JP2002056332A - Settlement method using credit card - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent unauthorized used of a credit card number in a member shop. SOLUTION: In each of a user information processor 100 (IC card) and an authentication dealer information processor 300, a substitute code SUBn consisting of a hash value of the credit card number, common data COMn, and secret algorithm ARGn are stored. In purchase by a user in a virtual mall of the member shop, the algorithm ARGn is applied to the common data COMn for generating a settlement identification code ID (n, i) inside the IC card, and the substitute code SUBn and the settlement identification code ID (n, u) are transmitted to the authentication dealer via the member shop. The authentication dealer authenticates the settlement on condition that the settlement identification code generated in the inside is coincident with the transmitted settlement identification code. The common data COMn are varied for each user, and the Algorithm ARGn generates a different settlement identification code in every payment.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a payment processing method using a credit card, and more particularly, to a payment processing method using a credit card suitable for performing payment for shopping at a virtual shopping mall on the Internet.

[0002]

2. Description of the Related Art In recent years, the spread of credit cards has been remarkable, and recently, it has become common for one user to possess a plurality of credit cards. If a credit card is used, there is no need to handle cash, so that both the user and the member store can obtain a great advantage, and the use of the credit card is expected to become more and more popular in the future. In the settlement process using a credit card, in the past, a method of creating a credit settlement slip at a member store and sending this slip to a credit card company was adopted,
In recent years, a method of exchanging information online by connecting a terminal device installed in each member store and a host computer managed by a credit card company online has become mainstream.

[0003] With the explosive spread of the Internet in recent years, it has become common to use a credit card also for settlement of shopping at a virtual shopping mall on the Internet. In this case, the user accesses the Web page of the virtual shopping mall of each member store from a personal computer or a portable terminal device, selects a desired product on the screen of the Web browser, and pays the price of the product with a credit card. Will be settled. When making a payment by credit card, it is necessary to convey information such as the user's name, credit card number, and expiration date to the member store. Therefore, usually, these pieces of information are entered on a Web browser screen, A process of transmitting the web page of the member store to the server device of the site that manages the web page via the Internet is performed. The member store adds the information of the amount to be settled to the information transmitted from the user and issues a settlement request to the host computer of the credit card company. When the credit card company receives a settlement request from the member store, it checks the user name, credit card number, and expiration date sent from the member store with the registration data in the host computer. Approve the payment request.

As described above, in a credit card company,
Basically, payment is performed by collating the user's name, credit card number, and expiration date. If such information is stolen by a criminal, it may be misused. In particular, in the early days of the Internet, cases in which such information transmitted from a Web browser by a user was stolen on the way occurred frequently, and this was a major social problem. In order to cope with such a problem, a technology for enhancing security of information transmission via the Internet has been developed. For example, at present, a protocol called SSL (Secure Sockets Layer) for ensuring the security of TCP / IP communication is generally used, and information transmitted by this protocol is practically sufficient. Security can be ensured.

[0005]

As described above, information such as the user name, number, and expiration date of a credit card is important information that can be misused when passed to the criminal, and is not sufficiently handled. You need to be careful.
However, even if payment for shopping at a virtual shopping mall on the Internet is performed using a credit card, if such information is transmitted using the above-described technology such as SSL, the information is temporarily transmitted on the transmission path. Damage that can be stolen can be prevented. However, conventional security measures for credit cards are based on the premise that merchants themselves do not engage in fraudulent activities. Includes the problem of not working. In the first place, merchants are stores that have been judged to be sufficiently reliable by strict screening by credit card companies, and it has never been assumed that merchants themselves would commit fraud. Absent. However, as the business on the Internet becomes more widespread, the number of credit card franchisees increases, and the possibility of illicit conduct by the franchisees themselves or fraud by their employees is increasing. Information such as names, credit card numbers, and expiration dates for a large number of users is collected under the franchise, so if there is an employee who illegally obtains this information and diverts it It is powerless to secure communication security by using technologies such as SSL and SSL.

In order to solve such a problem, a SET (Secure Electronic Transcription) using public key cryptography is used.
saction) is proposed by a major credit card company, and the system is currently being tested.
Since a fairly large-scale system is required, it has not been put to practical use.

Accordingly, an object of the present invention is to provide a new settlement processing method using a credit card which can sufficiently secure security for each member store.

[0008]

Means for Solving the Problems (1) In a first aspect of the present invention, a user who has been issued a credit card given a predetermined number from a credit card company is allowed to enter a credit card affiliated store. In a payment processing method using a credit card for performing payment using the credit card, a specific credit card number issued to the user is provided to a user information processing device used by each user. A predetermined substitute code used in place of the specific credit card is stored, and the credit card number for each individual user and the substitute Correspondence information indicating the correspondence with the code is stored, and the information is stored in both the information processing device for the user and the information processing device for the approved trader. And a predetermined algorithm for generating a payment identification code by arithmetic processing using the common data. When a payment is performed, an information processing device for a user and an information processing device for an approved trader are stored. In both cases, the same payment identification code is generated by performing the arithmetic processing by the above algorithm using the common data,
In addition, the common data is set to be different for each individual user, and the above algorithm is set so that a different payment identification code is generated each time a payment is made, and the user is provided with a specific When making a payment to a member store, a substitute code stored in the user information processing device and a substitute code generated by the user information processing device are transmitted to the member store information processing device managed by the member store. The payment identification code is transmitted to the member store information processing device, and the member store information processing device transmits the substitute code and the payment identification code transmitted from the user information processing device to the authorized trader information processing device. The information processing device for an authorized trader that issues a request and receives the settlement request responds to the transmitted substitute code based on the correspondence information stored in advance. Identifies the user by referring to the credit card number, generates a payment identification code by arithmetic processing using the common data for the user,
The payment request is approved on condition that the generated payment identification code matches the transmitted payment identification code.

(2) The second aspect of the present invention is the above-mentioned first aspect.
In the settlement processing method using a credit card according to the aspect of the present invention, a unique code is used for each credit card as a substitute code used in place of a specific credit card number. The information processing apparatus can refer to the credit card number corresponding to the transmitted substitute code on a one-to-one basis.

(3) A third aspect of the present invention is the above-mentioned first aspect.
Alternatively, in the settlement processing method using a credit card according to the second aspect, a substitute code used in place of a specific credit card number is generated using the specific credit card number. is there.

(4) The fourth aspect of the present invention is the above-mentioned first aspect.
In the settlement processing method using a credit card according to the third to third aspects, the information is stored in both the information processing device for the user who has issued the specific credit card and the information processing device for the authorized trader. As the common data, data including a substitute code for the specific credit card is used.

(5) The fifth aspect of the present invention is the above-mentioned first aspect.
In the settlement processing method using a credit card according to the third aspect, as the common data stored in both the information processing device for the user and the information processing device for the approved trader, the magic code whose content changes according to time is used. Is used.

(6) The sixth aspect of the present invention is the above-mentioned first aspect.
In the settlement processing method using a credit card according to the third aspect, the settlement date, the settlement time, or the settlement date and time is set as the common data stored in both the user information processing device and the authorized trader information processing device. In this case, data including the code shown is used.

