+

WO2001095185A1 - Systeme et terminal informatique pour reseau longues distances, et procedes de cryptage-decryptage d'identification utilisateur - Google Patents

Systeme et terminal informatique pour reseau longues distances, et procedes de cryptage-decryptage d'identification utilisateur Download PDF

Info

Publication number
WO2001095185A1
WO2001095185A1 PCT/JP2001/004717 JP0104717W WO0195185A1 WO 2001095185 A1 WO2001095185 A1 WO 2001095185A1 JP 0104717 W JP0104717 W JP 0104717W WO 0195185 A1 WO0195185 A1 WO 0195185A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
user
customer
request
settlement
Prior art date
Application number
PCT/JP2001/004717
Other languages
English (en)
Japanese (ja)
Inventor
Kouei Nakashima
Original Assignee
Wincess Yugen Kaisha
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wincess Yugen Kaisha filed Critical Wincess Yugen Kaisha
Priority to AU2001260711A priority Critical patent/AU2001260711A1/en
Priority to JP2002502658A priority patent/JPWO2001095185A1/ja
Publication of WO2001095185A1 publication Critical patent/WO2001095185A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • the present invention relates to a wide area network information processing system suitable for providing services to users using a wide area network such as the Internet, and a terminal device suitable for use in this system.
  • the present invention also relates to a method for encrypting and decrypting identification information for payment suitable for encrypting identification information of a user used to identify a user in this system.
  • requests are usually made separately from request reception means (generally, a WWW server that establishes a sales homepage) to provide information on products, etc., so that charges can be collected safely from users. Judgment as to whether the user who has indicated the will of the request is trustworthy and only if the user is trustworthy is permitted to sell to that user, and payment for collecting a fee from that user An information processing device for processing is installed.
  • request reception means generally, a WWW server that establishes a sales homepage
  • payment information was transmitted by encrypting the payment information, or by transmitting only the payment information using a dedicated communication line such as a telephone line. It prevents leakage to third parties and misuse.
  • the user terminal If payment information is transmitted using a dedicated communication line, the user terminal must have a connection circuit to the wide area network and a connection circuit to the dedicated communication line. This increases the cost of the terminal on the user side, increases the financial burden on the user, and makes it difficult for the user to use it.
  • a request receiving means such as a WWW server transmits an input format of settlement information to the user side terminal.
  • the user had to input the payment information in accordance with the input form sent and sent it over the wide area network, which was not user-friendly.
  • leakage of the user's personal information occurs similarly in systems other than electronic payment systems using a wide area network.
  • the present invention has been considered in view of these problems.
  • the present invention reliably prevents personal information from being leaked, and reduces the user's safety.
  • the purpose is to make it available with care.
  • the request receiving means communicates with the user side terminal via the wide area network, and A process is performed to accept a request for a service that can be provided by the system from the terminal (for example, the above-mentioned settlement request for commercial transactions, a request for updating and searching for personal information, etc.). Then, upon actually receiving the service request from the user terminal, the request receiving means obtains, from the user terminal, encrypted identification information for identifying the user, and the user receives the encrypted identification information. It is transmitted to the information processing means together with the information indicating the requested service.
  • the information processing means decodes the identification information and the decoded identification information Is checked against a customer information database in which customer information is registered in advance for each user, thereby determining whether the user is a registered customer (in other words, a customer who can enjoy the service). If the customer is a customer who can enjoy the service, the information processing for realizing the service requested by the user based on the customer information registered in the customer information database I do.
  • a customer information database in which customer information necessary for providing a service to a user is registered for each user is created in advance, and when the user actually enjoys the service,
  • the identification information for identifying the user is encrypted and transmitted from the user terminal to the request receiving means.
  • customer information for example, personal information such as a user's name, address, account number, etc. Necessary for providing a service requested by the user is provided on a wide area network. Since there is no need to transmit the information and only the identification information that can identify the user in the system needs to be sent, it is possible to prevent the customer information of the user from being misused by third parties.
  • the information processing means receives the identification information input from the request receiving means and the information indicating the content of the service requested by the user, and performs a service for the user registered as a customer in advance.
  • the communication path between the information processing means and the wide area network is blocked by the request receiving means, it is possible to reliably prevent unauthorized access to the information processing means from the outside, and to prevent unauthorized access to customer information. It can be prevented from leaking outside due to access.
  • the request receiving means simply inputs the identification information of the user and the information indicating the contents of the service requested by the user to the information processing means, and the customer information is transmitted from the information processing means to the request receiving means. Is never transmitted, This can also prevent customer information from leaking to the outside.
  • a service providing system that can be used by users with peace of mind can be constructed.
  • the encrypted identification information is transmitted from the user side terminal to the wide area network, and this is acquired by the request receiving means on the wide area network.
  • the information processing means identifies the user based on the identification information and performs information processing for the service requested by the user.
  • the system could get into the system by acquiring all the information sent from the user terminal over the wide area network and using it as it is. Therefore, in order to more reliably prevent such a situation, the system may be configured as described in claim 2.
  • the request receiving unit when the request receiving unit acquires the identification information from the user terminal, the request reception unit transmits the identification information and a password corresponding to the identification information to the user terminal. Request. Then, the user terminal receiving the request requests the user to input a password corresponding to the identification information, and in response to the request, requests the password entered by the user and the identification information. The request is transmitted to the receiving means, and the request receiving means transfers the transmitted identification information and password to the information processing means. Then, the information processing means determines whether the user is a customer based on the identification information transmitted from the request receiving means and the password.
  • the invention (claims 1 and 2) is applied as a service to the user to a system that performs settlement processing required for commercial transactions on a network, and is obtained using a customer information database as information processing means. It is equipped with a payment means that performs payment processing to collect fees from users based on customer information (such as account numbers of financial institutions required for payment / credit card numbers, etc.).
  • the request receiving means provides information for a commercial transaction (for example, a homepage for internet shopping) which can be realized by the system in accordance with a request from the user terminal, and a result of the information provision is provided.
  • a settlement request for commercial transactions is received from the user terminal, the fee information indicating the fee to be collected from the user is transferred to the settlement means together with the identification information obtained from the user terminal.
  • customer information (such as an account number of a financial institution, a credit card number, etc.) required for settlement is transmitted to the network. It is not necessary to send the information on the network and only the identification information that identifies the user needs to be sent, so the account number of the financial institution of the user ⁇ credit card number is passed on to a third party, and the user is financially damaged. Can be prevented.
  • the site having the function as the request receiving means and the settlement means (information processing means) can be separated.
  • an information provider who has established a request receiving means (site) cannot acquire customer information of users.
  • the information processing means identifies the user by decoding the identification information transferred from the request receiving means, and the user stores the customer in the customer information database. If the user is a registered user, the payment process will be performed to collect the toll.However, in order to perform the payment process more reliably, it is necessary to be able to confirm whether the payment can be actually performed based on the customer information. desirable.
  • the settlement means determines that the user is a pre-registered customer based on the customer information database, an external (for example, a financial institution or a credit bureau) Credit check database, and conducts a credit check of the user.As a result of the credit check, the settlement process is performed only when the user is determined to be credible, and when the user is determined to be unreliable, It is preferable to configure the request receiving means to stop the commercial transaction with the user.
  • the settlement means is configured to directly connect to a management computer of a financial institution such as a bank or a credit card company and to collect a fee directly from the financial institution.
  • a management computer of a financial institution such as a bank or a credit card company
  • an external fee collection system such as a debit card settlement center
  • Payment processing may be performed via a collection system.
  • the systems described in claims 3 to 5 can be constructed individually by various sales companies that sell products or provide various services.However, when each sales company constructs this system individually, Using a sales company A user who wants to manage the identification information etc. for each sales company, which is extremely troublesome to manage.
  • the system is transmitted from various sales companies. It may be managed by a sales agency that conducts business transactions with users on behalf of the company.
  • the request receiving means when it is determined that the payment means can collect the fee from the user by the information processing means, transmits the result of the commercial transaction with the user to the corresponding sales It needs to be configured to notify the company.
  • the request receiving means and the settlement means are all managed by the sales agent company and only the result of the established commercial transaction is notified to the sales agent, the user can be provided with the sales agent.
  • the request receiving means and the settlement means information processing means
  • the settlement means information processing means
  • a sales company can order goods or services using a wide area network simply by outsourcing sales operations to a sales agency. This eliminates the need for sales companies to make capital investments necessary for business transactions using the wide area network, and allows them to easily expand sales channels simply by paying commissions to sales agents.
  • the receiving means is managed by a sales company that conducts commercial transactions with users
  • the settlement means is managed by a settlement agency that performs settlement processing on behalf of the sales company. You may.
  • the sales company that sells products and various services it is necessary for the sales company that sells products and various services to manage the request receiving means, but the information processing means for identifying the user from the identification information is outsourced from the sales company. Since the payment agency receives the information, the user only needs to register one piece of identification information with the payment agency, and the identification information can be easily managed.
  • the convenience of the user can be improved.
  • the sales company does not need to manage the customer information of the user required for the settlement, so that the system can be easily operated, and the user can send the customer information to the sales company. Since it is not known, the settlement system can be used with confidence.
  • the information processing system for a wide area network described in claim 8 converts the present invention (claims 1 and 2) into a so-called database system that manages personal information of users (in other words, private information).
  • a database system that manages personal information of users (in other words, private information).
  • an information processing means it has a personal information database in which personal information of the user is stored in association with the customer information obtained using the customer information database. If there is a request to register or search for personal information from a customer registered in the database, the system is equipped with a personal information management means that updates or searches for the personal information of the customer himself or herself registered in the personal information database in accordance with the request.
  • the request receiving means When the request receiving means receives a request for updating or searching for personal information registered in the personal information database from the user terminal, the request receiving means transmits the request for updating or searching for the personal information together with the identification information obtained from the user terminal. , Transfer to personal information management means.
  • the system according to claim 8 manages the user's personal information (private information) and updates the personal information according to the request from the user. Performs a search, but when a user updates or searches for personal information, only the identification information and a request for updating or searching are sent from the user terminal to the network. As a result, it is possible to prevent the user's private information from being passed to a third party and causing the user to be damaged.
  • update data is added to the system to identify the user. Since customer information that can identify the user (in this case, the user's address, telephone number, contact information, etc.) is not transmitted, it is assumed that a third party has illegally acquired the update data. However, it is not possible to identify who the update data belongs to, and it is possible to prevent users from being damaged by the leakage of the update data.
  • the search result may be transmitted using a dedicated communication line or a dedicated homepage protected by security.
  • the personal information (private information) of the user registered in the personal information database includes, for example, all information on the user's assets, career, hobbies, and the like.
  • information indicating the health condition of each user is registered in the personal information database as personal information, as described in claim 9, the individual personal It will be a very effective system for users because they will be aware of the condition and pay attention to health management.
  • a measuring device (a so-called vital measuring device) provided at the user's terminal is used, and the user's current biological characteristics (pulse, blood pressure, body fat, Oxygen, carbon dioxide, blood flow, blood, hair Hair, nails, oral film, oral mucosa, saliva, etc.) are measured and registered in the personal information database every day.
  • the accumulated personal information can be used by a doctor. By submitting the information to, a more appropriate diagnosis can be obtained.
  • the personal information management means as the information processing means determines a health condition for each user from the data stored in the personal information database, and writes the determination result to the personal information database. If the diagnostic process is executed periodically, the user can judge his / her own health condition from the result of the diagnosis. In this case, the diagnosis result may be directly delivered to the user by e-mail or the like.
  • the personal information for each user in the personal information database can be searched or updated by an individual who is permitted in advance for each user. Is also good.
  • a person other than the user who can update or search the personal information registered in the personal information database is associated with the customer information.
  • a user registered in the customer information database receives a personal information update or search request from a customer registered in the customer information database through the request receiving means, a personal database is created.
  • the information management means refers to the personal information user database, extracts personal information that can be updated or searched by the customer who has made a request for updating or searching for personal information, and updates or searches for the extracted personal information.
  • a search process may be performed.
  • the personal information stored in the personal information database is information on the user's assets
  • this can be disclosed to lawyers and tax accountants with whom the user has contracted.
  • the user is entrusted with the management of these assets so that they can check them as necessary. become.
