JP3365599B2 - Electronic check system - Google Patents

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an improvement of an electronic check system applied to a commercial transaction (referred to as electronic commercial transaction) through a communication network.

[0002]

2. Description of the Related Art Conventionally, in commerce, cash, bills,
Settlements have been made on the basis of a physical medium such as a check, in which the monetary value is embodied in a specific piece of paper or metal.

However, in recent years, due to the rapid development of communication networks, all kinds of information can be exchanged through the communication networks, and when commercial transactions called electronic commerce, which are called electronic commerce, can be realized, the parties involved in electronic commerce can In the meantime, a settlement method other than the method of transferring the possession of the physical medium is required.

Therefore, an electronic check system as shown in FIG. 1 is disclosed in Japanese Unexamined Patent Publication No. 6-162059, and the electronic check system is being studied.

[0005]

By the way, in the electronic check system described above, the electronic check is information represented by a simple bit string of "0" and "1". Therefore, how to prevent the copying and forgery of such information, and the security of the management of the keys used when the counterparty of the transaction is confirmed and the electronic check is given and received by cryptographic technology. How to secure it will be the most important issue.

[0006] For example, in FIG. 1 showing the above system, the payer 3 is transferred to the bank 1 through the communication network.
Suppose you have sent a request to issue an electronic check for 10,000 yen. Bank 1
Then, when receiving this issuance request, 1 from the account of payer 3
Withdraw 100,000 yen and payer 3 with 1 electronic check
You will have to pay 10,000 yen.

At the time of payment by this electronic check, even if the 10,000 yen information transmitted from the bank 1 through the communication network is encrypted in such a manner that the payer 3 cannot decipher the information, the payer 3 still receives the information. Copying the information as it is received is quite simple. Moreover, even if the payer 3 does not know the contents of this information, it is known that this information is worth 10,000 yen.

Therefore, even if the payer 3 makes a copy of this electronic check of 10,000 yen and uses it not only for the payment to the store 5 but also to the store 7, the electronic check is copied at the store 7. It is not possible to judge whether it is a thing or not. The store 5 can also copy this electronic check and use it again for payment to others (not shown).

Therefore, in the above system, the following measures are taken as a method for preventing double use of the same electronic check. That is, a certification authority that centrally registers issued electronic checks is set up, and the certification module is made to regularly access the money module storing the electronic checks through a communication network to check for duplicate or illegal use of electronic checks. As required by electronic check owners.

However, according to this method, when an unspecified number of individuals own electronic checks, the load on the certification authority becomes very large. Further, there is a problem in that the use of the electronic check is restricted by the operating time of the certification authority, or even if the certification authority operates for 24 hours, if the certification authority goes down, the electronic check cannot be used. In addition, when a large number of unspecified individuals exchange electronic checks of a relatively low amount a large number of times, there is a problem in that the ratio of communication costs to the certification authority increases.

Therefore, a first object of the present invention is to detect and use a copy of an electronic check by communication only between parties of a transaction (that is, offline communication) in a system having many electronic check owners. It is an object of the present invention to provide an electronic check system that enables other people to pay by electronic check.

[0012] A second object of the present invention is to manage keys used safely and easily when the confirmation of the other party of the transaction and the exchange of electronic checks are performed by the cryptographic technique. It is to provide an electronic check system capable of confirming a signature.

[0013]

According to a first aspect of the present invention, an electronic check system is possessed by a bank computer for issuing and paying an electronic check, and a plurality of users who use the electronic check, respectively. And an IC card. When a bank computer issues an electronic check, it gives the electronic check the electronic signature of the bank. The IC card of each user stores the private key and public key of each user and the public key of the bank. The secret key of each user is kept secret in the IC card so that it will not be leaked to the outside of each IC card.

When each user receives an electronic check from a bank or another user, the user's IC card can communicate with the check payer's device, ie the bank computer or another user's IC card. And sends the user's public key to the payer device and receives the electronic check from the payer device. Next, the IC card of the user decrypts the received electronic check by using each user's private key, and subsequently, confirms that the bank signature included in the decrypted electronic check is correct. Confirm using the bank's public key. As a result, when it is confirmed that the bank signature is correct, the received electronic check is officially received and stored.

