JP2017111667A - Management device, terminal device, program and settlement system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To update data substituting for identification information on a user at electronic settlement means at timing update is necessary while reducing communication between a user's terminal device and a management device.SOLUTION: A radio communication terminal 10 stores a token substituting for a PAN in a credit card function, and transmits the token to a token management server 40 if electronic settlement is performed. The radio communication terminal 10 updates a token on the basis of a token generation program if a token update condition is satisfied. The token management server 40 stores a PAN in association with a token substituting for the PAN, and upon receiving a token from the radio communication terminal 10, transmits a settlement request to a settlement server 60 on the basis of the PAN stored in association with the token. The token management server 40 updates a token on the basis of the same token generation program as the radio communication terminal 10 if it satisfies the same token update condition as the radio communication terminal 10.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a technique for preventing unauthorized use of electronic settlement means.

  In a system that transmits and receives highly confidential information such as a password via a network, there is a concern about leakage of information from the network. On the other hand, Patent Documents 1 and 2 describe a technique that allows a plurality of devices to share a passcode while preventing the passcode from being transmitted over a network. Specifically, in Patent Document 1, a seed used to generate a one-time passcode is stored in a USIM (Universal Subscriber Identity Module) card of a mobile phone, and the seed, current time, and PIN are used to store the seed. Generating a time pass code is described. Patent Document 3 describes that a mobile phone and a user authentication server generate a one-time password using a user ID, current time information, and common secret information.

JP 2008-40907 A JP 2008-40908 A JP 2002-259344 A

As user identification information for using electronic payment, for example, there is a PAN (Primary Account Number) in a credit card function. In addition, there is a method called token payment as electronic payment using a token which is a character string substituting for PAN. In this token settlement, electronic settlement can be performed without handling PAN. Therefore, even if a token is leaked, unauthorized use of electronic settlement means can be prevented. However, tokens are often created for each domain, and electronic payment means may be illegally used due to token leakage within the same domain. Further, since it is necessary to notify the store terminal of the token at the time of settlement, the token may be stored in the store terminal and used illegally. Updating tokens from time to time via the network reduces the possibility of unauthorized use, but increases the network load related to communication between the user terminal device and the server device, and the time and effort of user operations related to token updating Because of communication costs, it is not desirable that token renewals occur frequently. Even when it is necessary to renew the token, it is assumed that the token cannot be renewed because the terminal device of the user is out of service area and cannot be connected to the network.
SUMMARY OF THE INVENTION Accordingly, an object of the present invention is to update data that replaces user identification information in an electronic payment means at a timing that requires updating while reducing communication between the user terminal device and the management device. .

  In order to solve the above-described problems, the payment system of the present invention is a payment system including a user terminal device and a management device, and the terminal device stores first data that substitutes for identification information of an electronic payment means. A first storage unit, a transmission unit that transmits the first data to the management device when electronic payment is performed, and a first algorithm that updates the first data with a predetermined algorithm when a predetermined condition is satisfied. An update unit, and the management device stores the identification information in association with second data that replaces the identification information, and stores the first data transmitted by the terminal device. A settlement request for requesting the electronic settlement based on the identification information stored in the second storage unit in association with the received second receiving unit and the second data having a predetermined relationship with the received first data A settlement control unit for transmitting, if it meets the predetermined condition, and a second updating unit configured to update the second data at the predetermined algorithm.

  In the payment system of the present invention, the terminal device includes a first detection unit that detects that the electronic payment has been performed in response to the transmission of the first data, and the first update unit includes the first update unit. When the detection unit detects that the electronic payment has been performed, the first data is updated, and the management device detects that the electronic payment has been performed in response to transmission of the payment request. The second update unit may update the second data when the second detection unit detects that the electronic payment has been performed.

  In the payment system of the present invention, when the first update unit determines that the update of the first data when the predetermined condition is satisfied is based on the use history of the electronic payment, the update is performed. May be performed.

  In the payment system of the present invention, the first storage unit stores third data in addition to the first data, the second storage unit stores fourth data in addition to the second data, and The transmission unit transmits the third data when the first data and the second data are not in the predetermined relationship, and the settlement control unit determines that the received third data is the fourth data. The settlement request may be transmitted when the predetermined relationship is established.

  In the payment system of the present invention, the terminal device includes a first terminal device and a second terminal device, and the first terminal device and the second terminal device communicate with each other in the first storage unit. You may have a synchronous control part which synchronizes the said 1st data memorize | stored.

  In the payment system according to the present invention, the terminal device includes a first terminal device and a second terminal device, and the first terminal device has the first storage unit at a predetermined timing before the electronic payment is performed. A synchronization control unit that transmits the first data stored in the first terminal device to the second terminal device, wherein the second terminal device receives the first data received from the first terminal device as Even when the electronic storage is stored in the first storage unit and the electronic payment is not performed, a synchronization control unit that deletes the first data when a predetermined condition is satisfied may be provided.

  The management apparatus of the present invention includes a first storage unit that stores first data that substitutes for identification information of an electronic payment unit, a transmission unit that transmits the first data when electronic payment is performed, and a predetermined condition. If the above condition is satisfied, the identification information is replaced with the receiving unit that receives the first data transmitted by the terminal device having the first updating unit that updates the first data with a predetermined algorithm. A second storage unit that stores the second data in association with the second data, and the identification information stored in the second storage unit in association with the second data having a predetermined relationship with the received first data. A payment control unit that transmits a payment request for requesting the electronic payment, and a second update unit that updates the second data with the predetermined algorithm when the predetermined condition is satisfied.