(7) A seventh aspect of the present invention is the above-mentioned first aspect.
In the payment processing method using a credit card according to the third to third aspects, data including a code indicating the number of payments is used as common data stored in both the information processing device for the user and the information processing device for the authorized trader. It is like that.

(8) The eighth aspect of the present invention is the above-mentioned first aspect.
In the settlement processing method using a credit card according to the seventh to seventh aspects, the information processing device for the user and the information processing device for the authorized trader are connected via a network, and the common data or the payment identification code is set every predetermined period. The processing for changing the content of the generation algorithm is performed.

(9) The ninth aspect of the present invention is the above-mentioned first aspect.
In the settlement processing method using a credit card according to the eighth to eighth aspects, information indicating a credit card usage limit can be stored in the user information processing apparatus,
When a payment exceeding the usage limit is made, a warning to that effect is presented.

(10) According to a tenth aspect of the present invention, in the settlement processing method using a credit card according to the first to ninth aspects, a specific user is provided with a credit card from a plurality of credit card companies. At the time of issuance, a separate substitute code is created for each credit card and stored in the information processing device for the user. Correspondence information indicating the correspondence is stored so that a payment process can be performed for a specific credit card selected by the user from a plurality of credit cards.

(11) An eleventh aspect of the present invention is the settlement processing method using a credit card according to the first to tenth aspects, wherein the information processing apparatus for a user, the information processing apparatus for a member store, The information processing apparatuses for traders are respectively connected via a network, and when a user makes a shopping at a virtual shopping mall opened on a Web page of a member store, a substitute code and a payment identification code are transmitted via the network. In this way, settlement is performed.

(12) According to a twelfth aspect of the present invention, in the settlement processing method using a credit card according to any one of the first to eleventh aspects, the information processing device for a user is provided with an IC card and the IC card. A reader / writer device for transmitting information to and a computer for accessing an IC card via the reader / writer device;
At least at the time of performing a payment process, an IC card is attached to a reader / writer device and accessed by a computer, thereby realizing a function as a user information processing device.

(13) According to a thirteenth aspect of the present invention, in the settlement processing method using the credit card according to the twelfth aspect, at least the common data and the secret algorithm are stored in a memory in the IC card, The generation processing of the payment identification code is executed in the IC card.

(14) According to a fourteenth aspect of the present invention, at least a common data and a payment identification code generating means can be used in the above-described thirteenth aspect of the payment processing method using a credit card. The present invention realizes an IC card having a function of storing the above algorithm and internally generating a payment identification code.

[0022]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention will be described below based on an embodiment shown in the drawings.

§1. Traditional general on the Internet
To Do settlement processing method beginning, explaining the procedure of the settlement processing method according to a conventional general credit card when shopping in a virtual shopping mall on the Internet. FIG. 1 is a block diagram showing this procedure. In this example, the user information processing device 100, the member store information processing device 200, and the authorized trader information processing device 300 are connected via the Internet 400. The user information processing apparatus 100 is an information processing apparatus under the control of the user. Generally, a personal computer or a portable information terminal apparatus having a function of connecting to the Internet 400 is used as the user information processing apparatus 100. ing. The member store information processing device 200 is an information processing device managed by a credit card member store, and is generally a virtual shopping mall W
A Web server device that provides a web page site is used as the member store information processing device 200.
The information processing device 300 for the approved company is an approved company (the credit card company itself or a specific company entrusted by the company) having the authority to approve the settlement by the credit card.
The information processing apparatus is managed by a host computer, and is usually configured by a relatively large-scale host computer.

The user has been issued a credit card 10 from a credit card company, and the credit card 10 contains information such as the user's name N, credit card number C, and expiration date D (usually, Carved by embossing). Of course, depending on the credit card, various other information may be described. On the other hand, this credit card 10
The information described above is the information processing device 300 for the approved trader.
It is also registered in the database inside. This database also stores data such as the address, telephone number, work place, and past settlement history of each user.

In order to use a virtual shopping mall operated by a member store, the user must use the user information processing apparatus 10.
The user may access a predetermined Web page of a site in the member store information processing apparatus 200 using the Web browser function of No. 0. Now, let us consider a case where a user purchases a desired product on this Web page and uses the credit card 10 to settle the price. In this case, the user prepares the credit card 10 at hand, and on the Web screen,
Information such as name N, credit card number C, and expiration date D is input using a keyboard or the like. The input information is transmitted to the member store information processing apparatus 200 via the Internet 400. Normally, this transmission process is performed by a protocol such as SSL that ensures security, and therefore, the possibility that such information is stolen on the transmission path of the Internet 400 is extremely small. When the information transmitted by the user reaches the member store information processing device 200 in this way, the member store adds information such as its own store name and payment amount, and transmits the information to the Internet 400. Via (in some cases,
(Via another communication line), the information processing apparatus 300 for the approved trader
Submit to for approval. The approved trader checks the information registered in the database in the approved trader's information processing device 300 with the information transmitted from the member store, and approves the settlement if there is no problem.

After all, the name N,
Information such as the credit card number C and the expiration date D is transmitted from the user information processing apparatus 100 to the member store information processing apparatus 2.
00 to the member store information processing device 200
Is transmitted to the information processing apparatus 300 for approved traders. The security of such transmission routes is
As described above, it is ensured to a practically sufficient level by technology such as SSL. However, such security measures are based on the premise that the merchant itself will not act illegally. Information about credit cards of many users is stored in the member store information processing device 200. In the unlikely event that there is an employee in the member store who illegally obtains and accumulates such stored information, the information is passed on. In such a case, security measures for credit card information are completely overturned. The present invention proposes a new settlement processing method for solving such a problem.

§2. Basic outline of settlement processing method according to the present invention
Following precaution, with reference to the block diagram of FIG. 2, for explaining the basic concept of the method for processing settlement using a credit card according to the present invention. The example shown in FIG. 2 shows a procedure of a settlement process among three users, a member store, and an approver, like the example shown in FIG. In the meaning of the n-th user, a processing procedure when a specific user Un performs a payment process will be described. The suffix "n" of each code shown in the figure indicates that this is information on the n-th user.

As in the example shown in FIG. 1, also in the example shown in FIG. . After all, the user information processing apparatus 100 is an information processing apparatus under the control of the user. Generally, a personal computer or a portable information terminal apparatus having a function of connecting to the Internet 400 is used as the user information processing apparatus 100 Will be used. However, in practice, it is preferable to use the IC card as a part of the information processing device 100 for a user, as described later in §3. As described above, the member store information processing device 200 is an information processing device managed by a credit card member store,
It is configured by a Web server device that provides a site for page b. In addition, the information processing apparatus 300 for an approved trader
As described above, it is constituted by a relatively large-scale host computer managed by an approval agency, and has a function of storing various information on each user as a database.