On the other hand, when each user tries to give an electronic check to another user, the IC card of the user is communicatively connected to the IC card of the other party, and first, the IC card of the other party. From the other party's public key, and then
The electronic key of the transmission target is encrypted using the received public key of the partner, and the encrypted electronic check is transmitted to the partner card. The counterpart card confirms the legitimacy of the signature of the electronic check transmitted by performing the same processing as the above-mentioned operation upon receipt of the check, and then officially receives it.

As described above, in the present system, the key communication at the time of giving and receiving an electronic check simply notifies the other party of the public key of each person, without making communication with the third party. This makes it easy to manage keys.

The electronic check system according to the second aspect of the present invention includes a bank computer for issuing and paying electronic checks, and an IC card possessed by each of a plurality of users who use the electronic checks. Prepare When a bank computer issues an electronic check, it gives the electronic check a plurality of numbers arranged in a certain order. Further, when each user's IC card receives an electronic check from another user's IC card, it first generates a random number and sends it to the other party's IC card. The IC card of the other party changes the order of a plurality of numbers in the electronic check to be transmitted according to the random number under a certain rule, and then transmits the electronic check to the IC card of the user. IC of the user
The card checks whether or not the order of multiple numbers in the electronic check received from the other party is changed correctly according to the random number sent to the other party, and only when it is confirmed to be correct, the electronic check is confirmed. Officially receive.

In this way, if a user makes a copy of an electronic check that had been sent in the past payment and sends this copy again for another payment, it will be included in the copy. Since the order of the plurality of numbers is changed based on the random number at the time of past transmission, it is different from the order based on the random number at the time of current transmission. Therefore, the receipt of the copy is refused and the illegal double use of electronic checks is prevented.

In the preferred embodiment, the configurations of both of the above two systems are combined. In this embodiment, when the bank computer receives an electronic check from the user's IC card, the signature confirmation and the number string of the received electronic check are received in the same manner as when the electronic check is exchanged between the user's IC cards. Confirm the order.

[0020]

DESCRIPTION OF THE PREFERRED EMBODIMENTS First, the principle background of the electronic check system of the present invention will be described.

Cryptographic processing is essential in this type of electronic check system. In particular, in the system according to the present invention, not only is the communication text encrypted, but the communication text is signed (electronic signature), and the other party (ie, A public key cryptosystem having a function of confirming the sender is used.

The method of confirming the other party by using this public key encryption is as disclosed in Japanese Patent Laid-Open No. 60-26378 (digital signature method) and the like. That is, in principle, the sender side compresses the communication text, decrypts the compressed data with the secret key, and sends it to the other party (recipient side) together with the communication text as an authenticator. Does the other party receiving the message and the authenticator have the same result as the result of encrypting the authenticator with the public key of the other party and the result of compressing the message by the same method as the sender side? Check if This makes it possible to confirm that the message is sent from the correct party (from the party having the secret key).

Next, the above-described principle will be specifically described with reference to FIG. 2 showing an electronic check system according to an embodiment of the present invention. In FIG. 2, for simplification, the components of the electronic check system are shown in a simplified manner.

As shown in the figure, the above system includes a service beneficiary (for example, shopper) 11, a bank 15, a bank account 17 of the service beneficiary 11, a payout check payment account 21 of the bank 15, a service provider (for example, a store). 27 and its bank account 35. The service beneficiary 11 and the service provider 27 each have an IC card (not shown), and these IC cards are used as a medium for carrying an electronic check, a private key, a public key, and the like.

In FIG. 2, first, the service beneficiary 11
However, when the bank 15 requests the bank 15 to issue an electronic check, as shown by the arrow 13, the bank 15 asks the service beneficiary 11
It is confirmed whether or not the balance in the account 17 is equal to or more than the amount requested by. As a result, if the above balance is in the account 17,
The requested amount of money is transferred from account 17 to bank 15 as indicated by arrow 19.
The check is transferred to the payout account 21, and the electronic check for bank transfer is issued to the service beneficiary 11 as indicated by an arrow 23.

If the service beneficiary 11 can confirm the validity of the issued electronic check, the service beneficiary 11 receives the electronic check (Here, the reason why the check is a bank check is:
This is for the purpose of facilitating the management of cryptographic keys and ensuring payment guarantees for those who are paid by this check).