  • the personal information when information indicating the health condition of a user is registered in the personal information database, the personal information is registered as described in claim 11.
  • the doctor or pharmacist specified by the user should be registered in the personal information user database so that the doctor and pharmacist can search and update the information.
  • the physician checks the personal information (information indicating the health condition) of each user registered in the personal information database and gives appropriate advice to the user. It also allows doctors to write medical records in a personal information database, making it possible to use medical treatment history and the current state of health of users (patients) at the time of consultation, thereby increasing efficiency. A good and appropriate diagnosis can be made.
  • a pharmacist accesses the personal information database so that the user (patient) can check or write down the medicine being taken at that time, double administration of the medicine by different pharmacists is prevented. be able to.
  • the physician can monitor how the health condition of the user has changed due to the administration of the drug, and can provide more appropriate medical treatment.
  • the user terminal communicating with the request receiving means can be connected to the wide area network.
  • Any terminal device may be used, but if any terminal device can access the request receiving means, the confidentiality of the above-mentioned customer information (or customer information and customer private information) cannot be ensured. It is also possible.
  • an authentication means is provided as described in claim 12, and the authentication means is a user terminal which has requested the service to the request receiving means. Authentication over a wide area network When the information is acquired and the authentication information is for a user who has been registered in advance, communication between the user terminal and the request receiving means may be permitted. That is, in this way, the terminal devices that can access the request receiving means can be limited to only the specific users registered in advance in the authentication means. In this case, only the specific user registered in the authentication means in advance can request the service from the request reception means, so that the confidentiality of the customer information and the like can be improved.
  • the only information to be transmitted together with the service request from the user terminal is the identification information of the user. Since there is no need to send information, users do not need to enter customer information every time they request a service as in the past. Therefore, according to the present invention, data input by the user can be reduced, and the operability of the user terminal can be improved.
  • the identification information transmitted from the user terminal is encrypted for security, but if the user inputs the identification information, the identification information must be encrypted at the user terminal.
  • a key for encryption must be stored in the user terminal. If the encryption key is stored in the user terminal in this way, a third party can use the key. This makes it possible to illegally access the system by illegally operating the user terminal, and there is a risk that the encryption key may be stolen by a third party. Therefore, in order to prevent such a problem and to further enhance the security of the system, the user side terminal may be configured as described in claim 13 or claim 14.
  • the invention according to claim 13 relates to a terminal device used as a user terminal in the information processing system for a wide area network according to any one of claims 1 to 11.
  • a storage medium in which the encrypted identification information is stored can be removably mounted, and further, there is provided information reading means for reading information from the mounted storage medium. Then, when there is a request for identification information from the request accepting means, the terminal device automatically reads out the requested information from the storage medium via the information reading device and sends out the information to the wide area network.
  • the terminal device is connected to the request receiving means by being used in the information processing system for a wide area network according to any one of claims 1 to 11.
  • the user does not need to input identification information himself / herself, thereby improving operability.
  • the storage medium storing the identification information is stored, the user can prevent unauthorized use by a third party, so that the security can be further improved.
  • the invention according to claim 14 relates to a terminal device used as a user terminal in the wide area network information processing system according to claim 12, and A storage medium storing user authentication information and identification information for connection can be detachably mounted, and an information reading means for reading each information from the mounted storage medium is provided. Then, the terminal device receives the authentication information from the authentication means or the request receiving means. When there is a request for information or identification information, the requested information is automatically read from the storage medium via the information reading device and transmitted to the wide area network. Therefore, according to the terminal device described in claim 14, by using the information processing system for a wide area network described in claim 12, the terminal device can be connected to the request receiving means, and the service can be provided.
  • the user does not need to input authentication information or identification information when transmitting a request for the user, and operability can be improved.
  • the user saves a storage medium storing such information, it can be prevented from being illegally used by a third party, so that the security can be further improved.
  • the terminal device When a user uses the system of the present invention, it is necessary to connect a user terminal (terminal device) to a wide area network.
  • the terminal device according to claim 13 or claim 14, further comprising: a storage medium storing the identification information (or the identification information and the authentication information), further storing connection information to the wide area network; If it is configured to automatically connect to a wide area network based on the connection information read from the storage medium, the usability of the user can be further improved.
  • the identification information, authentication information authentication, connection information, etc. are stored in the storage medium as described above, if the user keeps the storage medium, it is impossible to prevent unauthorized use by a third party. Yes, but if the storage medium reaches a third party due to loss, theft, etc., the third party will be able to enjoy unauthorized services using this storage medium.
  • a password is set in advance in the storage medium, and the terminal device itself is used as the information reading means.
  • the user is requested to enter a password, and the password is not set. If they match, it is preferable to prohibit the connection to the request receiving means.
  • the operation of determining the password of the storage medium by such a terminal device may be configured to be realized by a program registered in the user terminal in advance, or by storing a password determination program in the storage medium.
  • the terminal device may execute the program to realize the password determination operation.
  • a password is set.
  • the determination as to whether or not they match may be performed not by the terminal device but by the authentication means. That is, the password and the authentication information entered by the user are transmitted from the terminal device side to the authentication means via the wide area network, and the password is registered on the authentication means side together with the authentication information in advance. Alternatively, it may be determined whether or not they match, and the determination result may be transmitted to the user terminal.
  • the password used to determine whether a terminal device is illegally used by a third party is determined by the request receiving means in the system described in claim 2. Can also be used as a password transmitted from the user terminal to the request receiving means in response to the request.
  • fingerprint information of a user is stored in the storage medium in advance, and the storage medium is stored in the information reading means.
  • the terminal device is The fingerprint of the user is detected through the fingerprint sensor and the fingerprint information stored in the storage medium is used to determine whether the fingerprint of the user matches the fingerprint information registered in the storage medium.
  • connection to the request receiving means may be prohibited.
  • the remote control device for operation provided on the terminal device ( It is convenient to incorporate a fingerprint sensor into the remote control device, since fingerprint input can be easily performed at a position away from the terminal itself.
  • the determination operation when identifying a user using fingerprint information in this manner may be configured to be realized by a program registered in the terminal device in advance, similarly to the above-described password determination operation.
  • a program for fingerprint determination may be stored in a storage medium, and the terminal device may execute the program to implement the program.
  • a terminal device is provided with a voice recognition device and a microphone (hereinafter referred to as a microphone) for inputting voice to the terminal device to identify a user, it is possible to prevent unauthorized use of a storage medium.
  • a predetermined voice is input from the microphone, and the voice recognition device analyzes the voice signal input from the microphone, and obtains a characteristic such as a voiceprint obtained by the analysis.
  • the user may be recognized from the parameters, and connection to the request receiving means may be permitted.
  • the storage medium may be a read-only storage medium as long as it can store at least various kinds of information such as user authentication information and identification information. However, more preferably, the information is rewritten or additionally written. It should be a storage medium that can be embedded. That is, in this way, the stored information can be updated, and the usability of the storage medium itself can be improved. You. It is also desirable that the storage medium be in the same form as a cash card, credit card, etc., so that users can easily store it.
  • the storage medium may be constituted by a general magnetic card.
  • the amount of information to be rewritten or the amount of information to be written by the above-described program writing is reduced.
  • the storage medium may be constituted by an IC card, and the terminal device may be provided with an IC card reader / writer as information reading means.
  • the terminal device itself is configured by incorporating information reading means, such as an IC card reader / writer, into a general-purpose personal computer having a function of connecting to a wide area network such as the Internet.
  • This function may be realized by a program executed by a personal computer, or may be realized by a dedicated terminal device equipped with information reading means such as an IC card reader / writer.
  • the function as a terminal device is incorporated into, for example, information devices such as personal computers and mobile phones, home appliances such as video game machines and televisions, and in-vehicle devices such as navigation devices for automobiles. By operating these information devices, home appliances or in-vehicle devices, the system can be used Unishi may be.
  • a request is received from a user terminal via a wide area network.
  • the present invention relates to a method for encrypting identification information transmitted to a means.
  • the identification information before encryption is divided into phrase data composed of characters, symbols, or character strings that constitute the identification information, and a registration created in advance for each phrase data.
  • Encode using phrase replacement sheet After that, the encoded word data is converted into encrypted data of a predetermined data length using random numbers described in a random number sheet created in advance, and the converted encrypted data is arranged in order. Generates encrypted identification information.
  • the identification information is encrypted in two steps by using two keys, a registration word replacement sheet and a random number sheet, as the encryption key.
  • the encryption key As a result, in order to decrypt the encrypted identification information, it is necessary to decrypt in two steps using the two keys (registered word replacement sheet and random number sheet) used for encryption.
  • a third party obtains identification information transmitted from the user terminal to the wide area network.
  • At least one of the two keys (the registered word substitution sheet and the random number sheet) used for encrypting the identification information as described above is used every predetermined period. And the type information representing the type of the key is added to the encrypted identification information.
  • a person who obtains a key (registered phrase replacement sheet and random number sheet) for decrypting identification information is Even if the identification information is obtained from a wide area network, the probability that the identification information can be decrypted using the key is extremely low, and the confidentiality of the identification information can be further improved.
  • the invention described in claim 23 is the information processing system for a wide area network according to the present invention (claims 1 to 12), wherein the information processing means decrypts the encrypted identification information to obtain the user information.
  • the present invention relates to a decryption method suitable for identifying a password. Then, in this decryption method, first, the encrypted identification information is divided into encrypted data having a predetermined data length, and a random number used when the identification information is encrypted for each encrypted data. Using the random number described in the sheet, the data is converted into encoded phrase data, and the converted phrase data is then converted to the registered phrase replacement sheet used when the identification information was encrypted.
  • the pre-encryption identification information is restored by converting the pre-encryption identification information into phrase data consisting of characters, symbols, or character strings, and arranging the converted phrase data in order.
  • the identification information transmitted from the user terminal to the wide area network is described in claim 21 or claim 22.
  • the information processing means decrypts the encrypted identification information by using the method of the present invention, the information processing means can encrypt the identification information. You will be able to decode it reliably.
  • FIG. 1 is a block diagram illustrating a schematic configuration of an electronic payment system according to an embodiment.
  • Fig. 2 is a flowchart showing the control process executed on the user terminal.
  • FIG. 3 is a flowchart showing a control process executed by the authentication server.
  • Fig. 4 is a flowchart showing the control processing executed by the system-specific WWW server.
  • FIG. 5 is a flowchart showing the control process executed by the customer information conversion server.
  • Figures 6A, B, C, and D show the data structure of the registered phrase replacement sheet and random number sheet used for the encryption and decryption of the settlement ID, and the explanation of the encryption and decryption procedures using these.
  • FIG. 6A, B, C, and D show the data structure of the registered phrase replacement sheet and random number sheet used for the encryption and decryption of the settlement ID, and the explanation of the encryption and decryption procedures using these.
  • FIGS. 7A and 7B are flowcharts showing the procedure for encrypting and decrypting the payment ID.
  • FIG. 8 is a block diagram showing a configuration of a mail order system (a) to which the electronic payment system of the embodiment is applied.
  • FIG. 9 is a block diagram showing the configuration of a mail order system (b) to which the electronic payment system of the embodiment is applied.
  • FIG. 10 is a block diagram illustrating a configuration example of a user terminal including a remote control device for operation.
  • FIG. 11 is a flowchart showing a process executed by the terminal body and the remote control device to identify the user in the user terminal of FIG. 10 y,
  • FIG. 12 is a block diagram illustrating a schematic configuration of the electronic payment system according to the second embodiment.
  • FIG. 13 is a flowchart showing processing executed by each server when performing settlement by a debit card in the electronic settlement system of the second embodiment.
  • FIG. 14 is a block diagram illustrating a schematic configuration of a health management system according to the third embodiment.
  • FIG. 15 is a flowchart showing a procedure for registering and browsing personal information executed by the user terminal, the dedicated WWW server, and the customer information conversion server of the third embodiment, and
  • FIG. 16 is a flowchart showing personal information management processing executed by the personal information management server of the third embodiment.
  • FIG. 1 is a block diagram showing the configuration of the entire electronic payment system according to the first embodiment to which the present invention (specifically, claims 3 to 7) is applied.
  • the electronic payment system of the present embodiment includes an authentication server 4 connected to the Internet 2 as a wide area network, and a WWW (World Wide Web) server (hereinafter, referred to as a dedicated WWW system).
  • the authentication server 4 obtains authentication information (hereinafter referred to as an authentication ID) from a user terminal 10 as a terminal device connected to the Internet 2 via an ISP (Internet Service Provider), and obtains the authentication ID. Based on the above, the user who is currently operating this user terminal 10 judges in advance whether or not he / she has been registered as a user of the system, and uses it only when the user is registered. The connection of the user terminal 10 to the dedicated WWW server 6 is permitted, and the connection destination of the user terminal 10 is guided to the dedicated WWW server 6, which corresponds to the authentication means of the present invention.