  The terminal device according to the present invention has a storage unit that stores first data substituting identification information of an electronic payment unit, and the first data is in a predetermined relationship with the first data when electronic payment is performed. A management device that transmits a payment request for requesting the electronic payment based on the identification information stored in association with the second data, and updates the second data with a predetermined algorithm when a predetermined condition is satisfied And a transmission unit that updates the first data with the predetermined algorithm when the predetermined condition is satisfied.

  When the electronic payment is performed to the computer of the terminal device that accesses the storage unit that stores the first data that substitutes the identification information of the child settlement means, the program of the present invention stores the first data in the first data. And transmitting a payment request for requesting the electronic payment based on the identification information stored in association with the second data having a predetermined relationship with the second data, and when the predetermined condition is satisfied, A program for executing a step of transmitting data to a management device and a step of updating the first data with the predetermined algorithm when the predetermined condition is satisfied.

  ADVANTAGE OF THE INVENTION According to this invention, the update of the data which substitutes a user's identification information in an electronic payment means can be performed at the timing which needs an update, reducing communication between a user's terminal device and a management apparatus.

The figure which shows the whole structure of the payment system which concerns on one Embodiment of this invention. The block diagram which shows the structure of the radio | wireless communication terminal which concerns on the same embodiment. The block diagram which shows the hardware constitutions of the card type terminal which concerns on the same embodiment. The block diagram which shows the hardware constitutions of the token management server which concerns on the same embodiment. The block diagram which shows the function structure of the radio | wireless communication terminal, card type terminal, and token management server which concern on the embodiment. The sequence chart which shows the initial setting performed with the payment system which concerns on the embodiment. The sequence chart which shows the process regarding the update of electronic payment-token performed with the payment system which concerns on the embodiment. The sequence chart which shows the update process of the token generation program performed with the payment system which concerns on the embodiment. The figure which shows the mode of the update of the token management table which concerns on the same embodiment. The sequence chart which shows the operation | movement at the time of abnormality generation | occurrence | production of operation | movement of the radio | wireless communication terminal in the payment system concerning the embodiment. The sequence chart which shows operation | movement when the SIM card in the payment system which concerns on the embodiment is replaced. The sequence chart which shows operation | movement when the token in the payment system which concerns on the embodiment becomes inconsistent. The figure which shows the token handled with the payment system which concerns on the embodiment. The sequence chart which shows the synchronous control of the token of the radio | wireless communication terminal and card type terminal in the payment system which concerns on the embodiment.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. Hereinafter, the case where the electronic payment of the present invention is performed using an electronic payment means using a credit card function will be described. The identification information of the credit card function is a credit card number also called PAN.

  FIG. 1 is a diagram showing an overall configuration of a payment system 1 according to an embodiment of the present invention. The payment system 1 includes a wireless communication terminal 10, a card type terminal 20, a store terminal 30, a token management server 40, a web server 50, and a payment server 60. The store terminal 30 and the token management server 40 are connected via a network 100A such as a dedicated line. The token management server 40 and the wireless communication terminal 10 are connected via a network 100B that is a public communication line such as the Internet.

  The wireless communication terminal 10 and the card type terminal 20 are terminal devices that are carried and used by a user U who is the same user. The wireless communication terminal 10 is a smartphone in this embodiment, but is a terminal device (an example of the first terminal device of the present invention) such as a feature phone, a tablet computer, a notebook computer, and various wearable computers. Also good. The card type terminal 20 is a card type terminal device (an example of a second terminal device of the present invention). The card type terminal 20 may be replaced with a terminal device that is not a card type, such as a wearable type or a key holder type. The wireless communication terminal 10 and the card type terminal 20 have a function of performing electronic payment by a credit card function. When performing the electronic payment, the user U brings the card-type terminal 20 or the wireless communication terminal 10 close to the reader / writer device of the store terminal 30 (for example, an electronic register). The store P shown in FIG. 1 is an example of a commercial facility that provides goods or services to a customer and receives money from the customer as compensation for the provision. The customer pays money (price, fee or expense) to the store as consideration for the goods or services provided.

  The wireless communication terminal 10 and the card type terminal 20 have a function of performing wireless communication (hereinafter referred to as “short-range wireless communication”) by connecting wirelessly when they are close within a certain distance. The wireless communication terminal 10 and the card-type terminal 20 transmit and receive data related to electronic payment using short-range wireless communication.

  The token management server 40 is a management device that manages tokens used for electronic payment. The token is data substituting for the PAN. In other words, the token indicates a character string replaced from the PAN according to a predetermined rule. Here, the character string is formed by connecting a plurality of characters. Moreover, although a character is a number or an alphabet, for example, the other character represented by a character code may be sufficient. The token of this embodiment substitutes for one PAN unless otherwise specified. That is, the token indicates a single character string replaced from one PAN. A plurality of tokens can be generated from one PAN.

  The web server 50 distributes various web pages to the wireless communication terminal 10 via the network 100B. The web page of the present embodiment includes an online shopping site (also referred to as an EC (Electronic Commerce) site). Even when a product is purchased through the online shopping site, the token is transmitted from the wireless communication terminal 10 to the token management server 40.

  The settlement server 60 is a server device that performs a settlement process such as a settlement amount withdrawal process based on the PAN received from the token management server 40. Although only one settlement server 60 is shown in FIG. 1, there may be a plurality of settlement servers 60 managed and operated by different credit card issuers (issuers).