The payment processing method shown in FIG. 2 is a payment processing method using a credit card, and is the same as the conventional payment processing method shown in FIG.
That is, the n-th user Un has been issued a credit card 10 in advance by a credit card company, and the credit card 10 has a user name N
n, credit card number Cn, and expiration date Dn. However, with traditional payment processing methods,
Although it is necessary to notify the member store of each of these pieces of information, the settlement processing method according to the present invention eliminates the need. However, in order to use this new payment processing method,
It is necessary for the user to carry out a predetermined preparation procedure with an approved trader in advance.

This preparation procedure is performed between a specific user Un and an approved business operator by using a substitute code SUBn and common data CO.
This is a procedure for determining the settlement information 20 of Mn and the secret algorithm ARGn. The substitute code SUBn is the user U
n is a code used in place of the credit card number Cn issued to the affiliated store n. For a member store, this substitute code SU is used instead of the credit card number Cn.
Bn will be notified. This substitute code SUBn
Is stored in the user information processing apparatus 100 and also in the approved trader information processing apparatus 300.
Moreover, the information is stored in the information processing apparatus 300 for the approved trader as the correspondence information 30 indicating the correspondence between the substitute code SUBn and the credit card number Cn. Originally, the credit card numbers issued so far are stored in the information processing apparatus 300 for the authorized trader for each of a large number of users. In the present invention, in the information processing device 300 for the approved trader, the correspondence information 30 indicating the correspondence with the credit card number for each user is further provided.
As each substitute code is stored, when a specific substitute code is notified to the approved trader, the credit card number corresponding to the specific substitute code can be referred to, and the user can be specified.

In order to make a specific credit card number correspond one-to-one to a specific substitute code,
A unique substitute code may be defined for each credit card. By defining a unique substitute code for each credit card in the world and using such a unique substitute code, a specific substitute code and a specific credit card can be determined based on the correspondence information 30. The numbers can be made to correspond one-to-one. That is, the approving trader who has received the settlement request using the specific substitute code,
Correlation information 3
0 can be referenced.

The simplest method of defining such a unique substitute code is to generate a random number having a sufficient number of digits and determine a substitute code of a predetermined digit based on the random number. In the method using such random numbers, in theory, the exact same substitute code may be generated by accident, but a random number with a sufficient number of digits that can be regarded as practically zero is unlikely. If used, a substantially unique substitute code can be obtained. A more practical way to define a unique surrogate code is to use a credit card number. Currently distributed credit card numbers are unique and unique 16-digit numbers all over the world due to mutual adjustment of each credit card company. Therefore, if you use a method that uses the credit card number itself to determine a substitute code for a specific credit card number,
Again, unique substitution codes can be defined.
Specifically, for example, a hash value obtained by applying a hash function to the credit card number Cn (or a data string to which a user name Nn is added as necessary) is written to the credit card number Cn.
May be used as a substitute code.

On the other hand, the common data COMn is data to be stored in both the user information processing apparatus 100 and the authorized trader information processing apparatus 300. It may be data. For example, the above-mentioned substitute code SUBn
Can be used as it is as the common data COMn. However, in order to ensure security, it is preferable that the common data COMn is held as secret data only between the user Un and the authorized trader,
In that sense, not only the substitute code SUBn,
Preferably, more complex data is used. A more practical example of the common data COMn will be described in §3. Similarly, the secret algorithm ARGn is
Any algorithm may be used as long as it is to be stored in both the user information processing apparatus 100 and the approved trader information processing apparatus 300 and defines some arithmetic processing using the common data COMn. However,
In order to ensure security, it is preferable that the secret algorithm ARGn is also held as a secret algorithm only between the user Un and the authorized trader, and in such a point, analogy by a third party becomes difficult. like,
It is preferable to make the algorithm as complicated as possible.

The secret algorithm ARGn has a function of generating a predetermined payment identification code ID (n, i) by an operation using the common data COMn. The character "n" of the payment identification code ID (n, i) indicates that it is a code for the n-th user Un, and the character "i" is generated for the i-th payment. This indicates that the code is used. In other words, the payment identification code ID (n, i) is a code that is different for each user, and is a code that is different each time payment is performed. As described above, the common data COM
Since n is different data for each user, the settlement identification code ID generated using this common data COMn
(N, i) is, of course, a different code for each user, but even if the payment identification code ID (n, i) is generated for the same user Un, at the time of the first payment, The payment identification code ID (n, 1) is generated, and at the time of the second payment, the payment identification code ID
For example, (n, 2) is generated, so that a different payment identification code ID (n, i) is generated for each payment. Conversely, an algorithm may be defined such that a different payment identification code is generated each time a payment is made, as the secret algorithm ARGn.

Thus, in this preparation stage, the user Un
The substitute code SUBn, the common data COMn, and the secret algorithm ARGn are defined between the user and the approved trader, and the settlement information 20 is stored in both the user information processing apparatus 100 and the approved trader information processing apparatus 300. Is done.
Here, the substitute code SUBn and the common data CO
Both Mn and the secret algorithm ARGn show different examples for each user.
RGn does not necessarily need to be changed for each user, but is used for all users.
G may be used. In practice, it is preferable to use a common secret algorithm ARG for all users for simple operation.

As described above, the same settlement information 20
Is stored, and the settlement identification code ID (n, i) generated for the i-th settlement of the n-th user Un on the user information processing apparatus 100 side and the information processing apparatus for the approval trader This code is exactly the same as that generated on the 300 side. In other words, both the user information processing apparatus 100 and the approved trader information processing apparatus 300 perform the arithmetic processing by the secret algorithm ARGn using the common data COMn, so that the same payment identification code and payment identification code ID (n , I) will be generated.

When the above-mentioned preparation procedure is completed, the user Un can make a credit card payment using this new payment processing method. Now, consider a case where a user Un purchases a desired product on a Web page provided by a member store and uses the credit card 10 to settle the price. In the conventional method, as described in FIG. 1, it is necessary to transmit the name Nn, the credit card number Cn, and the expiration date Dn to the member store information processing apparatus 200. However, in the method according to the present invention, At least, the substitute code SUBn stored in the user information processing apparatus 100 and the settlement identification code ID (n, i) generated by the user information processing apparatus 100 may be transmitted. The member store information processing device 200 issues a payment request by transmitting the substitute code SUBn and the payment identification code ID (n, i) transmitted from the user Un to the information processing device 300 for the authorized trader. .

Upon receipt of such a settlement request, the information processing apparatus 300 for an approved trader first refers to the credit card number Cn corresponding to the transmitted substitute code SUBn based on the correspondence information 30 to thereby allow the user Un
To identify. Conventionally, the user Un is specified by receiving the credit card number Cn. In the present invention, the user Un is specified by transmitting the substitute code SUBn instead of the credit card number Cn. Will be possible. Subsequently, the information processing apparatus 300 for the approved trader generates the settlement identification code ID (n, i) by performing an operation based on the secret algorithm ARGn using the common data COMn for the user Un. The payment identification code ID transmitted together with the payment request from the member store information processing device 200 side
(N, i) and internally generated payment identification code ID
It is determined whether (n, i) matches. If the two match, the settlement request from the member store information processing device 200 is determined to be a request based on the legitimate card use of the user Un, and the request is approved. Of course, if the two do not match, it is determined that the request is some sort of improper request or a request based on some error, and a rejection process is performed on the payment request.