Next, the service beneficiary 11 receives a service from the service provider 27, purchases a product, etc. as shown by an arrow 25, and provides the purchase price as shown by an arrow 29. Pay 27 by electronic check. If the service provider 27 confirms that the electronic check is a legitimate check issued by a bank,
Receive this electronic check. After that, the service provider 2
7 presents the electronic check received from the service beneficiary 11 to the bank 15 as indicated by arrow 31, and requests payment.

If the bank 15 confirms the legitimacy of the electronic check presented by the service provider 27 and, as a result, confirms that the electronic check is a self-issued electronic check, the bank 15 changes the face value as indicated by arrow 33. The payout check payment account 21 is transferred to the account 5 of the service provider 27.

To implement the electronic check system described above, the bank 15, the service beneficiary 11, the service provider 2
7 owns the private key and the public key, respectively, and it is necessary to verify the signature of the other party each time a transaction is made. Moreover, it is important to conceal its own private key, and the public key of the communication partner must be easily obtained.

In the above system, the bank 15 usually
A computer center (not shown) is provided in order to efficiently perform one's own business. Therefore, the private key or public key of the bank 15 can be placed in the computer center (of course, this private key must be managed with strict caution). However, service beneficiary 1
Since most of them are individuals, the service provider 27 cannot own a computer center such as the bank 15, and the management method of the private key becomes a problem.

Therefore, the service beneficiary 11 and the service provider 27 store the private key in an IC card having tamper resistance (that is, illegal modification of internal data is practically impossible). I will. Here, an IC card having tamper resistance is at least CP.
U, memory, I / O port, etc., which cannot be directly accessed from the outside.
The memory card is an IC card that is controlled by the CPU and exchanges data with the outside via an input / output port.

For the above-mentioned reason, the service beneficiary 11 and the service provider 27 need to have the IC card storing the private key of their own, which can be obtained by the following method.

First, the service beneficiary 11 and the service provider 27 open accounts 17 and 35 in the bank 15 in advance, respectively, and request the bank 15 to use the electronic check system. After confirming the identities and qualifications of the service beneficiary 11 and the service provider 27, the bank 15 issues an IC card storing the private keys of these users (11, 27).

In these IC cards, in addition to the private key, signature information only the legitimate IC card issued by the bank 15, the IDs and public keys of the users (11, 27), the public key of the bank 15 and the bank 15 A function for confirming the signature of the electronic check issued by, a function for encrypting and decrypting the communication text, a function for storing and managing the received electronic check, etc. are required. These functions can be realized by incorporating them as programs in the IC card.

Regarding the key generation of the user (11, 27), the private key of the user (11, 27) in the bank 15
Although the public key can be generated, the private key and the public key can be generated without the bank 15 itself being involved.
For the private key of 1, 27), the user (1
1, 27) It is desirable to take a form that the person cannot know. As this method, there is a method in which the CPU uniquely generates the private key and the public key of the user (11, 27) in the IC card and notifies the bank 15 only the public key. Further, when the key generation is difficult due to the processing capacity of the IC card, the bank 15 generates the public key and the private key of the user (11, 27), but the private key of the user (11, 27) is the IC It is desirable to store it only in the card and not hold it in the bank 15. In any case, the computer center of the bank 15 stores the user ID of the issued IC card and the public key. In addition, the user (11,
The private key 27) is stored in the IC chip of each user's IC card in a state where it cannot be read out of the IC chip.

Using the IC card issued in this way, the electronic check can be exchanged between the bank 15 and the service beneficiary 11 or the service provider 27, or between the service beneficiary 11 and the service provider 27. Will be done.

First, referring to FIG. 2, the service recipient 11
If the bank issues an electronic check from the bank 15, the bank 15
Generate the data that makes up the electronic check, and
The electronic signature of Then, the entire electronic check with this electronic signature is encrypted with the public key of the service beneficiary 11, and then sent to the IC card of the service beneficiary 11. When the IC card of the service beneficiary 11 receives the entire encrypted electronic check, it decrypts the electronic check using its own private key and confirms the bank 15 proof using the bank 15 public key.