FIG. 2 is a diagram illustrating a hardware configuration of the wireless communication terminal 10. As shown in FIG. 2, the wireless communication terminal 10 includes a control unit 11, a UI (User Interface) unit 12, a short-range wireless communication unit 13, a network communication unit 14, a non-contact IC chip 15, and a storage. Unit 16 and a SIM interface unit 17.
The control unit 11 includes a processor including a CPU as an arithmetic processing unit, a memory including a ROM (Read Only Memory), and a RAM (Random Access Memory). The CPU controls each unit of the wireless communication terminal 10 by reading the program stored in the ROM or the storage unit 16 into the RAM and executing it.

  The UI unit 12 includes a display unit (for example, a liquid crystal display) that displays an image on a display surface, and a touch sensor that is provided on the display surface of the display unit so as to receive an operation input by a user's contact. It is. The wireless communication terminal 10 may further include other operation means such as a physical key, or may have a function of accepting an operation by voice input.

The near field communication unit 13 performs near field communication with an external device. In this embodiment, the short-range wireless communication is Bluetooth (registered trademark) 4.0 (so-called Bluetooth Low Energy), but other methods such as Wi-Fi (registered trademark) and ANT may be adopted.
The network communication unit 14 includes, for example, a wireless communication circuit and an antenna, and performs communication by connecting to the network 100B.
The non-contact type IC chip 15 has a memory area used for reading / writing of a processor, an antenna, and data, and is an IC chip for performing proximity type non-contact communication. In the present embodiment, the contactless IC chip 15 transmits a token when electronic payment is performed.
The storage unit 16 includes a storage device such as an EEPROM (Electronically Erasable and Programmable ROM) and a flash memory, and stores data such as an OS (Operating System) executed by the control unit 11 and a program operating on the OS. It is an example of a 1st memory | storage part. Furthermore, the storage unit 16 stores a token 161 (an example of first data of the present invention) that substitutes for PAN.

  The SIM interface unit 17 includes a slot in which the SIM card 70 can be attached and detached, and reads information recorded on the SIM card 70 installed in the slot. Here, the SIM card 70 is a card-type recording medium that stores information for connecting to the network 100B and using a communication service. The SIM card 70 stores medium identification information assigned to identify each card. In this embodiment, the medium identification information is an ICCID (Integrated Circuit Card ID) stored in the SIM card 70. The SIM card 70 also stores a token generation program. The token generation program is a program in which an algorithm for generating a token from ICCID is described. The token generation program is configured to be able to generate a plurality of types of tokens based on one ICCID. For this reason, for example, the token generation program defines an arithmetic process for generating a token by using a function having as arguments an ICCID and a value indicating the number of tokens to be generated. By using ICCID as an argument in this way, a token unique to the terminal device, in other words, a token unique to the user is generated. Further, since the ICCID and token generation program are stored in the SIM card 70, the possibility of illegal generation of tokens used for electronic payment and leakage of credit card functions due to leakage of such information is reduced. Can be made.

FIG. 3 is a block diagram showing a hardware configuration of the card type terminal 20. As shown in FIG. 3, the card type terminal 20 includes a control unit 21, a non-contact IC chip 22, a short-range wireless communication unit 23, and a storage unit 24. Each of the control unit 21, the non-contact IC chip 22, the short-range wireless communication unit 23, and the storage unit 24 has the same configuration as the hardware circuit of the same name provided in the wireless communication terminal 10, for example.
In the control unit 21, the CPU controls each unit of the card-type terminal 20 by reading a program stored in the ROM or the storage unit 24 into the RAM and executing it. The storage unit 24 stores the token 241. The control unit 21 acquires a copy of the token 161 from the wireless communication terminal 10 via the short-range wireless communication unit 23 and stores it as the token 241.

FIG. 4 is a diagram illustrating a hardware configuration of the token management server 40. As illustrated in FIG. 4, the token management server 40 includes a control unit 41, a communication unit 42, and a storage unit 43.
The control unit 41 includes a processor including a CPU as a processing unit, a memory including a ROM, and a RAM. The CPU controls each unit of the token management server 40 by reading the program stored in the ROM or the storage unit 43 into the RAM and executing it.
The communication unit 42 includes, for example, a modem and communicates with each of the store terminal 30, the settlement server 60, the web server 50, and the wireless communication terminal 10.

The storage unit 43 includes, for example, a hard disk device, and is an example of a second storage unit that stores data such as an OS executed by the control unit 41 and a program operating on the OS. The storage unit 43 also stores a token management table 431.
The token management table 431 is a table in which information on “token”, “PAN”, and “token generation program” is associated with each of a plurality of users. In the example of FIG. 4, the PAN “01234XXXX” is associated with the token “TOKEN_A11”, and further, the “token generation program verA1” is associated. This means that the token “TOKEN_A11” is a token that substitutes for the PAN “01234XXXX”, and when this token is updated, the “token generation program verA1” is used. The token “TOKEN_A11” is assumed to be a token (an example of second data of the present invention) used by the wireless communication terminal 10 of the user U. The “token generation program verA1” is configured by the same algorithm as the token generation program stored in the wireless communication terminal 10.
In the token management table 431, the PAN “56789YYYYY” is associated with the token “TOKEN_B11”, the “token generation program verB1” is further associated, and the PAN “13579ZZZZZ” is associated with the token “TOKEN_C11”. Furthermore, “token generation program verC1” is associated. “TOKEN_B11” and “TOKEN_C11” may be used by a user different from the user who uses “TOKEN_A11”, or may be used by the same user. However, when used by the same user, “TOKEN_B11” and “TOKEN_C11” may be associated with “token generation program verA1” which is the same token generation program as “TOKEN_A11”.