In practice, the user information processing apparatus 1
The information transmitted from 00 to the member store information processing apparatus 200 includes not only the substitute code SUBn and the payment identification code ID (n, i), but also information such as the name and address of the user Un, and information about the shopping object. Although data indicating the product and the number of such products are also included, illustration of such information transmission is omitted. The information transmitted from the member store information processing apparatus 200 to the approved trader information processing apparatus 300 includes not only the substitute code SUBn and the payment identification code ID (n, i), but also the name of the user Un and the payment. Data such as an amount and an identification code for specifying the member store itself will be included, but illustration of such information transmission is also omitted.

As described above, according to the settlement processing method of the present invention, the same smooth settlement processing as the conventional settlement processing method can be performed. What is more important is that information such as the credit card number Cn and the expiration date Dn is not transmitted to the member store. The expiration date Dn can be transmitted without any problem. However, if the credit card number Cn is transmitted to the member store, a problem arises in security. As previously mentioned,
In the member store information processing device 200, the name N of the user Un
This is because the data of n and the credit card number Cn is accumulated, and there is a risk of unauthorized use.

A feature of the present invention is that security is improved by combining the substitute code SUBn and the settlement identification code ID (n, i). This is because the settlement process using only the substitute code SUBn causes a problem in security. That is, if
If the settlement processing using only the substitute code SUBn is performed, the name Nn and the substitute code SUBn of the specific user Un are stored in the member store information processing apparatus 200. And substitute code S
There is a risk that a criminal who stole UBn may access the information processing apparatus 300 for an authorized trader by unauthorized means and make a payment request that makes it appear that the user Un has performed shopping. However, in order to make a proper payment in the present invention, a combination of the substitute code SUBn and the payment identification code ID (n, i) is required. Moreover, the payment identification code ID
Since (n, i) is set to be a different code each time a payment is made, the same payment identification code ID
Payment using (n, i) is limited to only once. By any chance
Even if there is a second payment request using the same payment identification code ID (n, i), the information processing apparatus 300 for the approved trader
Will deny such a settlement request.

For example, if the user Un has made a valid payment as the i-th payment, the substitute code SUB
n and the payment identification code ID for the i-th payment
Since (n, i) is transmitted to the information processing apparatus 300 for an approved trader, in this case, it is approved as a legitimate payment request. At this time, since the substitute code SUBn and the payment identification code ID (n, i) used for the payment remain in the member store information processing device 200, the employee of the member store, etc. They may use the information to make false payment requests. However, since such a false payment request is the (i + 1) -th payment request, the information processing device 30 for the authorized trader
The payment identification code generated within 0 is ID (n, i + 1)
On the other hand, since the payment identification code transmitted by the false payment request is ID (n, i), the two do not match, and the false payment request is denied.
In other words, the payment identification code ID (n, i) is a disposable code for each payment. Even if the substitution code SUBn and the payment identification code ID
Even if (n, i) is stolen, false payment is not approved.

As described above, in the settlement processing method using a credit card according to the present invention, there is no need to notify the member store of the credit card number Cn, so that unauthorized use of the credit card number Cn due to theft can be prevented. it can. It is necessary to inform the member store of the substitute code SUBn and the payment identification code ID (n, i), but since the payment identification code ID (n, i) is a disposable code that differs for each payment, the member store is stolen. Even if you do, it will not be used illegally.

§3. Specific Payment Processing Method According to the Present Invention Next, a more specific embodiment of a payment processing method using a credit card according to the present invention will be described. A first feature of the embodiment described here is that the user information processing apparatus 100
The second feature lies in that the present invention can be applied to a plurality of credit cards.

FIG. 3 is a block diagram showing the basic configuration of the user information processing apparatus 100 used in this embodiment. In the example shown here, the information processing device for user 100
Comprises a personal computer 110, a reader / writer device 120, and an IC card 130. IC card 130
Any type of IC card may be used as long as it has an arithmetic processing function including a CPU and a memory. Recently, various types of IC cards have begun to spread as portable information recording media replacing magnetic cards. Generally, an IC card can add various functions by loading software. Therefore, when the settlement processing method according to the present invention is performed using the IC card, a new dedicated IC card is not necessarily used. There is no need to distribute to users. If the user already has an IC card, the user can simply load the IC card with dedicated software and / or data for executing the settlement processing method according to the present invention. The present invention can be carried out by using the IC card as it is.

The reader / writer device 120 is a general-purpose reading / writing device for transmitting information to the IC card 130, and the personal computer 110 is connected to the reader / writer device 12.
0 is a general-purpose computer that accesses the IC card 130 via the Internet. In recent years, the personal ownership rate of personal computers has increased, and a considerable number of users have personal computers and have an Internet connection environment. When the settlement processing method according to the present invention is used, a general-purpose reader / writer device 120 is connected to such a general-purpose personal computer 110, and an IC card 13 loaded with predetermined software is used.
0 may be prepared. If the IC card 130 is mounted on the reader / writer device 120 and accessed by the personal computer 110, the system as a whole is
It will function as the user information processing apparatus 100 described in §2.

As described above, in this embodiment, the personal computer 1
10, the reader / writer device 120 and the IC card 130 constitute the information processing device 100 for the user.
0 performs the main function as the information processing device 100 for the user, and the personal computer 110 and the reader / writer device 120
Merely serves as an interface for connecting the IC card 130 to the Internet 400. That is, any information that plays an important function in the present invention is stored in the IC card 130. Hereinafter, information stored in the IC card 130 will be described.

As shown in FIG. 3, in the IC card 130, "PRG", "ARG", "PIN", "DAT"
"E" and "MAG" are stored. here,
“PRG” is a program for causing the IC card 130 to function as a main component of the user information processing apparatus 100 according to the present invention, and each function of the user information processing apparatus 100 described in §2 is It will be realized under the control of the program. "ARG"
Secret algorithm ARG in settlement information 20 shown in FIG.
n, and the same secret algorithm is stored in the information processing device 300 for the approved trader. In this embodiment, the same algorithm is used for all users. The next “PIN” is a user Un for enabling the use of this IC card 130.
It is its own identification code. After attaching the IC card 130 to the reader / writer device 120, the user Un performs an operation of inputting a correct “PIN” code from the personal computer 110. The entered “PIN” code is stored in the IC card 13
It is checked against the “PIN” code inside 0, and if the two match, the subsequent access to the IC card 130 is permitted. This “PIN” code collation function is an existing function that is always provided in the general IC card 130, and is not a function unique to the present invention. “DATE” is data indicating the current date and time, and is generally notified externally to the IC card 130 (in an IC card, it may be checked whether the notified date is sequential. ). Also,
“MAG” is a so-called magic code, which is used as a part of the common data COMn, and the same magic code is stored in the information processing device 300 for the approved trader, as described later.