  • an authentication ID authentication information
  • ISP Internet Service Provider
  • the dedicated WWW server 6 provides information for business transactions such as online shopping in response to a request from the user terminal 10 to which the connection has been permitted by the authentication server 4, and establishes a connection with the user terminal 10. And performs communication for commercial transactions, and corresponds to the request receiving means of the present invention.
  • the dedicated WWW server 6 provides the user with a fee such as a purchase price of the product from the user as a result of communication for business transaction with the user terminal 10.
  • a fee such as a purchase price of the product from the user as a result of communication for business transaction with the user terminal 10.
  • payment ID encrypted identification for payment Information
  • the customer information conversion server 30 in 20 is transmitted.
  • the payment is successful, the delivery of the goods to the user ( If the product is information, send it), and if payment is not possible, stop selling the product to the user.
  • the closed network 20 to which the customer information conversion server 30 is connected is connected to the Internet 2 via the firewall 24 and the router 22, and the customer information conversion server 30 is a dedicated WWW server 6.
  • the customer information conversion server 30 functions as the information processing means of the present invention.
  • the customer information conversion server 30 provides the user with the encryption information (key) necessary to decrypt the encrypted payment ID transmitted from the dedicated WWW server 6 and the decrypted payment ID.
  • the customer information conversion server 30 decrypts the payment ID using the customer's encrypted information database 32 and acquires the customer information corresponding to the decrypted payment ID, thereby collecting the fee. Perform payment processing for
  • an operation management terminal 26 for operating and managing the electronic settlement system of the present embodiment, and various information are printed.
  • printer 2 8 and Terminal devices for various information processing are connected.
  • the customer information conversion server 30 is connected via a router 34 to a network in which a bank, a credit card company, or the like is building a customer management system 40. 0 performs a user credit check using the credit check database in the customer management system 40.
  • the user terminal 10 includes input devices such as a keyboard and a mouse, and display devices for displaying information for product purchase and information for various operations provided from the dedicated WWW server 6. Is provided.
  • input devices such as a keyboard and a mouse
  • display devices for displaying information for product purchase and information for various operations provided from the dedicated WWW server 6. Is provided.
  • the input device by operating the input device in accordance with the screen displayed on the display device, the user can select a purchased item or instruct a purchase (payment) of the selected item.
  • the user terminal 10 is provided with an IC card reader / writer as information reading means of the present invention. Then, the user terminal 10 is equipped with the IC card 12 storing the above-mentioned authentication ID and settlement ID, or the IC card 12 is mounted on the IC card reader / writer.
  • the user inputs a connection command to the Internet 2 in this state, it automatically connects to the Internet 2 via the ISP 8 and sends a connection request to the dedicated WWW server 6 to the authentication server 4. .
  • the IC card 12 In addition to the authentication ID and the settlement ID described above, the IC card 12 also stores access information to the ISP 8 to which the user has subscribed (connection information described in claim 7). The terminal 10 reads the access information from the IC card 12 when connecting to the Internet 2, and connects to the ISP 8, and hence the Internet 2, based on this information.
  • Public telephone network analog line or digital Communication device (modem, terminal adapter, etc.) for connecting to an ISP using a mobile phone, or a wireless communication device for connecting to an ISP using a wireless phone such as a mobile phone or PHS. It may be a device, or a communication device (so-called cable modem) for connecting to an ISP using CATV.
  • ISPs that provide Internet services using communication satellites and ISPs that provide Internet services using dedicated communication lines have also been put into practical use.
  • the user terminal 10 includes a ISP connection communication means, such as a satellite communication device for communicating with a communication satellite via a satellite communication antenna (parabolic antenna, flat antenna, etc.), or an ISP.
  • a dedicated communication device may be provided for performing communication between and via a dedicated communication line.
  • the user terminal 10 itself may be configured by a portable communication device such as a mobile phone. Good.
  • the Ic card 12 is attached to the user terminal 10 or the IC card 12 is attached to the user terminal 10.
  • the user terminal 10 reads the access information to the Internet 2 from the IC card 12 and, based on the read access information, sends the information to the ISP 8 for the Internet 2 Send a connection request to the server (see the dotted arrow (A) in Figure 1).
  • the user terminal 10 When the user terminal 10 is connected to the Internet 2 via the ISP 8 by transmitting this connection request, the arrow (B) shown in FIG. Thus, the user terminal 10 sends the authentication ID stored in the IC card 12 to the authentication server 4. Then, based on the authentication ID, the authentication server 4 determines whether the user is a person who has been registered in advance to use the system, and when the user is authenticated by this determination, the user side Terminal 10 is connected to dedicated WWW server 6 via authentication server 4.
  • the user terminal 10 When the user terminal 10 is connected to the dedicated WWW server 6 in this way, information for Internet shopping or the like is transmitted from the dedicated WWW server 6 to the user terminal 10 and the user Since the information is displayed on the display device of the terminal 10, the user can select and purchase a desired product by operating the user terminal 10 while watching the display screen. Become like
  • the user presses a predetermined purchase decision key on the keyboard or clicks a purchase decision button on the display screen with a mouse to purchase a desired product.
  • the information indicating the purchase decision is transmitted to the dedicated WWW server 6, the information requesting the settlement ID is transmitted from the dedicated WWW server 6 to the user terminal 10.
  • the user side terminal 10 reads out the settlement ID from the IC card 12 and transmits it to the dedicated WWW server 6.
  • the dedicated WWW server 6 receives the settlement ID, it adds the fee information indicating the type of the product decided to be purchased by the user and the purchase price to the customer, and the customer in the closed network 20 receives the payment ID. Since the information is transmitted to the information conversion server 30, the settlement ID is finally transmitted to the customer information conversion server 30, as shown by the arrow (C) in FIG.
  • the customer information conversion server 30 Upon receiving the payment ID, the customer information conversion server 30 decrypts the payment ID using the encryption information in the customer / encryption information database 32. Thus, the user is identified, and the customer / encryption information database 32 is searched to extract the customer information of this user from the customer / encryption information database 32.
  • the customer information conversion server 30 uses the credit investigation database of the customer management system 40 to obtain the user information.
  • a credit check is conducted, and if the user is determined to be able to purchase the product as a result of the credit check, the payment information and the customer information are transmitted to the customer management system 40, whereby the payment for withdrawing the purchase price from the user's account is made.
  • the dedicated WWW server 6 transmits the settlement result to the dedicated WWW server 6, and transfers the settlement result to the user terminal 10.
  • the customer information conversion server 30 cannot identify the user by decoding the received payment ID, cannot extract the customer information, or as a result of a credit check, the user purchases the product. If it is determined that the payment cannot be made, information indicating the payment is transmitted to the dedicated WWW server 6 as the payment result, and the dedicated WWW server 6 also transfers the payment result to the user terminal 10. I do.
  • each of the processes is executed by the user terminal 10, the authentication server 4, the dedicated WWW server 6, and the customer information conversion server 30.
  • the control process performed is described.
  • FIG. 2 is a flowchart showing a control process executed by the user terminal 10.
  • the user terminal 10 determines whether or not the IC card 12 is attached to the IC card reader / writer at S 110 (S represents a step). Wait for IC card 1 and 2 to be installed, When the IC card 12 is inserted, it is determined whether or not a connection command to the Internet 2 is input from the user in S120, and the connection command is input from the user. Wait for. In S120, immediately after it is determined in S110 that the IC card 12 is first mounted, it is determined that a connection command has been input.
  • step S130 the display device is preset to use the IC card 12.
  • a password input screen is displayed, and a password reception process is executed to receive a password input from a user.
  • the entered password is the same as the password registered (stored) in the IC card 12 in advance. It is determined whether or not the passwords match. If the passwords do not match, it is determined that the password has been input incorrectly, and the flow shifts to S150.
  • S150 information (date and time, etc.) indicating that a password was erroneously input is written to the IC card 12 in order to be able to judge how many times the password was erroneously input consecutively. From the past information written in the IC card 12, the number of consecutive incorrect inputs is determined, and it is determined whether the number of consecutive incorrect inputs has reached a preset upper limit (for example, seven times). If the number of consecutive erroneous inputs reaches the upper limit value, then, the IC card 12 is written with use prohibition information so that the IC card 12 cannot be used. Then, after this processing is completed, the process returns to S110.
  • a preset upper limit for example, seven times
  • the process proceeds to S160 and the IC card 12 Read access information to Internet 2 By transmitting a connection request to the Internet 2 to the ISP 8 according to the read access information, the user terminal 10 is connected to the Internet 2 via the ISP 8.
  • step S160 information (date and time, etc.) indicating that connection to the Internet 2 has been written to the IC card 12.
  • information date and time, etc.
  • the authentication ID is read from the IC card 12 and this is read.
  • the authentication server 4 executes an authentication ID determination process for determining whether or not the user terminal 10 can use the system based on the transmitted authentication ID, and the determination result (authentication result) Is transmitted to the user terminal 10.
  • the authentication result is received, and the received authentication result is displayed on the display device.
  • the user terminal 10 is authenticated by the authentication server 4 based on the received authentication result in S190. It is determined whether or not it has been performed. If the authentication server 4 has not been authenticated, connection to the dedicated WWW server 6 cannot be established, so the process shifts to S ⁇ 10 again. Then, shift to S200.
  • S200 it is determined whether or not it is necessary to update the authentication data such as the authentication ID and the password of the IC card 12 according to a command from the user or a command from the authentication server 4. If the authentication data needs to be updated, the information for releasing the authentication data write lock of the IC card 12 is acquired from the authentication server 4 in S210, and the information of the IC card 12 is obtained. The authentication data write lock is released, and in S2200, the authentication data in the IC card 12 is replaced with new authentication data input by the user or new authentication data transmitted from the authentication server 4. Performs an overnight update process for rewriting authentication data with authentication data. Further, after executing the authentication data update process, information for authentication data write lock is obtained from the authentication server 4 so that the authentication data in the IC card 12 cannot be rewritten without permission. Set authentication data write lock for IC card 1 and 2 using.
  • the authentication ID and password stored in the IC card 12 can be easily rewritten, unauthorized use of the IC card 12 by a third party cannot be prevented. It can be updated under the monitoring of the authentication server 4 side, so that the authentication data cannot be updated unless the authentication server 4 permits. It is needless to say that a write lock is set for the settlement ID stored in the IC card 12 as well as these authentication data.
  • connection disconnection command a command for disconnecting the connection with the Internet 2 (connection disconnection command) has been input by the user.
  • connection to the Internet 2 is interrupted, and then the process proceeds to S110.
  • the flow shifts to S270, and the user inputs a purchase command for the desired product during the execution of the Internet access processing. Accordingly, it is determined whether or not a request for a settlement ID has been received from the dedicated WWW server 6. If there is no payment ID request, the process returns to step S250. If there is a payment ID request, the process returns to step S260, and a display for inputting a password for payment is displayed on the display device. Then, it executes a password acceptance process for settlement, which accepts a password input from a user.
  • the dedicated WWW server 6 sends the information together with the fee information to the customer information conversion server 30 to cause the customer information conversion server 30 to execute the payment processing, and obtains the payment processing result (payment result). Since it is obtained from the customer information conversion server 30 and transferred to the user terminal 10, in S 300, the settlement result is received and displayed on the display device. When the settlement result is displayed, a selection key for prompting the user to continue or disconnect from the Internet 2 is also displayed.
  • FIG. 3 is a flowchart showing a control process executed by the authentication server 4.
  • the authentication server 4 determines whether or not the user terminal 10 has been connected via the Internet 2 at S 4 ⁇ 0 (S represents a step) (in other words, The connection request from the user terminal # 0), and waits for the connection request to be input from the user terminal 10. Then, when there is a connection request from the user terminal # 0, the information indicating that the connection request has been received is transmitted to the user terminal 10 in S420, and thereafter, the user terminal Execute the process of accepting the authentication ID, receiving the authentication ID sent by 10.
  • the process proceeds to S430, and determines whether or not this authentication ID is a user registered in the authentication server 4 in advance.
  • the determination process is executed, and the result of the determination (authentication result) is transmitted to the user terminal 10 at S440.
  • the subsequent S450 it is determined whether or not the user has been successfully authenticated by the determination processing of S430. If the user is not successfully authenticated, the process returns to S410, and if the authentication is successful, the user is authenticated. Shift to S460.
  • S460 it is determined whether or not it is necessary to update the authentication data in the IC card # 2 attached to the user terminal 10 authenticated this time. If the authentication data does not need to be updated, the connection information to the dedicated WWW server 6 is transmitted to the authenticated user terminal 10 in S500, and the user terminal is updated. Allow access to dedicated WWW server 6 from 10 Then, connect the user terminal 10 to the dedicated WWW server 6 and shift to S410 again.
  • the process proceeds to S470, where the authentication data of the IC card 12 is written.
  • the information for unlocking is transmitted, and in S480, the user terminal 10 is updated with the authentication data, and the authentication data updated by the update processing is sent to the authentication server.
  • the authentication data updating process of the authentication server 4 is executed by a procedure such as writing to the storage device in 4. Then, when the authentication data updating process is completed, in S490, information for relocking the writing of the authentication data is transmitted to the user side terminal 10, and then the process proceeds to S500.
  • FIG. 4 is a flowchart showing a control process executed by the dedicated WWW server 6.
  • the dedicated WWW server 6 performs a normal process of performing communication for the Internet terminal 10 with the user terminal 10 in accordance with a request from the user terminal 10 to which the connection is permitted by the authentication server 4.
  • the process is executed, the ordinary process is a general process, and thus the description is omitted. In the following description, only the main process according to the present invention will be described.
  • This control process is a process executed separately from the normal process. As shown in FIG. 4, when the process is started, first, in S530, the user terminal 10 is executed in the normal process. As a result of communication with the user, whether or not the user has transmitted information indicating the purchase decision of the product via the user terminal 10, in other words, whether or not settlement is required for the purchase of the product. Is determined.