FIG. 5 is a block diagram illustrating functional configurations of the wireless communication terminal 10, the card type terminal 20, and the token management server 40. As illustrated in FIG. 5, the wireless communication terminal 10 performs functions corresponding to the token transmission unit 101, the first detection unit 102, the first update unit 103, and the synchronization control unit 104 by executing a program. Realize.
The token transmission unit 101 functions as a transmission unit that transmits the token 161 to the store terminal 30 or the web server 50 when electronic payment is performed.
The first detection unit 102 detects that electronic payment has been performed in response to the transmission of the token 161. The first detection unit 102 detects that the electronic payment has been performed, for example, by receiving an electronic payment completion signal from the store terminal 30 or the web server 50 to which the token is transmitted.
The first update unit 103 updates the token 161 based on the token generation program stored in the SIM card 70 when a token update condition that is a condition related to the token update is satisfied. Here, the token update condition indicates that electronic payment has been performed using the token 161. Therefore, the first update unit 103 updates the token 161 when the first detection unit 102 detects that electronic payment has been performed.

The synchronization control unit 104 functions as a synchronization control unit that performs control for synchronizing tokens stored in the wireless communication terminal 10 and the card type terminal 20 by performing short-range wireless communication with the card type terminal 20. Specifically, the synchronization control unit 104 transmits the token 161 to the card type terminal 20 via short-range wireless communication. In addition, when electronic payment using a token is used by the card type terminal 20, the synchronization control unit 104 receives a notification to the effect from the card type terminal 20 and further notifies the first update unit 103. . The first update unit 103 updates the token in response to this notification.
The token transmission unit 101 and the first detection unit 102 are realized by the control unit 11, the network communication unit 14, and the non-contact IC chip 15. The first update unit 103 is realized by the control unit 11. The synchronization control unit 104 is realized by the control unit 11 and the short-range wireless communication unit 13.

The card-type terminal 20 implements functions corresponding to the synchronization control unit 201, the token transmission unit 202, and the first detection unit 203 by executing a program.
The synchronization control unit 201 functions as a synchronization control unit that performs control for synchronizing tokens between the wireless communication terminal 10 and the card type terminal 20 by performing short-range wireless communication with the wireless communication terminal 10. Specifically, the synchronization control unit 201 stores the token received from the wireless communication terminal 10 via the short-range wireless communication as the token 241. In addition, when electronic payment using a token is used by the card-type terminal 20, the synchronization control unit 201 notifies the wireless communication terminal 10 of the use notification by short-range wireless communication.

  The token transmission unit 202 functions as a transmission unit that transmits the token 241 to the store terminal 30 when electronic payment is performed. In the present embodiment, it is assumed that the card type terminal 20 does not have a function of connecting to the network 100B. For this reason, the token transmission unit 202 transmits the token 241 to the store terminal 30, but does not transmit the token 241 to the web server 50. When the card type terminal 20 has a function of connecting the card type terminal 20 to the network 100 </ b> B, the token transmission unit 202 may transmit the token 241 to the web server 50.

The first detection unit 203 detects that electronic payment has been performed in response to the transmission of the token 241. For example, the first detection unit 203 detects that the electronic payment has been performed by receiving a completion signal of the electronic payment from the store terminal 30 or the web server 50 to which the token is transmitted. When the first detection unit 203 detects that the electronic payment has been made, the synchronization control unit 201 notifies the wireless communication terminal 10 to that effect.
The synchronization control unit 201 is realized by the control unit 21 and the short-range wireless communication unit 23. The token transmission unit 202 and the first detection unit 203 are realized by the control unit 21 and the non-contact type IC chip 22.

The token management server 40 implements functions corresponding to the token reception unit 401, the payment control unit 402, the second detection unit 403, and the second update unit 404 by executing the program.
The token reception unit 401 functions as a reception unit that receives a token transmitted by the token transmission unit 101 or the token transmission unit 202 when electronic payment is performed.
The payment control unit 402 is a payment control unit that transmits a payment request for requesting electronic payment to the payment server 60 based on the PAN stored in the token management table 431 in association with the token received by the token receiving unit 401. is there.

The second detection unit 403 detects that electronic payment has been performed in response to the payment request transmitted by the payment control unit 402. For example, the second detection unit 403 detects that the electronic payment has been performed by receiving a completion signal of the electronic payment from the payment server 60 that is the transmission destination of the token.
When a predetermined token update condition is satisfied, the second update unit 404 updates the token stored in the token management table 431 based on the token generation program associated with the same record. The token update condition is the same condition as that of the wireless communication terminal 10, that is, indicates that electronic payment has been performed using a token. Therefore, the second update unit 404 updates the token stored in the token management table 431 when the second detection unit 403 detects that electronic payment has been performed.
Note that the token receiving unit 401, the payment control unit 402, and the second detection unit 403 are realized by the control unit 41 and the communication unit 42. The second update unit 404 is realized by the control unit 41.

Next, the operation of this embodiment will be described.
<A: Initial setting>
FIG. 6 is a sequence chart showing initial settings executed in the payment system 1. The initial setting is a setting that is performed in advance to perform electronic payment using a token. FIG. 9 is a diagram illustrating how the token management table 431 is updated.
In the initial setting, the wireless communication terminal 10 transmits a token issue request to the token management server 40 (step S1). The token issuance request includes the PAN used for electronic payment and the ICCID stored in the SIM card 70.

  The token management server 40 stores the PAN included in the token issuance request in the token management table 431 (step S2). Here, the token management server 40 stores “01234XXXX” as the PAN in the token management table 431 as shown in FIG. 9A.

