secret information transmitted from the plurality of authentication terminals;
The operator information included in the access request received from the specific authentication terminal via the second communication network is matched with the operator information stored in the operator information storage device, and the specific operator server is Said operator server authentication means for authenticating;
Private information included in the access request is compared with private information stored in the private information storage device, and a private information authenticating means for authenticating a specific authentication terminal;
When the provider server authenticating unit authenticates the specific provider server and the private information authenticating unit authenticates the specific authentication terminal, an authentication parameter is generated, and the authentication parameter is set to the specific business server. Authentication parameter generation means for transmitting to the user server and the specific authentication terminal,
When the provider server authenticating unit authenticates the specific provider server and the private information authenticating unit authenticates the specific authentication terminal, it is stored in the secret information storage device in the specific provider server. A secret information transmitting means for transmitting the secret information, and a specific communication terminal of the plurality of communication terminals associated with the specific authentication terminal receives the authentication parameter acquired from the specific authentication terminal. And when the specific operator server is accessed, after the authentication parameter is authenticated, the secret information transmitted to the specific operator server is transmitted to the specific operator server via the first communication network. An authentication server transmitted from a server to a specific communication terminal. A first communication network; a plurality of communication terminals connected to the first communication network; a plurality of operator servers; an authentication server certified by an accreditation organization; and the operator server and the authentication server connected to the first An electronic commerce method using a system including two communication networks and a plurality of authentication terminals connected to the second communication network,
The private information storage device of the provider server stores the private information of each of the plurality of authentication terminals;
The secret information storage device of the provider server stores secret information specific to the specific authentication terminal transmitted from the authentication server when the authentication server authenticates the specific authentication terminal and the specific provider server. And steps to
The authentication parameter generation means of the provider server generates an authentication parameter when the authentication server authenticates a specific authentication terminal and a specific provider server, and transmits the authentication parameter to the specific authentication terminal. Storing the authentication parameters in an authentication parameter storage device of the provider server;
When a specific communication terminal among the plurality of communication terminals associated with the specific authentication terminal has accessed using the authentication parameter, authentication information matching means of the provider server is included in the access Determining whether the authentication parameter matches an authentication parameter stored in the authentication parameter storage device;
When it is confirmed that the authentication parameters match, the content editing unit of the provider server reads the unique secret information stored in the secret information storage device, and the unique secret information is information necessary for a commercial transaction. And an electronic commerce method comprising the steps of: creating a content by editing together with the content and distributing the content to the specific communication terminal. A first communication network; a plurality of communication terminals connected to the first communication network; a plurality of operator servers; an authentication server certified by an accreditation organization; and the operator server and the authentication server connected to the first An operator server used in an electronic commerce system including two communication networks and a plurality of authentication terminals connected to the second communication network,
A private information storage device storing private information of each of the plurality of authentication terminals;
When the authentication server authenticates a specific authentication terminal and a specific operator server, a secret information storage device that stores secret information unique to the specific authentication terminal transmitted from the authentication server;
An authentication parameter generating means for generating an authentication parameter when the authentication server authenticates a specific authentication terminal and a specific operator server, and transmitting the authentication parameter to the specific authentication terminal;
An authentication parameter storage device for storing the authentication parameter;
When a specific communication terminal among the plurality of communication terminals associated with the specific authentication terminal has accessed using the authentication parameter, the authentication parameter included in the access is stored in the authentication parameter storage device Authentication information matching means for determining whether or not the authentication parameter matches
When the authentication parameter match is confirmed, the unique secret information stored in the secret information storage device is read, the unique secret information is edited together with information necessary for commercial transactions, and content is created. A provider server comprising content editing means for distributing to a specific communication terminal.

Images