Of the above information, “PIN” is a basic code for using the IC card 130,
Since “DATE” is data externally provided to the IC card 130, any of the “DATE” can be said to be information provided as a standard feature in a general IC card. On the other hand, "PRG", "ARG", "MAG"
This is dedicated information prepared for implementing the present invention, and is information that is externally loaded when the user Un performs a preparation procedure. Existing IC already owned by user Un
Cards (for example, IC cards that function as employee ID cards,
In the case where various IC cards, such as an IC card that functions as a consultation ticket and an IC card for storing service points, are actually used, are also used for the present invention, the preparation procedure is required. At this time, the dedicated information may be loaded from the personal computer 110 to the IC card 130 side. These dedicated information to be loaded may be stored in a CD-ROM or the like and distributed to the user Un, or may be downloaded to the personal computer 110 via the Internet 400. Of course, if an IC card pre-loaded with data such as "PRG", "ARG", and "MAG" is used to issue an employee ID card, consultation ticket, service point card, etc. and distribute it, The process of loading the data is unnecessary.

In the preparation procedure, the work performed by the user Un includes loading these dedicated information into the IC card 130 (as described above, if the IC card loaded with the dedicated information in advance is distributed). This loading operation is unnecessary.) This is an operation of inputting data relating to the credit card into the IC card 130. In the example shown in FIG. 3, the user Un has received credit cards α and β from two different credit card companies, and the information of the two credit cards is stored in the IC card 1.
An example is shown in which the information is input to 30 and used. Such information input can be performed based on the processing function of the program "PRG" already loaded in the IC card 130. In the illustrated example, the name αNn, credit card number αCn,
The expiration date αDn and the name βNn, credit card number βCn, and expiration date βDn described on the credit card β are written in the IC card 130 (the names αNn and βNn are the same). There is no need to be, for example, one may be in the name of a family.) The user Un holds the credit cards α and β at hand, and
Work to input these data. In this example, use limit amounts αLn and βLn are further input.
Regarding the roles of the usage limit amounts αLn and βLn, see §4
This will be described in a modified example.

Thus, for each credit card α, β, the name αNn, βNn, credit card number αC
n, βCn, expiration date αDn, βDn, usage limit αL
When the input operation of n and βLn is completed, subsequently, processing for generating substitute codes αSUBn and βSUBn is performed. In the embodiment shown here, a processing routine for generating this substitute code is incorporated in the program "PRG" loaded on the IC card 130, and the user U
n in the IC card 130 based on the credit card numbers αCn and βCn
n, βSUBn are generated and the IC card 130
Stored internally. Specifically, in the case of this embodiment,
Credit card number αCn, β consisting of 16 digits
A hash function is applied to Cn, and the obtained hash values are used as substitute codes αSUBn and βSUBn. In order to further increase security, 1
It is preferable to add a character string (for example, a magic code “MAG”) to the six-digit credit card number before applying the hash function. Generally, a hash function is a one-way function, and anyone can perform an operation of applying a hash function to a credit card number Cn to obtain a hash value (substitute code) SUBn. SUBn cannot be returned to the original credit card number Cn. Therefore, if the hash value is used as the substitute code SUBn,
Even if the substitute code SUBn is known to a third party, there is no risk that the credit card number Cn is known.

In the embodiment shown here, the number of payments αi, βi for each credit card α, β
It is stored in the card 130. Settlement count α
i and βi are numbers indicating how many times the settlement process according to the present invention using the respective credit cards α and β has been performed so far. At the stage of the preparation procedure, these settlement times αi and βi are initially The value is set to 0. Thereafter, each time the settlement processing according to the present invention is performed, the number of settlements αi, βi
Will increase by one each.

By such a preparation procedure, the IC card 13
The information that is to be stored in 0 is sent to the approved trader. That is, the information in the IC card 130 is sent to the information processing device 300 for the approved trader via the reader / writer device 120, the personal computer 110, and the Internet 400, and is also notified to the approved trader side (“PI
It is not necessary to notify the approval provider about "N").
This transmission process is an SS that can secure sufficient security.
L and the like. On the approval side, the correspondence information 30 based on the information transmitted in this manner.
Create However, on the approval side, the name Nn of each user Un, the credit card number Cn,
Since information such as the expiration date Dn, address, and telephone number has already been prepared as a database, it is only necessary to actually perform processing for adding a substitute code SUBn to this database.

With the above operations, the preparation procedure is completed. In the example of the preparation procedure described above, the IC card 13
0, a substitute code SUBn is generated and transmitted to the approved trader information processing apparatus 300 side.
0 may generate a substitute code SUBn and transmit it to the IC card 130 side, or the IC card 130 and the information processing device
00 may independently perform a process of generating a substitute code SUBn. (If the same hash function is applied to the same credit card number Cn, the same substitute code SUBn is generated.) Is done). In short, by the above-mentioned preparation procedure, the substitute code SUBn for each credit card and the information used as common data (in this example, as described later, the substitute code SUBn itself, the number of payments i, “DATE”,
The preparation procedure may be performed by any procedure as long as the "MAG" data) is stored in both the IC card 130 and the information processing device 300 for the approved trader.

When such a preparation procedure is completed, this I
The C card 130 itself can be used as a substitute card for the credit cards α and β. In other words, this IC card 130 is a credit card α,
It will function as the so-called “child card” of β.
FIG. 3 shows the information of the two credit cards α and β in an IC
An example in which the information is entered in the card 130 is shown. Of course, information on three or more credit cards is
It is also possible to input into the card 130, and the user U
n can use the IC card 130 as a "child card" of many credit cards. In addition, since the IC card 130 is essentially a card equivalent to each credit card (a card for the same credit account), in order to issue the IC card 130, a new examination by each credit card company is performed. You do not need to receive it. Some credit card companies provide a service for issuing a "child card" in the name of the user's family called a so-called "family card". To do so, it is necessary to submit an application form to that effect to the credit card company and undergo a preliminary review. The IC card 130 issued according to the present invention is a card having completely different characteristics from such a “family card”, and is essentially a card using the same account as the original credit card. In that case, a new examination by a credit card company is not required, and smooth issuance is possible without going through complicated office work.

Next, a procedure of a settlement process using the IC card 130 will be described. As described above, the IC card 130 does not necessarily need to be a dedicated card used in the present invention, and can be shared for various other uses. When the user Un uses the IC card 130 for the payment processing according to the present invention, the reader / writer 1
20 may be attached. When the user Un is connected to the personal computer 110
In order to access the Web page of the virtual shopping mall of the member store by using and to perform payment by credit card, the following operation may be performed. First, the IC card 130 is mounted on the reader / writer device 120, and the personal computer 1
10 is used to enter "PIN" data. When the verification of the “PIN” data is completed inside the IC card 130,
Next, an input is made to select which credit card is to be used for payment. For example, when the user Un performs a selection input to make a payment with the credit card α, the name Nn of the user Un, the substitute code αSUBn for the credit card α, and the payment (the αi-th payment)
Payment identification code αID (n, αi) generated for
Is transmitted to the member store information processing apparatus 200 via the Internet 400 (actually, the information indicating the address of the user Un, the purchased goods and the quantity, and the like are also transmitted). Will be). Such processing is
This is performed by a link operation of the program “PRG” in the IC card 130 and the program in the Web server of the member store information processing apparatus 200.