  • the control process is temporarily terminated. Conversely, if payment is required, the process proceeds to S540, and the user terminal ⁇ 0 that has transmitted the purchase decision is transmitted. Request settlement ID. Then, the user terminal 10 reads the payment ID from the IC card 12 and reads the payment ID. And the payment password entered by the user are transmitted to the dedicated WWW server 6, so that in S550 the following information is received, and in S560 the received data and Then, the settlement data comprising the settlement type information indicating the type of the product decided to be purchased by the user divided by the purchase price is transmitted to the customer information conversion server 30 in the closed network 20.
  • the customer information conversion server 30 executes a payment process based on the data, and transmits the payment result to the customer data conversion server 30. Since it is sent to the dedicated WWW server 6, the following S570 receives the settlement result, and in S575, the payment is normally completed on the customer information conversion server 30 side based on the received settlement result. It is determined whether or not it was completed.
  • FIG. 5 is a flowchart showing a control process executed by the customer information conversion server 30.
  • the customer information conversion server 30 first determines whether or not the payment data transmitted from the dedicated WWW server 6 has been received in S610, thereby obtaining the dedicated WWW server 6. Wait for payment data to be sent from.
  • the payment ID and password are extracted from the payment data, and at S630, the customer is encrypted.
  • the payment ID is decrypted using the encryption information stored in the information database 32.
  • the procedure for decrypting the payment ID performed in S630 will be described later in detail together with the procedure for encrypting the payment ID.
  • the customer / encryption information database 32 is searched using the decrypted settlement ID and password. By doing so, customer information (account number, credit card number, etc.) that matches both the settlement ID and password is extracted.
  • the customer / encryption information database 32 stores customer information of users who can use the system in association with the payment ID and password, and in S640, the database is stored in the database.
  • customer information corresponding to the decrypted payment ID and password is extracted, and in S650, the customer information extracted in S640 and the customer management system 40 are extracted.
  • a credit check of the user is performed using the credit check database on the side, and the process proceeds to S670. If the payment ID cannot be decrypted in S630, or if the customer information that matches the decrypted payment ID and password cannot be extracted in S640, the subsequent processing is executed. Move to S670 without doing this.
  • S670 based on the result of the processing in S630 to S650, it is determined whether the user has the ability to pay the purchase price (in other words, is it possible to settle the payment)? Is determined. If payment is possible, the customer information and fee information extracted in S640 are transmitted to the customer management system 40, thereby performing a payment process of debiting the purchase price from the user's account. The process proceeds to S90, and conversely, if it is determined in S670 that settlement is not possible, the process directly proceeds to S690. Then, in S690, the settlement result is transmitted to the dedicated WWW server 6, and the process is temporarily terminated.
  • the IC card 12 is created using the operation management terminal 26 in the closed network 20 and distributed to system subscribers. For this reason, the encryption information stored in the customer / encryption information database 32 is used not only for decrypting the payment ID encrypted by the customer information conversion server 30 but also for the operation management terminal 26. It is also used to write the payment ID to the 1C card 12 by encrypting the payment ID using such as.
  • a registration word replacement sheet shown in FIG. 6A and a random number sheet shown in FIG. 6B are used as a key for encryption used for encrypting and decrypting the settlement ID.
  • Various types of data sheets are used, and each of these data sheets is stored in the customer / encryption information database 32.
  • the registered phrase replacement sheet consists of 10 characters, such as hiragana and romaji, which are used to construct the payment ID, and a word representing the name of the prefecture where the user is located.
  • X ⁇ Arranged in a table with 6 columns, the combination of the numbers from 0 to 9 assigned to each row and the numbers from 0 to 15 assigned to each column, characters or words in decimal notation It can be converted to a three-digit number.
  • the registered phrase replacement sheet is updated every predetermined period, for example, on a monthly or weekly basis.
  • the latest registered phrase replacement sheet is used. For this reason, each time the registered word replacement sheet used for encryption is updated in the customer / encryption information database 32, the registered word replacement sheet is additionally registered together with information indicating the period of use. Is done.
  • the customer / encryption information database 32 stores all the registered phrase replacement sheets used for encrypting the settlement ID. Then, when decrypting the encrypted payment ID, the customer information conversion server 30 derives the registration word replacement sheet used for encryption from the creation date of the payment ID, and reads the registration word replacement sheet. Use to decrypt the payment ID.
  • the random number sheet is created by arranging three digits of random numbers from 0 to 15 in total of 16 in order. A plurality of random number sheets are created in advance, and an identification mark representing the type of the random number sheet is added to the head of the random number sheet so that the random number sheet used for encryption can be specified.
  • the random number sheet used for encrypting the settlement ID is changed every predetermined period, such as monthly or weekly, similarly to the registered phrase replacement sheet. For this reason, an identification code is added to the encrypted payment ID in order to identify the random number sheet used for encryption.
  • the customer information conversion server 30 decrypts the payment ID, it is added to the payment ID.
  • the random number sheet used for encryption is determined from the identification code, and the settlement ID is decrypted using the random number sheet.
  • FIG. 7A shows the procedure in which the operation management terminal 26 actually encrypts the settlement ID using the two encryption keys (the registered phrase replacement sheet and the random number sheet) configured as described above. The description will be given along the flowchart shown.
  • the operation management terminal 26 encrypts the payment ID
  • the payment ID input processing for capturing the payment ID to be encrypted is executed, and then,
  • the registered phrase replacement sheet currently set for encryption is read from the customer / encryption information database via the customer information conversion server 30.
  • the character string constituting the payment ID before encryption is described in the registered phrase replacement sheet. It is divided into word data of prefecture names and characters, and each word data is converted to word data consisting of three-digit numbers using a registered word replacement sheet.
  • the payment ID is a character string “Wakayama Nakao j” that represents a user
  • the payment ID is divided into four word data, “Wakayama”, “na”, “ka”, and “o J”.
  • each of these phrase data is converted into a three-digit numerical value “103”, ⁇ 015J, ⁇ 102, and 0000, respectively.
  • each phrase data is converted into ID data for registration using the random number.
  • the first phrase data of the payment ID is ⁇ 103
  • the first random number of the random number sheet is 232
  • these data are The ID data of ⁇ ⁇ ⁇ 39 J is created by subtracting the word / phrase data from the random number sheet in the direction of decreasing the number of each digit of the digits. If the value of the random number is smaller than the value of the phrase data at the time of subtraction, the value of the phrase data is subtracted from the value obtained by adding 10 to the value of the random number.
  • each ID data is converted into the original ID data.
  • the words and phrases of the settlement ID are arranged in correspondence with each other and by prefixing the identification number of the random number sheet used for encryption, Complete the encrypted payment ID.
  • the date when the payment ID is encrypted is also registered, and this date information is also handled as a component of the payment ID.
  • the customer information conversion server 30 decrypts the encrypted payment ID in this way, the payment ID is decrypted according to the procedure shown in FIG. 7B. That is, as shown in FIG. 7B, the customer information conversion server 30 performs processing (S630) for encrypting the payment ID acquired from the user terminal 10 via the dedicated WWW server 6.
  • processing S630
  • the identification code added to the head of the acquired payment ID is read, and the random number sheet provided with the same identification code is sent to the customer / encryptor. Read from the chemical information database 32.
  • the registered phrase replacement sheet used for encrypting the payment ID is specified in S830 from the date of creation of the payment ID acquired this time. Then, this is read from the customer / encryption information database 32.
  • the three-digit numerically empty word / phrase data is converted into a prefectural name or character before conversion using the registered word / phrase replacement sheet, and these are arranged in order from the top.
  • the payment ID before encryption is restored.
  • FIG. 6C even if the settlement I "Wakayama Nakao” is converted to the settlement ID "AS424139443859756J" as a result of encryption,
  • FIG. 6D the original payment ID before encryption is normally restored by the decryption processing in the customer information conversion server 30.
  • the user inserts his / her own IC card ⁇ 2 into the user terminal 10 and inputs a password for using the IC card 12. Then, the user terminal 10 is automatically connected to the dedicated WWW server 6. For this reason, users can enjoy Internet shopping very easily. In addition, when actually purchasing a product through Internet shopping, it is only necessary to indicate the intention (purchase decision input) to that effect and enter the payment password according to the guidance on the display screen. . Therefore, according to the electronic settlement system of the present embodiment, the user does not need to input various kinds of information for settlement as in the related art, and the system is extremely convenient for the user.
  • the only terminal that can access the dedicated WWW server 6 is the user terminal 10 that has been authenticated by the authentication server 4. Therefore, the dedicated WWW server is not available to the server administrator. By preventing unauthorized access in (6), the security of the dedicated WWW server (6) can be secured.
  • the only payment information that flows on the Internet 2 when the user actually purchases the product is the encrypted payment identification information (settlement ID), and the purchase price is collected from the user.
  • Customer information such as the account number and credit card number, does not flow on the Internet 2, so leakage of customer information on the Internet 2 can be reliably prevented, and the reliability of the system is improved. it can.
  • the above-mentioned two keys are used to encrypt the payment ID sent to the Internet 2, and these are updated regularly. Therefore, even if a third party obtains a payment ID on the Internet 2, it cannot be decrypted and misused. is there.
  • Figure 8 shows a mail-order sales system in which a sales agent company 70 is entrusted by various sales companies 72 that sell products or provide various services, and performs business transactions with users 74 on behalf of them. (A).
  • the dedicated WWW server 6 receives the order data and the settlement ID from the user 74
  • the fee information and the settlement ID corresponding to the order data are transmitted to the customer information conversion server 30.
  • the customer information conversion server 30 restores the customer information of the user 74 from the payment ID, and determines whether the customer information is registered in the customer / encryption information database 32 in advance. Then, it is determined whether or not a fee can be collected from the user 74, and the determination result is transmitted to the dedicated WWW server 6.
  • the dedicated WWW server 6 checks whether or not the fee can be collected from the user 74, and if the fee can be collected from the user 74,
  • the order data from the user 74 is sent to the sales company 72 (specifically, the order data receiving server of the sales company) corresponding to the order data via the Internet or a dedicated communication line. Notice.
  • the goods or services ordered by the user 74 are provided from the sales company 72 to the user 74 directly or via the shipping company 78 or the like.
  • the customer information conversion server 30 determines that a fee can be collected from the user 74 based on the settlement ID etc. received from the dedicated WWW server 6, the customer information conversion server 30 Request payments to credit companies and banks).
  • the financial institution 76 collects the settlement price from the account of the user 74 based on the customer information and the fee information transmitted together with the settlement request from the customer information conversion server 30, and the sales company 72 The transfer procedure to the account is performed, and the payment of the fee from the user 74 to the sales company 72 is automatically completed.
  • the sales agent company 70 is a mail-order sales system in which products and services are sold on behalf of a large number of sales companies 72 (a). Can be constructed.
  • this mail order system (a) the user registers his or her customer information and uses one settlement ID (one IC card 12 etc.) issued by the sales agency 70.
  • the sales agent company 70 can purchase desired goods or services from a plurality of sales companies 72 to which the sales agent company 70 is entrusted, and it can be a very convenient mail-order system for users.
  • this mail order system (a) can be a mail order system that is extremely convenient for sales companies 72 to expand sales channels.
  • Fig. 9 shows a mail order system (b) in which the sales company 72 communicates with the user 74 for business transactions, and the settlement agency 80 performs settlement. .
  • a WWW server 7 for mail-order sales having a function as a request receiving means is managed by a sales company 72, and a customer information conversion server as an information processing means is provided.
  • 30 and the customer-encryption information database 32 is managed by the payment agency 80.
  • the customer information conversion server 30 of the settlement agent company 80 sends the charge corresponding to the order data to the customer information conversion server 30.
  • a request is made to determine whether or not a fee can be collected from the user (a settlement determination request).
  • the customer information conversion server 3 0 of the clearing house 8 0 side restore the customer information of the user 7 4 from the settlement ID, the customer information is pre-registered in the customer-encrypted information database 3 2 By judging whether or not the user can collect the fee from the user 74, the judgment result (settlement judgment result) is transmitted to the WWW server 7 of the sales company 72.
  • the WWW server 7 checks whether a fee can be collected from the user 74, and if a fee can be collected from the user 74, Delivery department of goods in sales company 7 2 Alternatively, the order data is transferred to the service providing department.
  • the goods or services ordered by the user 74 are provided from the sales company 72 to the user 74 directly or via the shipping company 78 or the like.
  • the customer information conversion server 30 determines that a fee can be collected from the user 74 based on the payment ID and the like received from the WWW server 7, the customer information conversion server 30 And banks).
  • the financial institution 76 collects the settlement price from the account of the user 74 based on the customer information and the fee information transmitted together with the settlement request from the customer information conversion server 30, and the sales company 72 The transfer to the account is performed, and the payment of the fee from the user 74 to the sales company 72 is automatically completed.
  • the sales company 70 directly conducts a commercial transaction with the user, and only performs the processing for collecting the fee (settlement) generated as a result of the commercial transaction. It is also possible to construct a mail order system (b) performed by the agency company 80.
  • this mail-order sales system (b) the user registers his / her customer information and uses one payment ID issued by the payment agent 80 to settle the payment agent 80 It is possible to purchase desired goods or services from a plurality of sales companies 72 who request payments to customers, and, like the mail-order sales system (b) shown in Fig. 8, very convenient mail-order sales for users. It can be a system.
  • the sales company 72 does not need to manage the customer information of the users 74 necessary for settlement, so that the system can be operated easily and 7 4 sell customer information Since the company 72 is not known, the mail order system can be used with confidence.
  • the customer information conversion server 30 of the settlement agency 80 does not necessarily need to make a settlement request directly to the financial institution 76.
  • the third party which is set up with the financial institution 76, transfers the undecipherable customer information to the sales company 72, and as shown by the dotted arrow in Fig. 9, the sales company 72 A settlement request may be made to this.
  • the authentication server 4 and the dedicated WWW server 6 are described as being configured separately from each other and arranged at an arbitrary position on the Internet 2.
  • the function as an authentication means may be incorporated in the dedicated WWW server 6 as a request receiving means.
  • the dedicated WWW server 6 as the request receiving means and the closed network 20 on the financial institution side are described as being connected via the Internet 2.
  • the connection may be made via a dedicated communication line such as a telephone line.
  • a password is registered in the IC card 12, and the IC card 12 is used while the IC card 12 is attached to the IC reader Z writer.
  • the user terminal 10 connects to the Internet 2, the user is required to enter a password and determine whether the password matches the one registered in the IC card 12. As explained above, it is not necessary to use a password to prevent unauthorized use of the IC card 12; It may be used.