At this time, the bank 15 needs to retrieve the public key of the service beneficiary 11 based on the user ID of the service beneficiary 11, but since it is a public key, strict security is not required. Also, the service beneficiary 11
The IC card decrypts the above data without leaking the private key stored in its own chip to the outside and verifies the electronic signature of the bank 15 using the public key of the bank 15 stored in itself. be able to.

Next, referring to FIG. 2, the service beneficiary 11
A case will be described in which the bank pays an electronic check issued by the bank 15 to the service provider 27.

It is confirmed that the IC card of the service beneficiary 11 and the IC card of the service provider 27 each have the signature information and confidential information of the bank 15 showing the validity embedded when issued from the bank 15. Mutual authentication is performed by The two IC cards, which have been confirmed to be mutually valid communication partners, exchange their public keys.
The IC card of the service beneficiary 11 encrypts the electronic check with the electronic signature of the bank 15 using the public key of the service provider 27 and sends it to the IC card of the service provider 27. The IC card of the service provider 27 decrypts the data without leaking its own private key to the outside, and confirms the electronic signature of the bank 15 using the public key of the bank 15 stored in itself. The service provider 27 can confirm that the electronic check of the bank 15 is issued by confirming the electronic signature of the bank 15. Furthermore, the service provider 27 can pay the third party who has the IC card legally issued by the same method with the electronic check received from the service beneficiary 11.

If the bank of the electronic check is the bank 15, the public key of the bank 15 commonly existing in the IC cards can be used to confirm the electronic signature of the bank 15. Management becomes very easy. Note that the sender of the electronic check can be the service beneficiary 11 who is the requester of the bank 15, but means for obtaining the public key of the service beneficiary 11 for confirming the electronic signature of the service beneficiary 11. Is a problem.

That is, when the public key of the service beneficiary 11 is passed from the service beneficiary 11 to the service provider 27, the service beneficiary 11 acts fraudulently and an electronic signature is made using the private key and the public key generated independently. And the public key is sent to the service provider 27,
Cannot determine whether the service beneficiary 11 has committed fraud. Therefore, the IC card of the service provider 27 possesses the public key of the service beneficiary 11 before the transaction with the service beneficiary 11, or the service beneficiary from the bank 15 or a fair third party (not shown). 11
It is necessary to obtain the public key of the IC card. this is,
It is difficult to realize with a system in which an unspecified majority trades.

According to the social belief, the bank 1 is better than the check issued by the service beneficiary 11 who is an unspecified number of individuals.
A check with a 5 is more reliable. Even if the service beneficiary 11 and the service provider 27 have a business relationship with each other and the service provider 27 accepts the check issued by the service beneficiary 11, the check of the service beneficiary 11 is issued. When the provider 27 pays to a third party (not shown), the third party refuses to receive the check issued by the service beneficiary 11 unless there is a credit relationship between the service beneficiary 11 and the third party. It may be.

Using the two IC cards thus issued, the service beneficiary 11 and the service provider 2
7 receives and pays electronic checks with the bank 15, but cannot directly exchange between these two IC cards and the bank 15.

The following methods are conceivable as means for receiving and paying electronic checks between these two IC cards and the bank 15.

(1) A method of presenting the above IC card at the counter of the bank 15.

(2) A method of using an ATM corresponding to the above electronic check system.

(3) A function for communicating with two IC cards, a function for displaying information exchanged between the two IC cards, and an operator's intention for transmitting the intention to the two IC cards. A method of using a terminal having at least an input function and a function of communicating with the bank 15.

In particular, in the method (3), the terminal applied to this is a commercially available personal computer (personal computer), IC card reader / writer (IC card R /
W), a modem, etc. can be combined and implemented.
The service beneficiary 11 can also use the terminal device to receive and settle electronic checks from home or work.

Further, in order to satisfy the condition of (3), by combining a portable terminal device that can be carried with mobile communication, it is possible to receive and settle electronic checks even from a place where the user is out. Like

Further, for payment and receipt of electronic checks between the service beneficiary 11 and the service provider 27,
The following methods are possible.

(4) In order to convey at least the communication function between the IC card of the service beneficiary 11 and the IC card of the service provider 27, the information display function, the intention of the operator, etc. in the store of the service provider 27 How to use a terminal with the input function of.

(5) A method of using the terminal shown in (3) above.