  Next, the token management server 40 generates a token generation program using the ICCID included in the token issuance request and stores it in the token management table 431 (step S3). This token generation program is an algorithm for generating a token, and defines a different algorithm according to ICCID. Here, as illustrated in FIG. 9B, the token management server 40 generates “token generation program verA1” using ICCID, and stores it in the token management table 431 in association with PAN “01234XXXX”.

  Next, the token management server 40 transmits the generated token generation program verA1 to the wireless communication terminal 10 (step S4). Further, the token management server 40 generates a token based on the token generation program verA1, and stores it in the token management table 431 (step S5). Here, as shown in FIG. 9C, the token management server 40 generates a token “TOKEN_A11” and stores it in the token management table 431 in association with the PAN “01234XXXX” and the “token generation program verA1”.

On the other hand, when receiving the token generation program verA1 transmitted in step S4, the wireless communication terminal 10 stores it in the SIM card 70 (step S6). Then, the wireless communication terminal 10 generates a token based on the token generation program verA1 stored in step S6, and stores it in the storage unit 16 as a token 161 (step S7). Since the wireless communication terminal 10 and the token management server 40 generate a token based on the token generation program generated from the same ICCID, the token generated in step S5 is the same as the token generated in step S7. is there. That is, the token “TOKEN_A11” is also generated in the wireless communication terminal 10.
The above is the explanation of the initial setting.

<B: Electronic payment-token update>
FIG. 7 is a sequence chart showing processing related to electronic payment to token update executed in the payment system 1. In the following, a case where electronic payment is performed at the store P will be described, but the same processing is executed when a product is purchased via the online shopping site by accessing the web server 50.
When the electronic payment is performed at the store P, the wireless communication terminal 10 transmits the token 161 stored in the storage unit 16 to the store terminal 30 (step S11). Here, the wireless communication terminal 10 transmits “TOKEN_A11” as the token 161. Upon receiving the token 161 from the wireless communication terminal 10, the store terminal 30 transmits it to the token management server 40 (step S12). The token management server 40 refers to the token management table 431, reads the PAN associated with the same token as the received token 161, and transmits a payment request including the PAN to the payment server 60 (step S13). Here, the token management server 40 transmits a settlement request including the PAN “01234XXXX” associated with the token “TOKEN_A11”. Thereafter, authorization is performed between the settlement server 60 and the store terminal 30 (step S14), and the settlement processing is completed in the settlement server 60.

The wireless communication terminal 10 detects the completion of the electronic payment by receiving a completion signal indicating that the electronic payment is completed from the store terminal 30 (steps S15 and S16). When detecting the completion of the electronic payment, the wireless communication terminal 10 updates the payment history (step S17). The payment history indicates a history of use of electronic payment using a token. The payment history includes at least information indicating that electronic payment has been performed. In addition to this, the payment history includes various types of electronic payments such as the number of times electronic payments have been made using the same token, usage destination (store or site), payment amount, location (for example, country or region), date and time, etc. May also be included.
Further, the wireless communication terminal 10 updates the token 161 stored in the storage unit 16 based on the token generation program verA1 (step S18).

  On the other hand, the token management server 40 detects the completion of the electronic payment by receiving a completion signal indicating that the electronic payment is completed from the store terminal 30 (steps S19 and S20). When the completion of the electronic payment is detected, the token management server 40 updates the token “TOKEN_A11” stored in the token management table 431 based on the token generation program verA1 (step S21). Here, the token management server 40 updates the token “TOKEN_A11” to the token “TOKEN_A12” as shown in FIG. 9D. As described above, the wireless communication terminal 10 and the token management server 40 generate a token based on the same token generation program, so the token generated in step S16 is the same as the token generated in step S17. is there. That is, the radio communication terminal 10 generates a token “TOKEN_A12”. As described above, since the token generation program and the token update condition are common between the token management server 40 and the wireless communication terminal 10, it is possible to match (that is, synchronize) the tokens stored in these tokens without transmitting / receiving the tokens. Is possible. In this embodiment, the token is updated every time an electronic payment is made in the wireless communication terminal 10.

  Incidentally, the token update does not necessarily have to be executed every time an electronic payment is made. The token management server 40 and the wireless communication terminal 10 can synchronize the tokens of the token management server 40 and the wireless communication terminal 10 by changing the token update condition according to the same rule. Since the token update condition is defined by the token generation program, the token management server 40 and the wireless communication terminal 10 need not perform communication only for specifying the token update condition. However, when a new token update condition is added or changed, communication for specifying the token update condition is required.

  Further, the token update condition may not be a condition specified by the settlement history. For example, the token renewal condition may be specified by time, such as forcibly renewing the token once a year. In addition, the token update condition may be the earlier timing when the use count of the electronic payment reaches the upper limit or when a predetermined period has elapsed after the token issuance.

  Further, the token management server 40 and the wireless communication terminal 10 may change the token update condition according to a predetermined rule. Examples of this rule include the following.

(1) Issuer or Brand The wireless communication terminal 10 and the token management server 40 may update the token under a token update condition corresponding to the issuer of the credit card function or the brand of the credit card function. For example, in the case of Issuer A, the wireless communication terminal 10 and the token management server 40 are updated when 10 electronic payments are made. In the case of Issuer B, the wireless communication terminal 10 and the token management server 40 are updated when 5 electronic payments are made. In this case, when electronic payment is made, it is updated by one payment.

(2) Usage location The wireless communication terminal 10 and the token management server 40 may update the token under a token update condition according to the location where the electronic payment is used. The usage location may be determined by the token management server 40 or the payment server 60 based on data relating to electronic payment, or the wireless communication terminal 10 may determine using the positioning function of the terminal itself. The use place is specified by, for example, a country or a region. The wireless communication terminal 10 and the token management server 40 are updated when, for example, 10 electronic payments are made when the use place is in Japan, and 5 electronic payments are made when Country A is the use place. In other countries, it is updated when one electronic payment is made.