  • the user operates the user-side terminal 10 by using the keyboard and the mouse. Remote control device configured to transmit a command signal for operation may be used.
  • the user terminal 10 which can be operated using the remote control device and uses the fingerprint information of the user instead of the password in order to prevent unauthorized use of the IC card # 2. I do.
  • the user side terminal 10 includes a terminal body 50 and a remote control device 52.
  • the terminal body 50 includes an IC card reader / writer 50a for reading various information from the IC card 12 and writing information as needed, a communication device 50b for Internet connection, and
  • a control unit 50c consisting of a CPU, RO, RAM, etc. for executing control processing
  • a remote control reception for receiving a transmission signal transmitted by modulating light or radio waves from the remote control device 52 Section 50d is provided.
  • the IC card reader Z writer 50a, the communication device 50b, and the control unit 50c are also provided in the user terminal 10 of the above embodiment.
  • the remote control device 52 has an operation unit 52 a for the user to input various commands, and modulates light or a radio wave (carrier wave) with a command signal input through the operation unit, and modulates the light.
  • a remote control transmitter 52b for transmitting the subsequent signal to the remote controller receiver 50d of the terminal body 50 is provided, and a fingerprint sensor 52c for capturing a user's fingerprint is provided.
  • the fingerprint sensor 52 c is for capturing a user's fingerprint as two-dimensional image information, and uses a conventionally known optical, pressure-sensitive, or heat-sensitive fingerprint sensor. be able to.
  • the terminal body 50 is connected via the communication device 50b.
  • the card user identification process shown in Fig. 11 is executed, and the remote control device 52 sends the fingerprint image according to the command input by the user in conjunction with this process. The processing is executed.
  • the card user identification processing and the fingerprint image transmission processing will be described.
  • the user terminal 10 shown in Fig. 10 is used, in addition to the access information, the authentication ID, and the settlement ID described above, the user's fingerprint information (the fingerprint image of the user is processed by image processing). Then, the IC card 12 in which the characteristic parameters of the generated fingerprint are stored in advance is used.
  • a diagram provided on the terminal main unit 50 is used.
  • a fingerprint input request screen for prompting the user to input a fingerprint is displayed on a display device that does not perform the operation (S910).
  • the remote controller transmitter 52b reads the fingerprint image of the user from the fingerprint sensor 52c (S915) and transmits the captured image data for transmission.
  • the fingerprint image transmission processing is executed in such a procedure that the fingerprint image is transmitted by converting the signal into a serial data and modulating the transmission signal (light or carrier wave) (S920).
  • the control unit 50c of the terminal body 50 is connected to the display device as described above.
  • a reception process for receiving a fingerprint image transmitted from the remote control device 52 to the remote control reception unit 50d is performed.
  • the received fingerprint image is subjected to image processing to extract a feature parameter of the user's fingerprint.
  • fingerprint information (feature parameters) registered in advance is read from the IC card 12, and in S960, the fingerprint information and the characteristics of the fingerprint extracted in S940 are read. Calculate the degree of coincidence with the parameter.
  • the process proceeds to the subsequent step S970, and it is determined whether or not the degree of coincidence is larger than a predetermined determination value. If the degree is greater than the determination value, the user who is currently operating the remote control device 52 determines that the user is the owner of the IC card 12 and permits the connection to the Internet 2 (S98) Conversely, if the degree of coincidence is equal to or less than the judgment value, the user currently operating the remote control device 52 is judged not to be the owner of the IC card 12 and the unauthorized use is prevented. Therefore, the connection to the Internet 2 is prohibited (S990).
  • the user terminal 10 shown in FIG. 10 determines whether or not the user has registered a fingerprint in the IC card 12 using the fingerprint information. Therefore, as in the case of using a password to identify the user, not only can the unauthorized use of the 1C card 12 be prevented, but also the unauthorized use can be more reliably prevented.
  • the user since the user can input various commands to the user terminal 10 using the remote control device 52, the user inputs commands using the keyboard / mouse connected to the user terminal 10. The operability can be improved as compared with the case of performing the operation.
  • the information conversion server 30 is directly connected to the customer management system 40 of a financial institution such as a bank or a credit card company, and the customer information conversion server 30 makes a payment request directly to the financial institution, thereby increasing the charge.
  • a financial institution such as a bank or a credit card company
  • an external fee collection system may be used to collect fees.
  • a debit card system has been put into practical use that allows the purchase of products directly using a bank cash card.
  • a debit card payment center is used, which debits the purchase price from the account of the financial institution corresponding to the card and transfers it to the store's account. Therefore, the customer conversion server and the debit card settlement center may be connected by a dedicated line, and charges may be collected through the debit card settlement center. In this case, it is preferable that the user can select whether to use a credit card or a debit card (cash card) when paying the fee.
  • FIG. 12 is a block diagram showing the overall configuration of this system.
  • FIG. 13 is a diagram showing a server for configuring a payment system executed when a user uses a debit card at each server constituting the system. This is a flowchart showing the processing procedure.
  • the electronic payment system includes a dedicated WWW server 6 and a customer information conversion server in a closed network 20 connected to the Internet 2 via a router or a firewall (not shown).
  • 30, Customer ⁇ Encryption information database 32 is established, and external debit It comprises a customer information transmission table storage server 60 for transmitting and receiving payment data to and from the credit card settlement center 90 via a dedicated line.
  • the user terminal 10 is the same as that shown in Fig. 1, but the IC card 12 that can use the debit card payment has the above-mentioned access information, authentication ID, and payment ID in addition to the above.
  • a debit card payment ID is also stored, and the user terminal 10 reads the debit card payment ID from the IC card 12 when the user wishes to make a payment using the debit card, and It is sent to the closed network 20 side.
  • the user terminal 10 when the user decides a desired shopping by communication between the user terminal 10 and the dedicated WWW server 6, the user terminal 10 is debited from the user. It accepts the password for card payment and sends it to the dedicated WWW server 6 (see (1) in Fig. 12). Then, the dedicated WWW server 6 requests the debit card settlement ID from the user terminal 10 (see (1) shown in Fig. 12), and the user terminal 10 According to the request, it reads out the debit card settlement ID from the IC card 12 and sends it to the dedicated WWW server 6 (see 3 shown in Fig. 12).
  • the communication between the user terminal 10 and the dedicated WWW server 6 ((1), (2), and (3) shown in Fig. 12) is performed via the Internet 2. As in the above-described embodiment, all encrypted data is used.
  • the above-mentioned debit card settlement ID is set for performing settlement by a debit card, but it is not always necessary to use a debit card settlement ID for this settlement.
  • the payment ID may be used as it is.
  • the dedicated WWW server 6 executes the debit acquisition from the user terminal 10.
  • the passphrase number and ID for credit card payment are transferred to the customer information conversion server 30 (see (1) in Fig. 12).
  • the customer information conversion server 30 searches the customer / encryption information database 32 using these passwords and IDs, so that the customer / encryption information database 32 is required for debit card settlement. Extract encrypted customer information (encrypted name, account number, password, etc.) (see (1) in Figure 12).
  • the customer information conversion server 30 decrypts the extracted customer information and returns it to unencrypted customer information.
  • the customer information conversion server 30 converts the customer information and shopping information indicating a fee to be collected from the user into customer information. Transfer to the transmission table storage server 60 (see (1) in Figure 12).
  • the customer information transmission table storage server 60 temporarily stores them in the transmission table, and thereafter, It is sent to the debit card settlement center 90 (see 1 shown in Fig. 12).
  • the customer information transmission table storage server 60 is provided so that the customer information conversion server 30 and the debit card settlement center 90 cannot perform direct data communication (specifically, the customer, the encryption information This is installed in the database 32 (to prevent leakage to the debit card settlement center 90, etc.), but this server 60 can be omitted.
  • the debit card settlement center 90 deducts the fee to be collected from the user from the user's bank account and closes.
  • Payment processing is performed by transferring the payment to the account of the company that manages the network 20, and the payment result is transmitted to the customer information transmission table storage server 60 (see (1) in Fig. 12).
  • the customer information transmission table storage server 60 transfers the settlement result to the customer information conversion server 30 (see (1) shown in FIG. 12), and the customer information conversion server 30 stores the settlement result.
  • the settlement result is displayed on the user terminal 10 by transmitting it to the user terminal 10 via the dedicated WWW server 6.
  • the notification of the settlement result may be performed by e-mail.
  • the user side terminal 10 starts processing on the terminal side. Display password input screen and execute password acceptance process to accept password input from user. Then, when the user inputs a password, it is determined in S1002 whether the input password matches a password registered (stored) in the IC card 12 in advance, If the passwords do not match, it is determined that the password has been erroneously input, the flow shifts to S103, and the same erroneous input count determination processing as in S150 is performed.
  • the authentication server 4 is installed as in the system shown in FIG. Since personal authentication of the IC card 12 is completed, the user terminal 10 is directly connected to the dedicated WWW server 6, but the authentication is performed as in the system shown in Fig. 1.
  • the server 4 may be provided, and after performing personal authentication by the authentication server 4, the user terminal 10 may be connected to the dedicated WWW server 6.
  • various pages are sent to the user terminal 10 according to the request from the user terminal 10.
  • a WWW server S1210
  • a product purchase command is input from the user terminal 10 and payment for payment is collected. It is determined whether or not payment is required (S1220). If payment is required, a payment method selection screen is sent to the user terminal 10 so that the payment can be made with a credit card.
  • the settlement method request processing is executed to allow the user to select whether to perform the settlement using a debit card or a debit card (S1230).
  • the user terminal 10 determines in S 1060 whether or not a request for a payment method has been made from the dedicated WWW server 6. Move to 107 0, display the payment method selection screen sent from the dedicated WWW server 6 on the display device, accept the user inputting the payment method on the display screen, and use The payment method selected by the user is transmitted to the dedicated WWW server 6, and payment method acceptance and transmission processing are executed. Thus, the settlement method is sent from the user terminal 10 to the dedicated WWW server 6. Then, the dedicated WWW server 6 determines whether the payment method selected by the user is by a debit card or another card such as a credit card (S1240) ).
  • the dedicated WWW server 6 requests the user terminal 10 for the password for confirming the payment by the debit card.
  • the data such as the reciting number transmitted from the user terminal 10 is received, transmitted to the customer information conversion server 30, and transmitted from the customer information conversion server 30.
  • a so-called relay process is executed in which the transmitted data is received and transmitted to the terminal 10 on the user side (S1260).
  • the settlement method selected by the user is determined not to be a debit card but to another card (such as a credit card) in S124.
  • the payment processing corresponding to the card is performed in the same way as the payment processing in the system shown in Fig. 1, and the user terminal 10 and the customer information conversion server 30 are also used for this dedicated WWW.
  • the user terminal 10 accepts the payment method from the user at S 1700 and sends it to the dedicated WWW server 6, which requests a password for confirming the payment from the dedicated WWW server 6.
  • a screen for inputting a password is displayed on the display device, and the user is prompted to input a password for confirming the payment using a debit card.
  • the dedicated WWW server 6 transmits the personal identification number to the customer information conversion server 30 by the above-described relay processing.
  • the customer information conversion server 30 debits the data. Execute the process for credit card settlement.
  • the password for payment confirmation input from the dedicated WWW server 6 is decrypted, and the user to be paid is sent to the electronic payment system in advance.
  • a so-called authentication process is performed to determine whether or not the user is a registered user.
  • the process proceeds to S1370, and the settlement result (in this case, information indicating that settlement is impossible) is transmitted via the dedicated WWW server 30.
  • the data is transmitted to the user terminal 10, and if the user is successfully authenticated in S 1320, the process proceeds to S 1330, where the user terminal 10 is debited. Request ID for credit card payment. This request is made via the dedicated WWW server 30.
  • the user terminal 10 sends the payment confirmation password at S 1800, and then debits from the customer information conversion server 30 at S 1900.
  • the request for the card payment ID is accepted, and in accordance with the request, the debit card payment ID is extracted from the IC card 12, encrypted, and transmitted to the dedicated WWW server 6.
  • the customer information conversion server 30 sends a settlement result indicating that settlement is impossible via the dedicated WWW server 6, the user-side terminal 10 does not execute the processing of S1090.
  • the flow shifts to S110, and the settlement result (settlement impossible) is displayed on the display device.
  • the processing of S1330 requests the payment ID, and Processing, the payment ID from the IC card 1 2 It is read, encrypted and transmitted.
  • the debit card payment ID transmitted from the user terminal 10 to the dedicated www server is transferred to the customer information conversion server 30.
  • the customer information conversion server 30 receives and decodes the debit card settlement ID at S1340, and uses the decoded settlement ID to perform debit card settlement.
  • Client information (encrypted name, account number, password, etc.) is extracted from the customer / encryption information database 32. Then, in S 1 350, the extracted customer information is decrypted and returned to unencrypted customer information, and the customer information and shopping information are transmitted to the customer information transmission table storage server 60. I do.
  • the customer information transmission table storage server 60 receives the customer information and tribute information transmitted from the customer information conversion server 30 and temporarily stores them in the transmission table (S14). 1 0), followed by connecting to the payment card of the debit card payment center 90 via a dedicated line in S 144, and then storing it in the transmission table in S 144
  • the settlement request including the customer information and the purchase information is transmitted to the settlement computer of the debit card settlement center 90.
  • the debit card settlement center 90 executes the above-described settlement processing, and the settlement result is transmitted to the debit card settlement center 90. Since it is transmitted from 0 to the customer information transmission table storage server 60, the customer information transmission table storage server 60 receives the settlement result at S144, and sends it to the customer information conversion server. Send to 30.
  • the customer information conversion server 30 transmits the customer information and the tribute information to the customer information transmission table storage server 60 in S1350, and thereafter, in S1360, Wait for the payment result to be sent from server 60. That is, when the settlement result is received at S1360, the process proceeds to S1300, and the settlement result is transmitted to the user terminal 10 via the dedicated WWW server 6. .
  • the user terminal 10 After transmitting the debit card payment ID to the dedicated WWW server 6 at S1090, the user terminal 10 setstle the payment result from the dedicated WWW server 6 at S110. Waiting for the payment to be sent, and receiving the payment result, displays it on the display device.
  • the settlement result is transmitted by e-mail to the e-mail address of the user registered in advance, or the customer information conversion server 3 In the processing of S 1370 in 0, instead of transmitting the settlement result to the user terminal 10, the settlement result is transmitted by e-mail to the mail address of the user registered in advance What should I do?