(6) A method of using a terminal which combines the above (4) and (5).

The method (4) is used when the service beneficiary 11 goes to the store of the service provider 27 and pays an electronic check there.

In the method (5), one of the service beneficiary 11 and the service provider 27 is in a remote place, and the electronic check can be paid in a state via the communication network.
For example, there is a case where paid information is received from an information provider via the Internet and the price is paid by an electronic check.

Thus, the user (service beneficiary 1
1. By incorporating the function required for encryption processing for each service provider 27) in the IC card, the terminal used in the electronic check system does not have the requirement for key management and the like. The degree of freedom in design increases, and it becomes easier to build an electronic check system that meets the needs of the times.

By the way, in the above system, when the electronic check received from the bank 15 is paid from the service beneficiary 11 to the service provider 27, the service provider 27 does not communicate with anyone other than the service beneficiary 11 (that is, offline). So), how to detect fraudulent use of paid electronic checks is an essential issue.

Next, a method for preventing duplicated use of issued electronic checks in the above system will be described with reference to FIG.

FIG. 3 is an enlarged view showing the service beneficiary 11, the bank 15, and the service provider 27 which compose the electronic check system. As is apparent from the figure, the service beneficiary 11 owns the dedicated terminal 41 and the dedicated IC card 45 applied to the method (3) described above, and the service provider 27 also has the terminal 43 of the same configuration. And owns an exclusive IC card 47. And the terminal 41,
It is assumed that the communication terminals 43, 43 and the terminals 41, 43 and the terminal of the bank 15 can be connected by a communication network.

In FIG. 3, at 49, the electronic check of, for example, 10,000 yen issued from the bank 15 is encrypted with the public key of the service beneficiary 11. This encrypted data is decrypted in the IC card 45 by the private key of the service beneficiary 11, and when paid to the service provider 27 (indicated by reference numeral 51), it is encrypted by the public key of the service provider 27. Be converted.

In this case, the data at time 49 is
Even if the service beneficiary 11 himself or a third party makes a copy and pays the service provider 27 as it is I
Acceptance of this electronic check is rejected because the C-card 47 cannot restore the correct data. The private key of the service beneficiary 11 is in the IC card 45, and
Service recipient 11
It is not possible for itself to decrypt this ciphertext 49.

However, if the service beneficiary 11 himself or a third party copies the data at the time of reference numeral 51 and pays again to the service provider 27, the IC card 47
Will decrypt it to the correct data. IC card 47
In order to determine whether this data is the original or the illegal copy, it is necessary to memorize the electronic check received in the past and retrieve it, but it is not possible to mount an infinite memory on the IC card. Not so realistic.

Therefore, as shown in FIG.
When issuing a 10,000 yen electronic check, n random numbers rbnk1 and rbnk with different values are added to the 10,000 yen electronic check data.
2, ..., Rbnkn are added, encrypted with the public key of the service beneficiary 11, and transmitted to the IC card 45.

When this encrypted data is received, I
The C card 45 is decrypted with its own secret key into an electronic check of 10,000 yen. When the IC card 45 transfers the electronic check to the IC card 47, first, the IC card 4
N random numbers rb1, rb2, ..., Rb having different values from 7
get n. Next, these random numbers rb1, rb2, ..., rb
Bank 15 depending on the reception order (arrangement order) and size of n
, Rbnk2, ..., rbnkn
Change the order of by a certain rule. Then, it is encrypted with the public key of the service provider 27 and transmitted to the IC card 47.

In the IC card 47, the electronic check data received from the IC card 45 is decrypted, and then the relation between the order and the size of the random number transmitted by itself is determined, and rbnk1 and rbnk.
It is checked whether or not the relationship of the arrangement order of 2, ..., rbn is changed according to the rule, and if it is not according to the rule, the receipt of the electronic check is refused. Therefore, even if the service beneficiary 11 copies the data output from the IC card 45 at the time of the reference numeral 51, the relationship between the order and size of the random numbers rb1, rb2, ..., rbn generated from the IC card 47. It cannot be used unless it matches the time when it was copied.

Here, the probability that the service beneficiary 11 who copied the data at the time of reference numeral 51 can normally make a transaction with the service provider 27 is 1 / n! Is. A specific example is as follows. Therefore, if the number n of random numbers is about 7 or more, there will be no practical problem.