As already described in §2, the member store information processing apparatus 200 includes the name Nn, the substitute code αSUBn, the payment identification code αID (n, αi) of the information transmitted from the user Un side. , The settlement amount and the identification code for identifying the member store itself
To send a payment request. Approval trader information processing device 3
00 refers to the credit card number αCn corresponding to the substitute code αSUBn, and specifies that the settlement request is for the user Un. Then, the settlement identification code α generated in the information processing device 300 for the approved trader
After confirming that the ID (n, αi) matches the settlement identification code αID (n, αi) transmitted from the member store information processing device 200, the member store information processing device 20
Respond to 0 to approve the settlement.

Generally, in an IC card with a built-in CPU,
Sufficient security is ensured for the information stored in the internal memory, and it can be considered that there is no possibility that each piece of information in the IC card 130 shown in FIG. Therefore, even if the user Un loses the IC card 130, there is no possibility that various information stored therein leaks. Various information necessary for the settlement process of the present invention is not stored on the personal computer 110 side,
The reason why the information is stored in the IC card 130 is that the IC card has such high security. Moreover, in the embodiment shown here, the processing for generating the payment identification code ID (n, i) is also performed inside the IC card 130, so that the payment identification code ID (n, i) is stored in the personal computer 110. No processing history for generating i) remains. Thus, the payment identification code I
Common data COM required to generate D (n, i)
n and the secret algorithm ARG are all stored in the IC card 130, and the payment identification code ID
Generating (n, i) inside the IC card 130 is extremely effective in securing high security.

Next, a specific example of the common data COMn will be described with reference to the block diagram of FIG.
As described in §2, the common data COM in the present invention
The role of n is a role as a “seed” which is a source when the payment identification code ID (n, i) is generated using the secret algorithm ARG. Any data may be used as long as the data is stored in common to both and differs for each user Un. However, if the common data is data that can be inferred by a third party, it is not preferable in terms of security. Therefore, it is preferable to define as complicated data as possible as the common data. Further, according to the basic principle of the present invention, it is necessary to generate a different payment identification code ID (n, i) for each payment processing, and for that purpose, the original common data itself changes for each payment processing. It is preferable that the data have such a property as to perform the following.

Therefore, in this embodiment, common data is defined as shown in the lower column of FIG. That is, as the common data αCOMn for settlement using the credit card α, the substitute code αSUBn and the magic code MA
G, date / time DATE, and data composed of a combination of four data of the number of payments αi (for example, data obtained by directly combining the character strings constituting the four data), and similarly a credit card β
Is used as the common data βCOMn for settlement using the combination of four data of the substitute code βSUBn, the magic code MAG, the date / time DATE, and the number of settlements βi.

The reason why the substitute code SUBn is used as a part of the common data COMn is that different common data can be defined for each user. The substitute code SUBn is the credit card number Cn
This is a code given as a hash value of... Basically, the code is different for each individual user (actually, for each individual credit card). Therefore, if this substitute code SUBn is used as a part of the common data COMn, it is possible to define different common data COMn for each user.

On the other hand, the magic code MAG is a unique code (for example, an arbitrary character string) whose contents change according to the time (year, month, day, week, time, etc.). For example, "Pine" in January, "Plum" in February, "Sakura" in March, ...
Thus, the magic code MAG for 12 months is defined as an arbitrary character string, the magic code "matsu" is adopted for the settlement performed in January, and the settlement performed in February is performed. The security code can be further improved by using a magic code called "ume". Of course, Monday, Tuesday, Wednesday ...
Thus, different magic codes can be set for each day of the week, or different magic codes can be set for even-numbered days and odd-numbered days. In this way, the code whose content changes according to the time is written in the common data COMn.
It is extremely effective to include the information in a part of it, in order to make it difficult for a third party to analogize common data.

As described above, the date / time DATE is data indicating the date and time at the time of settlement. For example, data such as 3:00 pm on July 15, 2000 is incorporated in a part of the common data COMn. The first reason for incorporating such data into a part of the common data COMn is that the magic code M
Like AG, it is to make it difficult for a third party to analogize common data, and the second reason is to generate different common data for each settlement process. For example, i-th
If the first settlement is performed at 3:00 pm on July 15, 2000, and the (i + 1) th settlement is performed at 5:00 pm on the same day, the common data used for the i-th settlement The common data used for the (i + 1) -th payment is partially different, and the generated payment identification codes ID (n, i) and ID (n, i + 1) are also different. In implementing the present invention, the secret algorithm ARG needs to be an algorithm in which a different payment identification code is generated each time a payment is performed. Use common data that contains different data every time. ''
By adopting the algorithm described above, it becomes possible to generate a different payment identification code every time payment is performed without changing the skeleton of the algorithm itself.

Of course, the date / time DATE does not necessarily need to be a code indicating the settlement date and time.
A code including only the settlement date, such as July 15, 2000, or a code including only the settlement time, such as 3:00 pm, may be used. Also, 2
It is possible to use a code including even accurate seconds, such as 3: 13: 24.2 pm on July 15, 2000, but if a time code with a very high accuracy is used, the IC card 130 Since the time when the payment identification code is generated and the time when the payment identification code is generated in the information processing device 300 for the approved trader do not match, there is a possibility that the two payment identification codes do not match. In consideration of an error between the clock and the clock of the information processing device 300 for the authorized trader, a transmission delay time via the Internet 400, and the like, it is necessary to suppress the accuracy within a range in which the same time code is used for both.

In this embodiment, the number of settlements i (αi
Alternatively, βi) is incorporated as a part of the common data. The reason is, of course, to generate different common data for each settlement process. As described above, by incorporating the date / time DATE code into a part of the common data, in principle, it is possible to generate a different payment identification code every time payment is performed. However, due to the problem of the time accuracy described above, the accuracy of the code of date / time DATE cannot be improved much. Therefore, it is more preferable to incorporate the number of payments into a part of the common data than to generate a different payment identification code every time depending only on the code of date / time DATE. For example, assuming that a code “DATE / TIME DATE” is set with an accuracy of minute unit, if two settlement processes are performed at a time interval of 1 minute or more, these settlement processes differ in date / time. DATE will be used, but if two settlement processes are performed within one minute, the same date / time DATE will be used in both settlement processes. In order to avoid such adverse effects, it is preferable to incorporate the number of settlements i into a part of the common data. The number of payments αi and βi are updated sequentially each time the payment processing is performed.

After all, in the case of the embodiment shown in FIG. 4, the substitute code αSUBn, magic code MAG, date / time DAT
E, a predetermined secret algorithm ARG is applied to the common data αCOMn, which is a combination of four types of data, ie, the number of payments αi, to generate a payment identification code αID (n, αi) for the i-th payment. Will be. Similarly, in the i-th settlement using the credit card β, the substitute code βSUBn and the magic code MA
A predetermined secret algorithm ARG is applied to common data βCOMn, which is a combination of four types of data including G, date / time DATE, and number of payments βi, and a payment identification code βID (n, αi for the i-th payment. )
Is generated.