  • the electronic payment system similar to the system shown in FIG. 1, in addition to the payment using a credit card, the payment using a debit card using an external debit card payment center is performed. It can be performed. For this reason, the range of payment methods that can be selected by the user can be expanded, and a sales system that is easy for the user to use can be constructed.
  • the communication between the user terminal 10 and the dedicated WWW server 6 ((1), (2), and (3) shown in Fig. 12) is performed via the Internet 2, and these communications use encrypted data.
  • the customer information name, account number, password number, etc.
  • the customer information conversion server is S 1
  • a password for reconciliation confirmation was obtained from the user terminal, and after the user was authenticated using this password, the process for debit card payment was executed. Authentication using this password is not necessarily required.
  • the customer and the encryption information database 32 installed in the closed network 20 which is the center of the system are debited.
  • the customer information for card settlement is stored, and at the time of debit card settlement, the customer information conversion server 30 reads out the customer information of the user from the customer / encryption information database 32 and contributes to the customer information.
  • the information has been described as being transmitted to the debit card settlement center 90 via the customer information transmission table storage server 60, for example, the customer information for debit card settlement that can be used in the system is described. Is registered in the database of the debit card settlement center 90 (or the database for the system is debited).
  • the customer information conversion server 30 uses the debit card settlement password and ID acquired from the terminal 10 on the user side for debit card settlement. It may be transmitted directly to the credit card settlement center 90 (or via the customer information transmission table storage server 60). In other words, even in this case, the debit card settlement center 90 can acquire the customer information based on the personal identification number and the ID and collect the usage fee from the user's bank account.
  • the electronic settlement system which collects a fee from a user using a wide area network such as the Internet has been described. Processing system According to this, even if a third party obtains information flowing through a wide area network, it is difficult to obtain personal information from the user, and a system with extremely high security can be constructed. By using the system of the present invention, it is also possible to provide various services for managing personal information of users.
  • the main body of the user terminal 10 (in addition to the dedicated terminal, information devices such as personal computers and mobile phones, home appliances such as video game machines and televisions, and in-vehicle devices such as navigation devices for automobiles) Etc.) or a remote control device for remote operation of this, incorporating a vital measurement device for human body (a measuring device for pulse, blood pressure, body fat, oxygen, carbon dioxide, etc.) and measuring with the measuring device
  • a vital measurement device for human body a measuring device for pulse, blood pressure, body fat, oxygen, carbon dioxide, etc.
  • the value is converted to data, and transmitted along with the identification information to the system-specific WWW server in an encrypted (for example, 128-bit SSL) format.
  • the server stores the data in the user's health management database, and further stores the data.
  • the user's personal data stored in the health management database can be freely checked by operating the terminal in addition to sending it by e-mail.
  • the health management database is connected to the hospital network of a regional hospital or a medical computer at a private clinic via a communication line, and the health management database is used by each of these medical institutions. If possible, each medical institution can share personal data of users as a common patient data, and each medical institution can provide medical treatment such as receipt data in a health management database. If the history is written and the medical history can be shared by each medical institution, it will also be useful for preventing double administration of drugs and avoiding dangers by swallowing drugs.
  • the IC card used in the above embodiment can be used as a consultation ticket common to a plurality of medical institutions, the user can receive medical examinations at a plurality of medical institutions with one card. User convenience can be improved.
  • the medical institution can improve the accuracy of diagnosis by sharing personal information for each patient, and can perform highly reliable medical treatment using a highly secure database. It will always be useful.
  • a personal information database for accumulating the personal health state of the user and the medical history at the medical institution as personal information for health management is constructed.
  • a health management system that allows a doctor at a medical institution authorized by a user to freely access the personal information database and update or search for personal information will be described.
  • FIG. 14 shows the overall health management system.
  • Fig. 15 is a block diagram showing the configuration.
  • Fig. 15 shows the user terminal and the dedicated WWW server 6 and the customer information conversion server 30 that make up this system.
  • FIG. 16 is a flowchart showing a procedure for registering and browsing personal information executed when the personal information is managed. This is a flowchart showing personal information management processing.
  • the health management system is installed in a close network 20 connected to the Internet 2 via a firewall (not shown) or a firewall in substantially the same manner as the above embodiments. It has a dedicated WWW server 6, a customer information conversion server 30, a customer information conversion server 30, and a customer / encryption information database 32 that function.
  • the personal information database 64 described above, a personal information management server 62 for managing the database, and personal information stored in the personal information database 64 can be used.
  • a doctor information database 66 in which information representing doctors is registered, and a doctor viewing dedicated WWW server 68 used for disclosing personal information to doctors.
  • the personal information management server 62 functions as the personal information management means (in other words, the information processing means) of the present invention.
  • the doctor information database 66 corresponds to the personal information user database of the present invention (claim 11).
  • the user's personal health condition eg, pulse, blood pressure, body fat, oxygen, carbon dioxide, blood flow, blood, hair, nails, oral membrane, oral mucosa, saliva, etc.
  • a vital measuring device 10a is provided with a vital measuring device 10a, and the data measured by the vital measuring device 10a is stored in the Internet card stored in the IC card 12.
  • Key for connecting to 2 Access information an authentication ID as authentication information (if an authentication server is installed on the Internet 2), and a connection encryption ID as encrypted identification information). Sent to dedicated WWW server 6.
  • the user terminal # 0 connects to the measurement data.
  • the user terminal 10 becomes the dedicated terminal.
  • a browsing request is transmitted to the WWW server 6 in which the browsing conditions are given a connection encryption ID.
  • the user terminal 10 A request signal is transmitted to the dedicated WWW server 6 in which information representing the individual user of the personal information requested to be browsed or updated is added with a connection encryption ID.
  • the dedicated WWW server 6 transfers the information transmitted from the user terminal 10 to the customer information conversion server 30, and the customer information conversion server 30 decrypts the connection encryption ID.
  • the user who has transmitted the request this time determines whether or not the user is a customer of the system.
  • a customer, a customer; customer information stored in the encrypted information database 32 (in this embodiment, information indicating whether a registrant or a physician of personal information;
  • the information indicating the transmission method and transmission destination of the information, the information indicating the hospital to which the doctor belongs, and the contents of the browsing and updating requested by the user are transferred to the personal information management server 62.
  • the data of the vital information measuring device 10a is included in the data, the data is also transferred to the personal information management server 62.
  • the personal information management server 62 updates the personal information in the personal information database 64 corresponding to the user.
  • the personal information for browsing corresponding to the request is extracted from the personal information database 64 and converted to customer information. Based on the customer information obtained from the server 30, the transmission method and the destination of the viewing personal information are specified, and the extracted viewing personal information is transmitted to the user.
  • a user wishes to obtain personal information via the dedicated WWW server 6, the user publishes the personal information anonymously on the website provided by the dedicated WWW server 6, and the user sends the information by e-mail. If you wish to obtain personal information for browsing, the personal information for browsing is sent to the e-mail address attached to the customer information, and the user does not use the Internet 2 Communication means (for example, facsimile, telephone If you want to obtain personal information for browsing in, send the personal information for browsing to the user using the desired communication method.
  • the Internet 2 Communication means for example, facsimile, telephone
  • the personal information management server 62 stores personal information of the individual corresponding to the request from the personal information database 64.
  • the information is extracted and transferred to the doctor-viewing-only WWW server 68 together with the doctor's customer information.
  • the doctor-viewing dedicated WWW server 68 connects to the in-hospital network belonging to or operated by the doctor who requested the personal information, and opens a doctor-only homepage that can be viewed only on a computer owned by the doctor.
  • the processing executed by the user terminal 10 and each server 6.3 0.62 in the closed network 20 to manage the personal information in this manner will be described with reference to FIGS. 15 and 16. Will be explained.
  • a password input process is executed to receive a password input from the user (S210).
  • the user inputs a password it is determined whether or not the input password matches a password registered in the IC card 12 in advance (S220), and the password is verified. If not, it is determined that the password has been erroneously input, and the same erroneous input continuation number determination processing as in S150 described above is executed (S230), and the process returns to S210.
  • the user terminal 10 is connected to the dedicated WWW server 6 on the Internet 2 via an ISP (not shown) (S204).
  • the user terminal 10 transmits the authentication ID to the authentication server 4 and performs personal authentication after the authentication server 4 performs personal authentication.
  • the process of S2100 transition is executed.
  • the user terminal 10 executes the same Internet access processing as that in S250 described above (S250).
  • the user operates the vital measuring device 10a or operates the keyboard and mouse.
  • a connection request to the personal information management server is transmitted to the dedicated WWW server 6 (S2600).
  • the user terminal 10 waits for a request for the connection encryption ID from the dedicated WWW server 6, and when the connection encryption ID is requested, the content of the request from the user to the connection encryption ID. It generates a request signal to which the data has been added (and also to the data if there is measurement data from the vital measuring device 1 O a), and sends this to the dedicated WWW server 6 (S 2700).
  • the dedicated WWW server 6 receives this request signal and transfers it to the customer information conversion server 30 (S2140). For this reason, the customer information conversion server 30 receives the transferred request signal (connection encryption ID + request) (S2210) and decrypts the received connection encryption ID. Then, the customer information corresponding to the connection encryption ID is extracted from the customer / encryption information database 32 (S2220), and thereafter, it is determined whether the customer information corresponding to the connection encryption ID has been extracted.
  • the user who has sent the request this time determines whether or not the customer is a registered customer (specifically, a registrant of personal information or a physician authorized to view) (S22) 30) If the user is not a registered user, the processing result indicating that fact is sent to the dedicated WWW server 6. Is transmitted to the user-side terminal 10 via (S2260).
  • the customer information conversion server 30 determines that the user who has transmitted the request this time is a registrant of the personal information or a physician permitted to view the information, the information indicating the request from the user and the customer / encryption
  • the customer information acquired from the information database 32 is transmitted to the personal information management server 62 (S224).
  • the personal information management server 62 updates the personal information in the personal information database 64 or obtains personal information for browsing from the personal information database 64 according to the personal information management processing ( (See Fig. 16) and sends the processing result to the customer information conversion server 30. Therefore, the customer information conversion server 30 checks that the processing result is transmitted from the personal information management server.
  • the dedicated WWW server 6 When the processing result is received while waiting (S2250), the received processing result is transmitted to the dedicated WWW server 6 (S2250).
  • the dedicated WWW server 6 sends the processing result to the user terminal 1 in S2260.
  • the data is converted to data that can be displayed as 0 and transmitted to the user terminal 10. For this reason, after transmitting the request signal to which the connection cryptographic ID has been assigned (S 270), the user side terminal 10 waits for the processing result to be transmitted from the dedicated WWW server 6, and When the processing result is transmitted from the WWW server 6, it is received and displayed on a predetermined display device (S2800).
  • the user received the update or browsing of the personal information requested to the dedicated WWW server 6 this time by the customer information conversion server 30 and the personal information management server 62 executed the processing according to the request. Can be checked.
  • the processing result transmitted to the user terminal 10 in this series of processing is based on whether or not a request from the user has been received. Only the information indicating whether or not the processing was completed according to the above, and the personal information for browsing, etc., was processed by the personal information management server 62 in the method specified by the user in advance by the user. Sent directly to the terminal 10 or the user's information terminal (facsimile machine, telephone, personal computer, etc.).
  • the personal information management server 62 first determines in S2310 whether or not the customer information from the customer information conversion server 30 has been received. Then, when the customer information is received, the process proceeds to S230, and the customer who has transmitted the request this time registers the personal information representing his / her own health condition in the personal information database 64 from the customer information. To determine whether the user is a registered user or a physician who is permitted to view from the user who registered personal information (in other words, a physician registered in the physician information database 66). .
  • the process proceeds to S2330, and the request from the user is sent to the personal information (ie, the vital measurement device 1). It is determined whether it is update (registration) of the measurement data measured in 0a) or browsing of personal information. If it is registration of personal information, in S2340, the customer information conversion server 3 The measurement data attached to the customer information received from 0 is written as new data in the personal information database 64, and the registration result (written content) is transmitted to the user in S2350. The data is converted to data and transferred to a data transmission server (not shown). As a result, the registration result is transmitted from the data transmission server in the method specified by the user in advance.
  • the transmission of the registration result from the data transmission server is performed by e-mail or facsimile, etc., and is not transmitted directly to the user terminal 10. Therefore, the personal information management server 62 performs the registration processing separately.
  • the result of the processing indicating that is completed is transmitted to the customer information conversion server 30 (S2360).
  • the process proceeds to S230 and the user receives the request.
  • the personal information database 64 is searched according to the request of the user, and the personal information for browsing requested by the user is extracted, and in S2380, the extracted personal information is transmitted to the user.
  • the data is transmitted to a data transmission server (not shown).
  • the personal information that the user wants to view is transmitted from the data transmission server in a method specified by the user in advance.
  • the transmission of personal information from the data transmission server is performed by e-mail or facsimile, and is not directly transmitted to the user terminal 10. Therefore, the personal information management server 62 Separately, a processing result indicating that the transmission processing of the personal information has been completed is transmitted to the customer information conversion server 30 (S2360).