Probability (n = 5) = 1/5! = 1/120 ≈ 0.83% Probability (n = 6) = 1/6! = 1/720 ≈ 0.14% Probability (n = 7) = 1/7! = 1/5040 ≈ 0.02% Probability (n = 8) = 1/8! = 1/40320 ≈ 0.002% Probability (n = 9) = 1/9! = 1 / 362880≈0.0003% In the illustrated system, rbnk1 to rbnkn
Is 5 random numbers, and the magnitude relationship of rbnk1 to rbnk5 is rbnk1 <rbnk2 <rbnk3 <rbnk4.
<It is as rbnk5. The IC card 45 receives the random numbers from the IC card 47 in the order of rb1, rb2, rb3, rb4, and rb5. Then, rb1 = 1 and rb2 =
4, rb3 = 2, rb4 = 5, rb5 = 3, the IC card 45 uses the random numbers rbnk1 and rbn.
The packets are rearranged in the order of k4, rbnk2, rbnk5, and rbnk3 and transmitted to the IC card 47.

Next, a procedure for issuing an electronic check ledger (that is, an IC card) required to use the above system will be described.
This will be described with reference to the flowchart of FIG.

The service beneficiary 11 and the service provider 27, who are users of the electronic check, need to have the bank 15 issue an IC card as an electronic check ledger.
The procedure when the bank 15 issues an IC card to the service beneficiary 11 will be described below. This procedure is performed by the service provider 27
It is also applied when issuing IC cards to.

First, in preparation for issuing an IC card, the bank 15, which is the issuing bank of an electronic check, generates a public key KPBNK and a secret key KSBNK necessary for signing an electronic check, and publishes the public key KPBNK. Keep it. The secret key KSBNK is placed under strict control.

In step S101, the service beneficiary 11 requests the bank 15 to issue an IC card,
Upon receiving this request, the bank 15 confirms the identity of the service beneficiary 11 in step S102, and if the requester is the service beneficiary 11, the bank 15 checks whether the service beneficiary 11 has an account. If the service beneficiary 11 does not have an account, the account is opened. The method by which the bank 15 confirms the identity of the service beneficiary 11 is such that public information such as a driver's license, passbooks and seals issued by the bank 15, secret information that only the person knows, such as a personal identification number, are known. Confirmation by information, methods using biological characteristics such as voice prints, fingerprints, etc. are performed alone or in combination.

Next, in step S103, the bank 1
5 is an IC card 4 issued for the service beneficiary 11
5 to own public key KPBNK, private key KSBN
K, the user ID (IDa) is notified. Then, with respect to the IC card 45, the public key KP of the individual who receives the service 11
A is requested to issue the secret key KSA and to generate a signature Sa for the user ID (IDa) and public key KPA. The IC card 45 discards the private key KSBNK of the bank 15 after generating the signature Sa. If the IC card 45 has no key generation capability, the bank 15 does not generate the public key KPA and the secret key KSA or the signature Sa for the public key KPA.
At the center.

Next, in step S104, the IC card 45 that has received the key generation request is the service recipient 11
After generating the individual public key KPA and the private key KSA, the user ID (IDa) and the signature Sa for the public key KPA are generated by the private key KSBNK of the bank 15. IC
The card 45 includes KPBNK, KSA, KPA, IDa,
Sa is stored and the public key KPA is sent to the bank 15.
To notify. When the IC card 45 generates a personal public key and a private key, it is necessary to use the date and time at the time of requesting key generation, a random number, and the like so that the same key is not generated.

Next, in step S105, the bank 1
5 stores IDa and public key KPA.

Next, with reference to the flow charts of FIGS. 6 and 7, the issuing of an electronic check using the IC card issued as described above will be described.

FIGS. 6 and 7 show the procedure when the service beneficiary 11 requests the bank 15 to issue an electronic check.

First, in step S111, the service beneficiary 11 can use the IC card 45 in the bank 15
A request for issuing an electronic check is made to the bank 15 via the terminal 41 that can communicate with the ATM or the bank 15 through the communication network and can use the IC card 45 that is the electronic check ledger. The IC card 45 and the service beneficiary 11 and the bank 15 actually communicate with each other through the ATM or the terminal 41, but since these devices only relay information, they will be omitted from the following description. .