FIG. 5 is a diagram showing an example of information stored in the information processing device 300 for an approved trader, corresponding to the information stored in the IC card 130 shown in FIG. Here, “PRG” is the information processing device 3 for the approved trader.
00 is a program for performing an approval process for a settlement request, and “ARG” is the same secret algorithm stored in the IC card 130,
"ATE" is a code indicating the current date / time (generated based on a built-in clock of the information processing apparatus 300 for the approved trader), and the magic code MAG is the IC card 1
This is the same magic code as stored in 30. Also, as the data relating to the credit card α or β, data relating to a plurality of users U1, U2,. Here, for example, the n-th user Un related to the credit card α
As shown in the figure, data of name αNn, credit card number αCn, expiration date αDn, and usage limit α
LLn, the substitute code αSUBn, the number of payments αi, and the address, telephone number, payment amount data, and the like of the user Un are stored.

The processing for generating the settlement identification code ID (n, i) on the information processing apparatus 300 for the approved trader is exactly the same as the processing on the IC card 130 described above. That is, in the i-th payment using the credit card α,
Substitute code αSUBn, magic code MAG, date /
A predetermined secret algorithm ARG is applied to the common data αCOMn (data stored in the database in the information processing apparatus 300 for the approved trader) composed of a combination of four types of data, ie, the time DATE and the number of settlements αi. Payment identification code αID for i-th payment
(N, i) will be generated. Approval of the settlement request is performed by setting the settlement identification code αID (n, αi) generated in the IC card 130 in the process shown in FIG. 4 and the settlement generated in the information processing device 300 for the approved trader in the process shown in FIG. The determination is performed on condition that it matches the identification code αID (n, αi). Of course, after the settlement processing is completed, the number of settlements αi or βi is also updated on the approved information processing apparatus 300 side.

§4. Some Modifications Finally, some modifications of the payment processing method using the credit card according to the present invention will be described.

(1) In the embodiment described above, the common data COMn and the secret algorithm A
The RG is loaded in the IC card 130, and thereafter, the loaded common data COMn and the secret algorithm AR
Although G will continue to be used, in order to improve security, it is preferable to perform a process of changing the contents of the common data COMn and the secret algorithm ARG loaded in the IC card 130 every predetermined period. Specifically, similarly to the preparation procedure, the user information processing apparatus 100
And the information processing device 300 for the approved trader
00 and the change processing to the new common data COMn and the change to the secret algorithm ARG may be performed simultaneously.

(2) In the IC card 130 shown in FIG. 4, the credit limit αLn, β of each credit card α, β
Ln is set. On the other hand, in the approved information processing apparatus 300 shown in FIG. 5, the credit card usage limit (for example,
A usage limit amount αLLn) is set for the n-th user Un of the credit card α. here,
The usage limit amount αLLn set on the information processing device 300 for the approved trader is the original usage limit amount set by the credit card company, and the user Un pays the payment amount exceeding this usage limit amount αLLn in one month. Cannot be performed (such a settlement request would be denied). On the other hand, the usage limit amount αLn (or βLn) set on the IC card 130 is a limit amount that can be arbitrarily set by the user Un itself during the preparation procedure. In general, the same amount as the usage limit set by the credit card company may be set as the usage limit in the IC card 130, such as αLn = αLLn. However, a setting such as αLn <αLLn is dared. Can be used to set the purpose of self-management to reduce waste. When the use limit αLn is set, and a settlement is performed using the credit card α to exceed the use limit αLn, a warning to that effect is presented. For example, the accumulated value of the settlement amount for this month is recorded in the IC card 130, and when the sum of the amount to be newly settled and the accumulated value exceeds the usage limit αLn. Is an IC card 1
Some kind of warning display may be displayed on the screen of the personal computer 110 by the function of the program “PRG” in 30. If the setting of αLn <αLLn has been performed, the warning may be ignored and the payment may be executed. If the warning is issued, the payment may be rejected. You may keep it.

(3) In the above embodiment, the substitute code S
Although UBn is assumed to be a unique code, it is not always necessary to substitute the substitute code SU for implementing the present invention.
It is not necessary for Bn to be a unique code. In practice,
Since the user's name Nn is transmitted together with the substitute code SUBn to the information processing apparatus 300 for the approved trader, even if the substitute code SUBn is not unique, the combination of the substitute code SUBn and the name Nn is usually used. With this, the user Un can be specified.
However, since there are users having the same name and the same name, it is preferable to use a substitute code SUBn that is different from other users as much as possible, and it is preferable to set a unique substitute code SUBn.

(4) In the above-described embodiment, an example has been described in which payment for shopping at a virtual shopping mall on the Internet is performed on the Internet. However, the payment method according to the present invention is not necessarily limited to Internet payment. Not something. For example, when the user goes to an actual store for shopping or eating and pays for the price, the user can pay using the IC card 130 instead of using the credit cards α and β. In this case, the settlement may be performed by attaching the IC card 130 to the reader / writer device 120 installed in the store. One IC card 130 can function as a plurality of credit cards,
In addition, since it has various functions other than credit cards, if only one IC card 130 is possessed instead of having many credit cards, settlement using all credit card accounts Becomes possible. In such a usage form, the system in which the IC card 130 is mounted functions as the user information processing apparatus 100. The user information processing apparatus 100 does not necessarily need to be installed at the user's home, and in the case of the above-described usage mode, the personal computer 110 and the reader / writer apparatus 120 installed in the store are used as the user information processing apparatus 100. It is fulfilling the function.

(5) As described above, the user information processing apparatus 100 according to the present invention can be realized by using a portable information processing apparatus such as the IC card 130. I
At present, the C card alone does not have an Internet connection environment or data input function.
When performing payment in a virtual shopping mall on the Internet, it is necessary to configure the user information processing apparatus 100 in combination with the personal computer 110 and the reader / writer apparatus 120 as in the above-described embodiment. If a device having an environment that can be connected to the Internet alone, such as a mobile device or a portable information terminal device, can be used, by using such a device alone as the user information processing device 100, payment on the Internet can be performed. Will be possible.

[0075]

As described above, according to the settlement processing method using a credit card according to the present invention, it is possible to sufficiently secure security for each member store. In particular, according to the above-described embodiment, the following various effects can be obtained. (1) Use an IC card as a "child card" of a credit card
However, since the IC card has sufficient security measures, even if an accident such as loss or theft occurs, the security is higher than that of a real credit card. That is, it is extremely difficult to read data stored inside the IC card to the outside by unauthorized means, and since the credit card number is not described on the surface of the IC card, The credit card number cannot be recognized. Therefore, even if the credit card number is lost or stolen, the possibility that the credit card number is known to a third party is extremely low. (2) It is expected that it will take several years before IC card credits become widespread, but the method according to the present invention uses a formal IC card credit card, There is no hassle in the process of distributing cards or reviewing cards for issuance,
Quick introduction is possible. The present invention is particularly effective when carrying out credit shopping on the Internet. (3) In the present invention, it is possible to register a plurality of credit cards having different owners on one IC card. Therefore, for example, it is also possible to create an IC card that becomes a common “child card” of the credit card of the whole family, and flexible operation can be expected. (4) Since the necessary information can be recorded in the IC card which has been turned into a "child card", the amount of data to be key-inputted from the terminal device can be reduced. That is, since the substitute code and the payment identification code are automatically sent to the member store based on the program, it is not necessary for each user to input these codes. In practice, users need not even be aware of the existence of these codes.