(3) Usage destination The wireless communication terminal 10 and the token management server 40 may update the token under a token update condition according to the usage destination of the electronic payment. The usage destination is determined according to the payment destination of the monetary value, and is specified by, for example, a store, a site, or a domain. The wireless communication terminal 10 and the token management server 40 are updated when electronic payment is performed 10 times, for example, when the actual store is a usage destination, and 5 times when a certain online shopping site is the usage destination. For example, it is updated when an electronic payment is made, and is updated when one electronic payment is made in the case of other online shopping sites.
By making the token update conditions variable as described above, it is possible to prevent a token update process from occurring at a timing that is not particularly necessary while updating the token in consideration of the risk of data leakage related to electronic payment. .

<C: Update token generation program>
FIG. 8 is a sequence chart showing a token generation program update process executed in the payment system 1. In the payment system 1, when the program update condition that is a condition related to the update of the token generation program is satisfied, the update is performed.
First, each of the wireless communication terminal 10 and the token management server 40 determines whether the payment history using the wireless communication terminal 10 satisfies the program update condition (steps S31 and S32). The program update conditions are determined to be the same for the wireless communication terminal 10 and the token management server 40. In the present embodiment, the program update condition is that, for example, the number of settlements reaches a predetermined number (for example, 10 times). However, the program update condition may be a condition relating to electronic payment such as a usage destination, a payment amount, a place (country or region), and a date and time.

  If it is determined “YES” in step S31, the token management server 40 generates a token generation program using the ICCID, and stores it in the token management table 431 (step S33). Here, the token management server 40 generates a token generation program verA2 represented by a function having ICCID as an argument. However, the token generation program verA2 is different in function from the token generation program verA1.

  If it is determined “YES” in step S32, the wireless communication terminal 10 makes an inquiry about the version of the token generation program to the token management server 40 (step S34). If the token management server 40 determines that the version has been changed by updating the token generation program, the token management server 40 transmits the token generation program verA2 generated in step S33 to the wireless communication terminal 10 (step S35). Further, the token management server 40 generates a token based on the token generation program verA2, and stores it in the token management table 431 (step S36). Here, as shown in FIG. 9E, the token management server 40 generates a token “TOKEN_A21” and stores it in the token management table 431 in association with the PAN “01234XXXX” and the “token generation program verA2”.

  On the other hand, when receiving the token generation program verA2 transmitted in step S35, the wireless communication terminal 10 stores it in the SIM card 70 (step S37). Then, the wireless communication terminal 10 generates a token based on the token generation program verA2, and stores it in the storage unit 24 (step S38). Since the wireless communication terminal 10 and the token management server 40 generate a token based on the combination of the same token generation program, the token generated in step S36 and the token generated in step S38 are the same. Therefore, the wireless communication terminal 10 generates a token “TOKEN_A21”.

<D: Operation when an abnormality occurs>
FIG. 10 is a sequence chart showing an operation when an abnormality occurs in the operation of the wireless communication terminal 10 in the payment system 1. When an abnormality occurs in the operation, the token may not be updated between the wireless communication terminal 10 and the token management server 40 because the token is not updated even though the electronic payment is performed. .
Therefore, when the wireless communication terminal 10 determines that an operation abnormality has occurred (step S41), the wireless communication terminal 10 checks the settlement history (step S42). The abnormal operation is, for example, the abnormal termination of the application program for realizing the function related to the electronic payment of the present embodiment. If the relationship between the number of times electronic payment has been made and the version of the token generation program do not match, the wireless communication terminal 10 updates the token based on the token generation program (step S43). Thus, if the token has not been updated due to the occurrence of an abnormal operation, the wireless communication terminal 10 performs the update when it is determined that the update has not been completed based on the payment history. Therefore, the tokens can be synchronized between the wireless communication terminal 10 and the token management server 40.

<E: Operation when SIM card 70 is replaced>
FIG. 11 is a sequence chart showing an operation when the SIM card 70 in the payment system 1 is replaced. When the SIM card 70 is replaced, the currently stored token or the ICCID that is the basis for generating the token generating program and the current IC card ICCID do not match, so the currently stored token And token generators should not be used.
Therefore, when the wireless communication terminal 10 determines that the SIM card 70 has been replaced in the SIM interface unit 17 (step S51), the wireless communication terminal 10 notifies the user U of an error, for example, by display on the UI unit 12, and the initial setting is performed. The user U is prompted to execute again (step S52). Furthermore, the wireless communication terminal 10 may prohibit the use of the token and the token generation program currently stored after making this error notification.

<F: Operation when tokens do not match>
FIG. 12 is a sequence chart showing an operation when the tokens in the payment system 1 do not match. If the token is not updated normally for some reason, the tokens do not match between the wireless communication terminal 10 and the token management server 40. If this discrepancy occurs during electronic payment, it will hinder the user's use of electronic payment.
In this operation example, as shown in FIG. 13A, in addition to the current (latest) token, a “previous token” (a token of the fourth data of the present invention) that is a token used for the previous electronic payment. An example) is stored in the token management table 431. Also, in the wireless communication terminal 10, the previous token (an example of the third data of the present invention) is stored.

  When the electronic payment is performed at the store P, the wireless communication terminal 10 transmits the token 161 stored in the storage unit 16 to the store terminal 30 (step S61). Upon receiving the token 161 from the wireless communication terminal 10, the store terminal 30 transmits it to the token management server 40 (step S62). When the token management server 40 determines that the token received from the wireless communication terminal 10 and the token stored in the token management table 431 do not match (step S63), the token management server 40 notifies the wireless communication terminal 10 of the mismatch ( Step S64).