Next, in step S112, the IC card 45 that has received the distribution request confirms the identity of the service beneficiary 11 with the service beneficiary 11. As a method of identifying the individual, a method utilizing biological characteristics such as a personal identification number, a voice print, a fingerprint, etc. is used alone or in combination. After that, in step S113, if the IC card 45 can confirm the identity, the IC card 45 notifies the bank 15 of the electronic check issuing request from the IDa.

Next, in step S114, the IC card 45 and the bank 15 mutually authenticate and confirm that they are valid communication partners. For example, here
Mutual authentication can be performed by the following methods.
The IC card 45 encrypts KSA, IDa, and Sa with the public key KPBNK of the bank 15 and sends the encrypted KSA, IDa, and Sa to the bank 15. The bank 15 decrypts this data with its own private key KSBNK, and then checks the signature Sa with its own public key KPBNK to confirm that the IC card 45 has been legally issued. Further, the bank 15 signs the public key KPBNK and the received IDa, for example, with its own secret key KSBNK, and uses only this signature information as an IC.
Send to card 45. In the IC card 45, this signature is restored with the public key KPBNK, and the public information KPB
By verifying NK and the IDa of itself, it is confirmed that the sender of the signature information is the legitimate bank 15.

After mutual authentication is performed in this way, the bank 15 generates a random number ra in step S115,
Ra is encrypted by the one-way encryption function f and the public key KPA of the service beneficiary 11 generated at the time of issuing the electronic check ledger in the following manner and transmitted to the IC card 45.

Era = f (ra, KPA) Then, in step S116, the IC card 45
Decrypts the received Era with its own secret key KSA as follows, and requests the service beneficiary 11 to input the amount of the electronic check to be issued.

Ra = f * (ra, KSA) Here, f * represents an inverse function of the function f. Hereinafter, in this specification, a similar expression indicates an inverse function (however, in each figure, an inverse function is expressed by an expression such as f −1 power).

Next, in step S117, the service beneficiary 11 notifies the IC card 45 of the amount and the number of electronic checks to be given out. Here, 500
Consider an example of drawing out a 0 yen electronic check.

In step S118, the IC card 4
5 generates a communication message requesting the bank 15 to issue an electronic check. In this message, at least ra decrypted in step S116 and the requested transfer amount 500
Includes data of 0 yen, 1 transfer number, and the ID number (IDa) stored when the electronic check ledger was issued.

Further, in step S119, the IC card 45 generates the message authenticator MACA using the one-way function D and the secret key KSA based on the communication text generated in step S118.

MACA = D * (5000 yen, 1 sheet, r
a, IDA, ..., KSA) The MACA generated here is added to the communication text generated in step S118. In this embodiment, the processing of the above function (obtaining the authenticator) is performed in the manner as shown in FIG.

Then, in step S 120, the communication text + MACA generated in step S 119 is encrypted with the one-way encryption function Freq and public key KPBNK as follows, and this is transmitted to the bank 15.

Ereq = Freq (drawing request message for one electronic check of 5000 yen + MACA, KPBNK) In this embodiment, the processing of the above function (when performing encryption / decryption) is as shown in FIG. Indicates to encrypt. Further, in this embodiment, the + operator indicates that the data are connected as shown in FIG.

Next, in step S121, the bank 15 receiving the ciphertext Ereq, the private key KSBN of its own.
Decode Ereq with K as follows.

Drawout request message for one 5000 yen electronic check + MACA = Freq * (Ereq, KSBN
K) Next, in step S122, the data of ra generated in step S115 out of the decrypted communication text, the requested drawing amount of 5000 yen, the number of sheets to be transferred, and the ID number (IDa) stored when the electronic check ledger was issued Take out M
Verify that the ACA is correct.

This verification is based on MACA '= D (5000
Yen, 1 sheet, ra, IDA, ..., KPA) and 5000 yen electronic check 1 request to send out a message + MACA = Fre
This is done by comparing q * (Ereq, KSBNK). Next, in step S123, the bank 15, which has confirmed that the authenticator MACA is correct, confirms that the account 17 of the service beneficiary 11 has a balance equal to or more than the total amount of money to be dispensed, the amount to be submitted, the name of the submitting bank, and the date and time of submission. A communication message of electronic check consisting of, etc. is generated for the requested number of distribution sheets of the requested number of distribution sheets. In this case, since the number of printed sheets is one, there is only one message.