  • the browsable personal information extracted from the personal information database 64 is transferred to the doctor browsing-only WWW server 68 so that the doctor browsing-only WWW server 68 is transmitted to the doctor browsing-only WWW server 68.
  • Establish a doctor-only website that can only be viewed on a computer owned by the doctor In subsequent S2360, a processing result indicating that fact is transmitted to customer information conversion server 30, and the processing is temporarily terminated.
  • the doctor-only WWW server 68 of this embodiment allows the doctor to publish the personal information to the doctor in a form in which the doctor can write the medical history (in other words, the medical record information) and the medication history as the patient's personal information. Therefore, in S240, it is determined whether or not the personal information (medical treatment history, medication history, etc.) has been written by the doctor on the homepage opened to the doctor by the doctor-only WWW server 68. That is to judge.
  • S224 determines whether personal information does not need to be updated. If it is determined in S224 that personal information does not need to be updated, the process is terminated as it is. Conversely, if it is determined that personal information needs to be updated, S224 Move to 30. In S2430, personal information to be updated is acquired from the doctor-viewing dedicated WWW server 68, and in S2440, the personal information in the personal information database 64 is acquired in accordance with the acquired personal information. Rewrite the information and end the process.
  • the user terminal 10 is provided with the vital measurement device 1 Oa, and the user's health condition (pulse, blood pressure, etc.) measured by the vital measurement device ⁇ Oa is measured. , Body fat, oxygen, carbon dioxide, blood flow, blood, hair, nails, oral membrane, oral mucosa, saliva, etc.)
  • the history of the data is managed as personal information by the personal information management server 62. If necessary, the personal information can be confirmed by the user or the doctor.
  • doctors can add medical history and drug medication history as personal information of patients, so they can obtain all information necessary for treatment and diagnosis of patients using a doctor-only WWW server. Optimal treatment and diagnosis can be performed.
  • the patient can periodically check the patient's health condition and write advice for maintaining the health to the medical history etc. to the doctor. By requesting, you can maintain your health without going to the hospital.
  • the patient user permits doctors at multiple medical institutions to view personal information
  • multiple medical institutions can share the patient's personal health status, medical history, medication history, etc. This will enable medical institutions to perform more advanced medical examinations and treatments for patients. It also helps prevent double administration of drugs and avoids dangers caused by swallowing drugs.
  • personal information indicating the health condition of the user is transmitted to the outside similarly to the above-described embodiments. There is no leakage, and even if some of the personal information leaks to the outside, the user cannot be identified from the personal information. Can be used with confidence.
  • the user's personal information stored in the personal information database 64 can be viewed only by the individual user and the doctor.
  • a pharmacist browsing dedicated WWW server is installed, and pharmacists who have registered personal information in the personal information database 64 receive permission from pharmacists.
  • the personal information management server When there is a request to browse the medication history to the user, the personal information management server
  • the IC card 12 used in this embodiment can be used as a consultation ticket common to a plurality of medical institutions, the user can receive medical examinations and treatments at a plurality of medical institutions with one card. Therefore, user convenience can be improved.
  • the doctor can use the patient's personal IC card 12 which is a consultation ticket to transfer the patient's personal information. Since it can be obtained, the doctor-only WWW server 68 provided in the close network 20 can be dispensed with.
  • the electronic payment system and the health management system have been described as the embodiments of the present invention.
  • the present invention is more convenient for users by expanding or changing the system described in each of the above embodiments.
  • a secure system can be built.
  • the IC card used at home is shared by medical institutions.
  • a special terminal (STB 'personal computer ⁇ TV) is installed in the consultation room at the hospital where the prescription is used outside the hospital, and automatic authentication is performed by inserting the patient's IC card, and it is stored in the database dedicated to the patient.
  • a dedicated WWW server connected to dispensing pharmacy terminals in various places is installed in the closed network 20 so that doctors can Using a personal information viewing terminal to transfer a prescription from a doctor-viewing WWW server 68 to a prescription-only WWW server, the prescription-only WWW server transfers to a specific out-of-hospital pharmacy designated by the patient. It is recommended that prescriptions (electronic prescriptions) be sent automatically.
  • the out-of-hospital pharmacy that has received the electronic prescription can start preparing the drug immediately after receiving it, and can quickly deliver the drug to patients who visit thereafter.
  • a user terminal 10 is installed at the pharmacy window, and a patient visiting the window inserts an IC card that also serves as a consultation ticket into the user terminal 10. If personal authentication is used, the prepared medicine can be surely delivered to the patient.
  • the patient inserts the IC card 12 into the user terminal 10 installed at home, and the user terminal 1 Connect to the dedicated WWW server 6 and receive personal authentication at the customer information conversion server 30 and then access the dedicated medical institution WWW server installed at the medical institution for information on symptoms, treatment, and drugs. Questions and answers may be made interactive with the physician.
  • prescribing medications can be interrupted, and instructions for visiting the hospital can be transmitted from the doctor to the patient.
  • the patient can receive appropriate instructions faster than visiting the next day by reporting to the physician any cases where initial treatment is important or any medical condition that requires follow-up. This is very useful.
  • doctors will be able to provide the most effective treatment at home for patients who cannot be monitored, thereby providing treatment that is as close as possible to the doctor's treatment policy. This makes it possible to obtain clear answers when there is a problem with the handling and treatment of drugs, and to enjoy efficient medical services in cooperation with doctors without hospitalization. In this case, it would be very convenient for the patient if he / she could make an appointment for the next and subsequent visits.
  • the user inserts the IC card 12 into the user terminal 10 installed at home, connects the user terminal 10 to the dedicated WWW server 6, After receiving personal authentication at the customer information conversion server 30, it may be possible to access the dedicated WWW server installed at the nursing care service center so that personal information of the user can be transmitted.
  • a voice input device 10 b incorporating a voice recognition device and a microphone is connected to 10, and the user inputs a predetermined voice from the voice input device 10 b, so that the user terminal 1 0 startup (power on) and dedicated WWW If you can use voice to enter operations such as changing the content menu provided by the server 6 and entering text, you can easily and without disability even for physically challenged and elderly people. Service will be available.
  • Such a nursing care system can greatly contribute to reducing health risks in human life by introducing it not only to the elderly and those requiring care, but also to ordinary households.
  • the personal information database 64 stores the personal information of the user using the vital measurement device 10a.
  • the personal information database 64 stores the user's favorite meal menu, allergic reaction data, house layout, and power drawn into the home.
  • Personal life data of a user such as a situation, a purchase history of a car or a house, a request history of materials such as a catalog, and the like, may be stored.
  • the user terminal 10 by installing the user terminal 10 at all stores and facilities such as restaurants, pharmacies, furniture, home appliances, and financial institutions, the user can use his or her own IC card 12 when visiting the store.
  • the necessary personal life data is extracted from the personal information database 64 and analyzed at the store or facility side, so that the most suitable products can be provided to users. It becomes possible.
  • the identification information of the user is distinguished from the customer information such as the user's address, name, account number,
  • the customer information such as the user's address, name, account number
  • On a wide area network such as the Internet, by encrypting and transmitting only system-specific identification information (ID), highly secure personal authentication can be achieved. It is also possible to provide an ID service on the Internet.
  • ID system-specific identification information
  • the service provider can supply products with peace of mind if the user's identity is proved, and also has a number of options, such as credit selling to individuals, which is more advantageous in collecting fees. be able to.
  • users will be able to obtain IDs, In addition to being able to receive more efficient and secure services over the network, it also has many payment options.
  • Proof of identity can protect the human rights of users on the network, and both service providers and users can respond to sudden demand for funds on the network.
  • the network-related market including the real world, will rapidly expand and contribute to economic development.
  • the user information conversion server 30 performs personal authentication, and then accesses a dedicated terminal at home, in the office, or at a facility. If it is made possible, users will be able to remotely operate various devices at home, in the office, and at facilities using the mobile terminal as a key station.
  • the user in order to realize a comfortable living environment when returning home, the user must, for example, turn on and off the air conditioner, operate the certificate and the water supply on the go. And it can be done safely. Users can also prepare food and prepare meals on the go, for example, by controlling kitchen utensils.
  • the system of the present invention is constructed for such remote operation, a user can control various devices such as a factory line while staying at home, which makes it possible to save time and effort when going to work. Cost, and wasteful heat consumption In addition, it can reduce the probability of encountering an accident or accident with commuting, and is also useful for environmental conservation.
  • the system of the present invention if used, the individual user can be specified using the identification information (ID) sent from the user terminal to the Internet and the customer / encryption information database. Therefore, if you use the system of the present invention to sell products (data) with copyright or usage rights problems, you can prevent unauthorized duplication and resale of data, and you can settle immediately when downloading data. As a result, the rate of fee collection will increase dramatically. In addition, by using the needs response system of Application Example 4 described above, it becomes possible to distribute user-preferred content to each user individually, thereby expanding the market. .
  • the security against copyright and usage rights can be further improved.
  • the downloaded product can be used on other devices using the storage medium. The convenience for the user can be improved.
  • the user terminal is equipped with a voice input device including a voice recognition device and a microphone phone, the user can input the voice input device.
  • the user terminal can be operated by voice using the input device, but if this voice input device (in other words, a voice recognition system) is used, authentication of the user at the user terminal, Alternatively, user authentication at the customer information conversion server can be performed using voice data.
  • the speech recognition device identifies the vocabulary for the operation input by the user by extracting characteristic parameters of the sound input from the microphone and collating it with the voice data of the user registered in advance. If voiceprint data of the user is generated from the feature parameters extracted by the voice recognition device and is used as data for personal authentication, personal authentication can be performed by voice.
  • the voiceprint data may be encrypted at the user terminal and transmitted over the network.
  • the encrypted voiceprint data can be used as the identification information (ID described above) of the present invention or can be used as a password to be added to the identification information.
  • the user terminal should be equipped with a medium slot so that removable storage media such as compact flash, SD card, and memory stick can be used. In other words, this allows the user to store the data acquired on the network in a storage medium and use it freely. In this case, it is preferable to equip a PC card slot of PCMCIA as a medium slot so as to support all kinds of storage media.
  • the user terminal is a TV set-top box, and it is configured to take in output signals from a digital video camera or digital camera, convert it to TV video and audio signals, and output it, In addition to image and video data downloaded from the Internet, etc. Moving images and still images shot by these cameras can be played back on home TVs, expanding the use of user terminals.
  • the set-top box is equipped with the above-mentioned medium slot, various images reproduced on a television at home can be taken into a desired storage medium, and the image data is attached to an e-mail. Sending the information at a later time makes it easier to do anything, and the value of the user terminal can be further expanded.
  • the present invention it is possible to realize an information processing system having extremely high security without leaking customer information, and furthermore, it is possible to set information to be provided for each user. It is also possible to implement an educational system for each user, such as distributing educational intellectual text and responding to questions received from users.
  • the learning history of each user is stored in the personal information database as the personal information of the user, and the educational guidance suitable for the user is provided in accordance with the analysis of the learning history.
  • the home page to which the user terminal is connected next can be arbitrarily switched.
  • the page can be set as the optimal page for the user analyzed from the learning history of the user (so-called custom connect), and the content connection service from the beginner class to the advanced class can be set for each user. Can be realized automatically by the method. In addition, when the user's level rises, it is not necessary to change the user's IC card ⁇ terminal, data such as password and I to change the first access page. A self-contained educational system can be realized.
  • the portal site can be used. Can be freely operated on the server side for each user.
  • portal sites will be set up for each region such as municipalities, portal operators will be recruited for each municipalities, and the present invention will be shared widely in Japan. It will contribute to the information technology in Japan.
  • policies can be built more efficiently and for each region, and information can be provided without restricting regional information. This will be very convenient for users, and will greatly contribute to the promotion of computerization.
  • the electronic payment system is described in the first and second embodiments
  • the health management system is described in the third embodiment
  • various systems using these are described as independent systems in the applied example.
  • a large-scale information processing system integrating the above-described systems can be easily constructed by using one or a customer information conversion server distributed for each region.
  • Industrial applicability As described above in detail, according to the present invention, in an information processing system that provides services to individual users using a wide area network, it is possible to reliably prevent personal information from being leaked, The effect is that users can use it with peace of mind.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Software Systems (AREA)
  • Accounting & Taxation (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un système informatique assurant à un utilisateur un service du fait de l'utilisation d'un réseau longues distances, tout en empêchant de façon fiable des fuites d'information concernant l'utilisateur. A cet effet, on dispose d'un système de règlement électronique comprenant d'une part un serveur d'authentification (4), d'autre part un serveur Internet spécialisé (6) relié à l'Internet (2), et enfin un serveur de conversion d'information client (30) dans un réseau fermé (20) construit dans une institution financière ou analogue. Un terminal utilisateur (10) capable de lire les informations d'une carte à microprocesseur (12) se connecte automatiquement au serveur Internet (6) lorsque l'utilisateur connecte le terminal équipé du serveur Internet (6) pour des achats sur Internet. Il utilise à cet effet l'information d'accès et l'information d'authentification de la carte à microprocesseur (12). Lorsque l'acheteur achète un bien, l'identificateur de règlement dans la carte à microprocesseur (12) set transmis pour le règlement à un serveur de conversion d'information client (30). L'identificateur de règlement spécifie l'utilisateur, toutes les informations client, y-compris le numéro de compte, étant conservées dans une base de données.
PCT/JP2001/004717 2000-06-05 2001-06-04 Systeme et terminal informatique pour reseau longues distances, et procedes de cryptage-decryptage d'identification utilisateur WO2001095185A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU2001260711A AU2001260711A1 (en) 2000-06-05 2001-06-04 Information processing system and terminal device for wide-area network, and user identification information encrypting and decrypting methods
JP2002502658A JPWO2001095185A1 (ja) 2000-06-05 2001-06-04 広域ネットワーク用情報処理システム及び端末装置、並びに、利用者識別情報の暗号化方法及び暗号解読方法