When the wireless communication terminal 10 receives the notification of the mismatch, the wireless communication terminal 10 authenticates the user U (step S65). The authentication of the user U may be performed by inputting a PIN code or the like, biometric authentication such as a fingerprint may be performed, and a well-known authentication technique can be employed.
If the authentication of the user U is successful, the wireless communication terminal 10 transmits the previous token to the store terminal 30 (step S66). Here, the wireless communication terminal 10 transmits the token “TOKEN_A11”. When receiving the previous token, the store terminal 30 transmits this to the token management server 40 (step S67). When the received previous token matches the previous token stored in the token management table 431, the token management server 40 transmits a payment request to the payment server 60 based on the PAN associated with the previous token. (Step S68). Even in the case where tokens do not match in this way, electronic payment is performed with the token used last time, so there is no hindrance to the use of electronic payment. In addition, since the previous token is used when the user's legitimacy is authenticated, problems due to unauthorized use are less likely to occur.
Note that the token management server 40 does not permit the use of electronic payment using the previous token when the authentication of the user U fails.

  The token used when token mismatch occurs may be, for example, a token that has been used in electronic payments two or more times before, or may be a token prepared separately. An example of the latter token is “master token”. The master token is a character string that replaces the PAN in each of the plurality of credit card functions, and is a character string that is common to the plurality of credit card functions. That is, the master token is a common character string replaced from a plurality of different PANs. In the example of FIG. 13B, the token management server 40 associates “01234XXXX”, “24680EEEE”, and “43210FFFFF” as the PAN of the credit card that can be used by the user U in association with the master token “TOKEN_MA”. Remember.

When the master token is received, the token management server 40 performs electronic payment using any one of the credit card functions available to the user U. The specific method for selecting the credit card function is not particularly limited, and the user may explicitly specify it or automatic selection may be performed. For the selection according to the settlement history, for example, the credit card function having the highest usage count or the credit card function having the highest usage amount is selected.
The separately prepared token may be a backup token that is different for each PAN. This token is used only when, for example, a token mismatch occurs.

<G: Synchronous control of token between radio communication terminal 10 and card type terminal 20>
FIG. 14 is a sequence chart showing token synchronization control between the wireless communication terminal 10 and the card-type terminal 20 in the payment system 1. Since the card-type terminal 20 is small and light, it is more likely to be lost than the wireless communication terminal 10. Therefore, even if this loss occurs, the following processing is performed to prevent unauthorized use of electronic payment.
The wireless communication terminal 10 and the card type terminal 20 perform token synchronization at a predetermined timing (step S71). This synchronization timing is at least within a period in which the power of the wireless communication terminal 10 and the card type terminal 20 is turned on. Here, it is assumed that the operation is performed when the power of the card-type terminal 20 is turned on. When the wireless communication terminal 10 transmits a token, the card-type terminal 20 stores the token 241 in the storage unit 24. The card-type terminal 20 transmits this token 241 to the token management server 40 when electronic payment is performed.

  Next, the card type terminal 20 determines whether or not electronic payment using the stored token is completed (step S72). When it is determined that the electronic payment is completed (step S72; YES), the card type terminal 20 deletes the token 241 from the storage unit 24 (step S74). Thereby, in the card-type terminal 20, since the token is used only for one-time settlement like a one-time password, even if the token leaks, the damage can be reduced.

Further, when it is determined that the electronic payment has not been completed (step S72; NO), the card type terminal 20 determines whether the power is turned off (step S73). When it is determined that the power is turned off (step S73; YES), the card type terminal 20 performs a process of invalidating the token 241 from the storage unit 24 (step S74). In other words, even if the token is not used in the card-type terminal 20, if the power is turned off because the user does not intend to use it for the time being, it is invalidated. That's it.
In the above description, the part that was on the condition of power-on may be replaced with the fact that the screen is turned on or the like. It may be replaced with avoidance.

  The electronic payment of the present invention may not be a method performed using a non-contact IC chip. For example, a card that supplies power to a dynamic magnetic stripe using a battery may be used for the electronic settlement of the present invention. Further, the electronic payment means of the present invention is not limited to means for making an electronic payment by a credit card function. The electronic settlement means of the present invention includes prepaid electronic money, debit cards, points (shopping points, etc.), coupons (electronic coupons), etc., data having a monetary value equivalent to or equivalent to money (that is, value) Any electronic payment means using electronic data called may be used. The user identification information in these cases corresponds to an identification number assigned to a medium such as a card used by the user for electronic payment, a member number, or the like.

  Note that the token generated by the wireless communication terminal 10 may be displayed. In this case, the token may be input to an information device such as a PC, and the information device may transmit the token to the token management server 40 to perform electronic payment.

  The wireless communication terminal 10 or the card-type terminal 20 may convert the token into another character string by encryption or the like, and transmit the converted character string. In this case, the token management server 40 restores (decrypts) the token from the received character string. Then, the token management server 40 refers to the token management table 431 and transmits a payment request including the PAN associated with the token to the payment server 60. As described above, the character string transmitted from the wireless communication terminal 10 or the card-type terminal 20 to perform electronic payment and the character string that is a token stored in the token management table 431 may have a predetermined relationship.

  A part of the configuration and processing described in the above-described embodiment may be omitted. In addition, the specific configuration of each device described in the above-described embodiment, the order and contents of the processes to be executed are merely examples. The token generation program may be generated using medium identification information other than ICCID, or may be generated using identification information unique to the user.