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating a procedure of a conventional general credit card payment processing method when shopping at a virtual shopping mall on the Internet.

FIG. 2 is a block diagram illustrating a procedure of a credit card payment processing method according to the present invention when shopping at a virtual shopping mall on the Internet.

FIG. 3 is a block diagram showing a basic configuration in which the user information processing apparatus 100 used in the present invention is configured using an IC card 130.

FIG. 4 is a diagram showing a procedure for generating a payment identification code in the IC card 130 shown in FIG.

FIG. 5 is a diagram showing an example of information stored in an information processing apparatus 300 for an approved trader, corresponding to information stored in an IC card 130 shown in FIG.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 10 ... Credit card 20 ... Payment information 30 ... Correspondence information 100 ... User information processing apparatus 200 ... Member shop information processing apparatus 300 ... Approval trader information processing apparatus 400 ... Internet ARG, ARGn ... Secret algorithm C, Cn ... Credit card number COMn: Common data of n-th user D, Dn: Expiration date of credit card DATE: Current date / time code i: Number of payments ID (n, i): i-th time of n-th user MAG: Magic code N, Nn: User name PIN: User identification code PRG: Program SUBn, αSUBn, βSUBn: Substitute code for nth user Un: nth user α, β … Credit card α ○○…. ○○ on JIT card β

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04L 9/00 673E 675D F-term (Reference) 5B049 AA05 BB11 CC05 CC39 EE00 GG00 GG10 5B055 BB12 CB09 CC00 EE01 EE02 EE17 EE27 FA00 FB00 JJ00 KK00 5J104 AA07 JA01 KA01 KA21 MA01 NA01 NA12 NA35 NA36 NA40 PA10

Claims (14)

[Claims] 1. A payment processing method when a user who has been issued a credit card to which a predetermined number is given by a credit card company makes a payment to a member store of the credit card using the credit card. In a user information processing device used by each user, a predetermined substitute code used in place of a specific credit card number issued to the user is stored, and the specific credit card is used. In an information processing device for an authorized trader managed by an authorized trader having the authority to approve the settlement, correspondence information indicating a correspondence between a credit card number and a substitute code for each user is stored, and the information processing for the user is performed. While storing predetermined common data in both the device and the information processing device for the approved trader,
A predetermined algorithm for generating a payment identification code by the arithmetic processing using the common data is stored, and when the payment is performed, both the user information processing device and the approved trader information processing device By performing the arithmetic processing by the algorithm using the common data, the same payment identification code is generated in each case, and the common data is set to be different for each user. An algorithm is set such that a different payment identification code is generated each time a payment is performed. When a user performs payment for a specific franchise, the franchise managed by the franchisee A substitute code stored in the user information processing apparatus and a substitute code stored in the user information processing apparatus. And the generated payment identification code are transmitted, and the member store information processing device converts the substitute code and the payment identification code transmitted from the user information processing device into the approved trader information processing device. A settlement request is issued by transmitting the settlement request to the device, and the information processing device for the approved trader who has received the settlement request refers to the credit card number corresponding to the transmitted substitute code based on the correspondence information, thereby allowing the user to perform the settlement. And a payment identification code is generated by arithmetic processing using common data for the user, and the payment request is approved on condition that the generated payment identification code matches the transmitted payment identification code. A payment processing method using a credit card. 2. The settlement processing method according to claim 1, wherein a unique code is used for each credit card as a substitute code used in place of a specific credit card number, and the settlement request is received. A payment processing method using a credit card, wherein the information processing apparatus for an approved trader can refer to a credit card number corresponding to the transmitted substitute code on a one-to-one basis. 3. The settlement processing method according to claim 1, wherein the substitute code used in place of the specific credit card number is generated using the specific credit card number. A payment processing method using a credit card. 4. The settlement processing method according to claim 1, wherein both the information processing device for a user who has issued a specific credit card and the information processing device for an authorized trader. A data including a substitute code for the specific credit card is used as the common data stored in the credit card. 5. The settlement processing method according to claim 1, wherein the content is set as common data stored in both the information processing device for the user and the information processing device for the approved trader according to time. A payment processing method using a credit card, characterized by using data including a changing magic code. 6. The settlement processing method according to claim 1, wherein the common data stored in both the information processing device for the user and the information processing device for the authorized trader include a settlement date, a settlement time, Alternatively, a payment processing method using a credit card, wherein data including a code indicating a payment date and time is used. 7. The payment processing method according to claim 1, wherein a code indicating the number of payments is used as common data stored in both the information processing device for the user and the information processing device for the authorized trader. A settlement processing method using a credit card, characterized by using data including the credit card. 8. The settlement processing method according to claim 1, wherein the user information processing device and the authorized trader information processing device are connected via a network, and the common data is Alternatively, a payment processing method using a credit card, which performs a process of changing the content of an algorithm for generating a payment identification code. 9. The settlement processing method according to claim 1, wherein information indicating a credit card usage limit is stored in the user information processing apparatus, and the information exceeds the usage limit. A payment processing method using a credit card, wherein when a payment is made, a warning to that effect is presented. 10. The settlement processing method according to any one of claims 1 to 9, wherein when a specific user is issued a credit card from a plurality of credit card companies, each credit card is separately issued. A substitute code is created and stored in the information processing device for the user, and the information processing device for the approved trader stores correspondence information indicating a correspondence relationship between each substitute code and each credit card number. A payment processing method using a credit card, wherein payment processing can be performed for a specific credit card selected by a user from among the following. 11. The settlement processing method according to claim 1, wherein the information processing device for a user, the information processing device for a member store, and the information processing device for an authorized trader are connected via a network, respectively. Payment is performed by transmitting a substitute code and a payment identification code via the network when a user makes a shopping at a virtual shopping mall opened on a Web page of a member store. Payment processing method using a credit card. 12. The settlement processing method according to claim 1, wherein the user information processing device includes an IC card, a reader / writer device for transmitting information to the IC card, and the reader / writer device. And a computer that accesses the IC card via the IC card. At least when performing the payment processing, the IC card is mounted on the reader / writer device and accessed by the computer, so that the information processing device for the user is provided. A payment processing method using a credit card, wherein the payment processing method is realized. 13. The settlement processing method according to claim 12, wherein at least the common data and the secret algorithm are integrated into an IC.
A payment processing method using a credit card, wherein the processing for generating a payment identification code is stored in a memory in the card, and the processing for generating a payment identification code is executed in the IC card. 14. The method according to claim 13, wherein the credit card can be used in a settlement processing method using a credit card.
An IC card having at least a function of storing at least common data and an algorithm for generating a payment identification code and internally performing processing for generating a payment identification code.