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
JP2000-167571 2000-06-05
JP2000167571 2000-06-05
JP2000248499 2000-08-18
JP2000-248499 2000-08-18
JP2001068774 2001-03-12
JP2001-068774 2001-03-12

Publications (1)

Publication Number Publication Date
WO2001095185A1 true WO2001095185A1 (fr) 2001-12-13

Family

ID=27343619

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2001/004717 WO2001095185A1 (fr) 2000-06-05 2001-06-04 Systeme et terminal informatique pour reseau longues distances, et procedes de cryptage-decryptage d'identification utilisateur

Country Status (3)

Country Link
JP (1) JPWO2001095185A1 (fr)
AU (1) AU2001260711A1 (fr)
WO (1) WO2001095185A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003303309A (ja) * 2002-04-09 2003-10-24 Hitachi Ltd カードを利用した取引システムおよび取引方法、取引のための処理を行うコンピュータプログラム
JP2005285001A (ja) * 2004-03-30 2005-10-13 Sunstar Inc 健康支援方法及びそのシステム
JP2005310096A (ja) * 2004-03-24 2005-11-04 Fuji Xerox Co Ltd 情報処理システム及び情報処理方法、並びにコンピュータ・プログラム
JP2005338909A (ja) * 2004-05-24 2005-12-08 Dainippon Printing Co Ltd 情報登録端末、サービス端末、プログラム及び情報登録システム
US7443527B1 (en) 2002-07-12 2008-10-28 Canon Kabushiki Kaisha Secured printing system
JP2009282611A (ja) * 2008-05-20 2009-12-03 Canon Inc 情報処理装置及びその制御方法、並びにプログラム
JP5075410B2 (ja) * 2004-07-07 2012-11-21 株式会社 アスリート テレビ受像機及びクライアント端末
JP2019510326A (ja) * 2016-01-26 2019-04-11 キム、グム チョルKIM, Geum Cheol インターネットポータルシステムとその使用方法
KR20220085984A (ko) * 2020-12-16 2022-06-23 주식회사 에비드넷 공통 가명아이디의 교차 암호화를 이용한 트레이서블 의료데이터 제공시스템 및 방법
US12159306B2 (en) 2019-08-22 2024-12-03 Toshiba Tec Kabushiki Kaisha Shopping support device, shopping support system, and shopping support method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07141442A (ja) * 1993-11-19 1995-06-02 Sanyo Electric Co Ltd ヘルスケアシステムの医療情報管理装置
WO1996008783A1 (fr) * 1994-09-16 1996-03-21 First Virtual Holdings, Inc. Systeme de paiement informatise pour l'achat de produits d'information par transfert electronique sur internet
JPH10105614A (ja) * 1996-10-02 1998-04-24 Dainippon Printing Co Ltd クレジットカードを利用したオンラインショッピングシステム
JPH1117675A (ja) * 1997-06-24 1999-01-22 Fujitsu Ltd 情報管理システム及び装置
JPH1196363A (ja) * 1997-09-17 1999-04-09 Techno Imagica Kk 指紋認証による決済方法
JPH11203371A (ja) * 1998-01-08 1999-07-30 Nippon Conlux Co Ltd Icカードを用いた決済方法およびシステム

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07141442A (ja) * 1993-11-19 1995-06-02 Sanyo Electric Co Ltd ヘルスケアシステムの医療情報管理装置
WO1996008783A1 (fr) * 1994-09-16 1996-03-21 First Virtual Holdings, Inc. Systeme de paiement informatise pour l'achat de produits d'information par transfert electronique sur internet
JPH10105614A (ja) * 1996-10-02 1998-04-24 Dainippon Printing Co Ltd クレジットカードを利用したオンラインショッピングシステム
JPH1117675A (ja) * 1997-06-24 1999-01-22 Fujitsu Ltd 情報管理システム及び装置
JPH1196363A (ja) * 1997-09-17 1999-04-09 Techno Imagica Kk 指紋認証による決済方法
JPH11203371A (ja) * 1998-01-08 1999-07-30 Nippon Conlux Co Ltd Icカードを用いた決済方法およびシステム

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PETER WAYNER, TRANSLATION: HIROSHI KAWAFUKU: "Digital cash technology", SOFTBANK K.K., 20 May 1997 (1997-05-20), pages 75 - 91, XP002944193 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003303309A (ja) * 2002-04-09 2003-10-24 Hitachi Ltd カードを利用した取引システムおよび取引方法、取引のための処理を行うコンピュータプログラム
US7443527B1 (en) 2002-07-12 2008-10-28 Canon Kabushiki Kaisha Secured printing system
US7839515B2 (en) 2002-07-12 2010-11-23 Canon Kabushiki Kaisha Secured printing system
JP2005310096A (ja) * 2004-03-24 2005-11-04 Fuji Xerox Co Ltd 情報処理システム及び情報処理方法、並びにコンピュータ・プログラム
US8092383B2 (en) 2004-03-30 2012-01-10 Sunstar Inc. Health support method and system thereof
JP2005285001A (ja) * 2004-03-30 2005-10-13 Sunstar Inc 健康支援方法及びそのシステム
WO2005096199A1 (fr) * 2004-03-30 2005-10-13 Sunstar Inc. Procede d'aide de sante et son systeme
JP2005338909A (ja) * 2004-05-24 2005-12-08 Dainippon Printing Co Ltd 情報登録端末、サービス端末、プログラム及び情報登録システム
JP5075410B2 (ja) * 2004-07-07 2012-11-21 株式会社 アスリート テレビ受像機及びクライアント端末
JP2009282611A (ja) * 2008-05-20 2009-12-03 Canon Inc 情報処理装置及びその制御方法、並びにプログラム
JP2019510326A (ja) * 2016-01-26 2019-04-11 キム、グム チョルKIM, Geum Cheol インターネットポータルシステムとその使用方法
US12159306B2 (en) 2019-08-22 2024-12-03 Toshiba Tec Kabushiki Kaisha Shopping support device, shopping support system, and shopping support method
KR20220085984A (ko) * 2020-12-16 2022-06-23 주식회사 에비드넷 공통 가명아이디의 교차 암호화를 이용한 트레이서블 의료데이터 제공시스템 및 방법
KR102554255B1 (ko) 2020-12-16 2023-07-11 주식회사 에비드넷 공통 가명아이디의 교차 암호화를 이용한 트레이서블 의료데이터 제공시스템 및 방법

Also Published As

Publication number Publication date
JPWO2001095185A1 (ja) 2004-01-08
AU2001260711A1 (en) 2001-12-17

Similar Documents

Publication Publication Date Title
US6595342B1 (en) Method and apparatus for a biometrically-secured self-service kiosk system for guaranteed product delivery and return
US7188110B1 (en) Secure and convenient method and apparatus for storing and transmitting telephony-based data
US8316237B1 (en) System and method for secure three-party communications
US7729925B2 (en) System and method for facilitating real time transactions between a user and multiple entities
US8600895B2 (en) Information record infrastructure, system and method
CN100422988C (zh) 以用户为中心的上下文知晓转换模型
US20020073042A1 (en) Method and apparatus for secure wireless interoperability and communication between access devices
US8783566B1 (en) Electronic registration kiosk for managing individual healthcare information and services
US9015112B2 (en) Information processing device and method, program, and recording medium
JP2005512234A6 (ja) 顧客中心コンテキストアウェア切換モデル
JP2010503942A (ja) セキュア汎用取引システム
JP2003510706A (ja) 電子書籍のセキュリティ及び著作権保護システム
Spinsante et al. Remote health monitoring for elderly through interactive television
EP1247265A1 (fr) Systeme securise de commerce electronique
WO2002025520A1 (fr) Procede d'abonnement, procede d'authentification d'abonnement, procede de confirmation d'abonnement, serveur d'abonnement, terminal de magasin, terminal portatif et support d'enregistrement
TW201222453A (en) Server system, method for executing server system, and external memory
WO2001095185A1 (fr) Systeme et terminal informatique pour reseau longues distances, et procedes de cryptage-decryptage d'identification utilisateur
US20030110133A1 (en) Automated digital rights management and payment system with embedded content
US20040133451A1 (en) Anonymous e-health commerce
JPH1153668A (ja) 災害時情報システム
JP2010066929A (ja) サーバシステム、電子機器、通信端末及び認証方法
JP2005327243A (ja) 情報端末を利用したポイントシステム
JP2004118441A (ja) ユーザ情報利用方法およびユーザ情報利用システム
US20050222962A1 (en) Method, system and computer program for a shared access multi-use computer terminal accessible to operators and customers
JP2002359618A (ja) 個人情報保護システム及び個人情報保護方法

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase

Ref country code: JP

Ref document number: 2002 502658

Kind code of ref document: A

Format of ref document f/p: F

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载