  The functions realized by the control unit 11 of the wireless communication terminal 10, the control unit 21 of the card type terminal 20, and the control unit 41 of the token management server 40 according to the embodiment described above are realized by a combination of a plurality of programs, or a plurality of functions It can be realized by coordination of hardware resources. When the functions of the control units 11, 21, 41 are realized using a program, this program can be a magnetic recording medium (magnetic tape, magnetic disk (HDD (Hard Disk Drive), FD (Flexible Disk)), etc.), optical It may be provided in a state stored in a computer-readable recording medium such as a recording medium (such as an optical disk), a magneto-optical recording medium, or a semiconductor memory, or may be distributed via a network. The present invention can also be grasped as a settlement control method.

DESCRIPTION OF SYMBOLS 1 ... Payment system, 10 ... Wireless communication terminal, 101 ... Token transmission part, 102 ... 1st detection part, 103 ... 1st update part, 104 ... Synchronization control part, 11, 21, 41 ... Control part, 12 ... UI part , 13, 23 ... Short-range wireless communication unit, 14 ... Network communication unit, 15, 22 ... Non-contact IC chip, 16, 24, 43 ... Storage unit, 161 ... Token, 17 ... SIM interface unit, 20 ... Card type Terminal 201, synchronization control unit 202 ... token transmission unit 203 ... first detection unit 30 ... store terminal 40 ... token management server 401 ... token reception unit 402 ... settlement control unit 403 ... second detection unit 404 ... second update unit 42 ... communication unit 431 ... token management table 50 ... web server 60 ... settlement server 70 ... SIM card

Claims (10)

In a payment system comprising a user terminal device and a management device,
The terminal device
A first storage unit for storing first data for substituting the identification information of the electronic payment means;
When electronic payment is performed, a transmission unit that transmits the first data to the management device;
A first update unit that updates the first data with a predetermined algorithm when a predetermined condition is satisfied,
The management device
A second storage unit that stores the identification information in association with second data that replaces the identification information;
A receiving unit for receiving the first data transmitted by the terminal device;
A settlement control unit for transmitting a settlement request for requesting the electronic settlement based on the identification information stored in the second storage unit in association with the received second data having a predetermined relationship with the first data; ,
A payment system comprising: a second update unit configured to update the second data with the predetermined algorithm when the predetermined condition is satisfied. The terminal device includes a first detection unit that detects that the electronic payment has been performed in response to transmission of the first data;
The first update unit updates the first data when the first detection unit detects that the electronic payment has been performed,
The management device has second detection means for detecting that the electronic payment has been performed in response to transmission of the payment request,
The payment system according to claim 1, wherein the second update unit updates the second data when the second detection unit detects that the electronic payment has been performed. The first update unit includes:
The update is performed when it is determined that the update of the first data is not completed when the predetermined condition is satisfied based on the use history of the electronic payment. The payment system described in 1. The first storage unit stores third data in addition to the first data,
The second storage unit stores fourth data in addition to the second data,
The transmitter is
When the first data and the second data are not in the predetermined relationship, the third data is transmitted,
The settlement control unit
The settlement system according to any one of claims 1 to 3, wherein the settlement request is transmitted when the received third data is in the predetermined relationship with the fourth data. An authentication unit for authenticating the user;
The settlement control unit
The payment system according to claim 4, wherein when the authentication is successful, the payment request is transmitted. As the terminal device, there is a first terminal device and a second terminal device,
The said 1st terminal device and the said 2nd terminal device have a synchronous control part which synchronizes the said 1st data memorize | stored in the said 1st memory | storage part by communicating with each other. Item 6. The settlement system according to any one of items 5. As the terminal device, there is a first terminal device and a second terminal device,
The first terminal device includes a synchronization control unit that transmits the first data stored in the first storage unit to the second terminal device at a predetermined timing before the electronic payment is performed,
The second terminal device stores the first data received from the first terminal device in the first storage unit of the device itself, and satisfies a predetermined condition even when the electronic payment is not performed. The payment system according to any one of claims 1 to 6, further comprising a synchronization control unit that deletes the first data. A first storage unit that stores first data substituting the identification information of the electronic payment means, a transmission unit that transmits the first data when electronic payment is performed, and a predetermined condition that satisfies a predetermined condition, A receiving unit for receiving the first data transmitted by a terminal device having a first updating unit for updating the first data with an algorithm;
A second storage unit that stores the identification information in association with second data that replaces the identification information;
A settlement control unit for transmitting a settlement request for requesting the electronic settlement based on the identification information stored in the second storage unit in association with the received second data having a predetermined relationship with the first data; ,
A management device comprising: a second updating unit that updates the second data with the predetermined algorithm when the predetermined condition is satisfied. A storage unit for storing first data for substituting the identification information of the electronic payment means;
When electronic payment is performed, the first data is transmitted based on the identification information stored in association with the second data having a predetermined relationship with the first data. And, when a predetermined condition is satisfied, a transmitting unit that transmits the second data with a predetermined algorithm to the management device;
A terminal device comprising: an update unit that updates the first data with the predetermined algorithm when the predetermined condition is satisfied. In the computer of the terminal device that accesses the storage unit that stores the first data that substitutes the identification information of the electronic payment means,
When electronic payment is performed, the first data is transmitted based on the identification information stored in association with the second data having a predetermined relationship with the first data. And, when a predetermined condition is satisfied, transmitting to the management device that updates the second data with a predetermined algorithm;
A program for executing the step of updating the first data by the predetermined algorithm when the predetermined condition is satisfied.

Images