Next, in step S124, N random numbers rbnk1 to rbnkn are generated for one message. However, the random numbers rbnk1 to rbnkn are all generated so as to have different values. Here, it is assumed that five random numbers are generated for the time being, and the generated random number rb
The magnitude relationship of nk1 to rbnk5 is rbnk1 <rbn
It is assumed that there is a relationship of k2 <rbnk3 <rbnk4 <rbnk5. Then, at least the amount of money to be dispensed, the name of the bank to be dispensed, and the date and time of submission are extracted from the message, and a random number rbnkn is added to these data, and the one-way function H and bank
With the secret key KSBNK of No. 5, N message authenticators MACbnk1 to MACbnkn are obtained as follows.

MACbnk1 = H * (5000 yen, name of bank to be issued, date and time of payment, ..., rbnk5, KSBNK) MACbnk2 = H * (5,000 yen, name of bank to be issued, date and time of payment, ..., rbnk2, KSBNK) ... MACbnk5 = H * (5000 yen, issuing bank name, issuing date and time, ..., rbnk5, KSBNK) Furthermore, in step S125, the random number and the authenticator generated in step S124 are added to the communication message generated in step S123, and the one-way function is added. The Fchr and the public key KPA of the service beneficiary 11 generate the ciphertext Echr as follows. Here, the random number rbnkn and the authenticator MACbn
It is assumed that kn are arranged so that correspondence can be obtained.

Echr = Fchr (5000 yen electronic check issuing permission notice + rbbnk1 + MACbnk1 +
rbnk2 + MAC bnk2 + ... + rbnk5 + MAC
bnk5) Then, in step S126, this Echr is transmitted to the IC card 45 of the service beneficiary 11, and
The amount of money (5000 yen in this case) is deducted from the account 17 of the service beneficiary 11, and is deposited in the account 21 for payment of the own check. Then, step S1
At 27, the IC card 45 decrypts the Echr received from the bank 15 with its own secret key KSA.

Drawout permission notice for electronic check of 5000 yen + rbnk1 + MACbnk1 + rbnk2 + MACb
nk2 + ... + rbnk5 + MACbnk5) = Fchr
* (Echr, KSA) Next, in step S128, the withdrawal amount, the withdrawal bank name, the withdrawal date and time, etc. are extracted from the "5000 yen electronic check issuance permission notice", and the public key KPB of the bank BNK is extracted.
Use NK to verify that the signatures of MACbnk1 to MACbnk5 were indeed made by bank BNK.

MACbnk1 ′ = H (5000 yen, name of bank to be issued, date and time of submission, ..., rbnk1, KPBNK) MACbnk2 ′ = H (5,000 yen, name of bank to be submitted, date and time of submission, ..., rbnk2, KPBNK) ... MACbnk5 ′ = H (5000 yen, issuing bank name, submission date, ..., rbnk5, KPBNK) MACbnk1 ′ to MACbnk obtained by the above
Decoding Echr in 5'and step S127 (Fchr
* (Echr, KSA)) MACb included in the result
If nk1 to MACbnk5 are the same, it is determined that this authenticator has been signed by the bank 15.

Next, in step S129, if the IC card 45 can confirm the "5000 yen electronic check drawing permission notice text" from the bank 15 in step S128, the 5000 yen electronic check drawing permission notice text + r
bnk1 + MAC bnk1 + rbnk2 + MACbnk
2 + ... + rbbnk5 + MACbnk5 is stored in the IC card 45 as an electronic check.

Next, the procedure for payment from the service beneficiary 11 to the service provider 27 by electronic check will be described.

10 and 11 show the service provider 2
7 is a flowchart showing a procedure in the case of paying the price for receiving the provision of the service, the product, etc. from 7 by the electronic check. As a premise of payment by this electronic check, the service beneficiary 11
Similarly to the above, it is assumed that the IC card 47 issued by the bank 15 is possessed by the procedure shown in FIGS. Therefore, like the IC card 45, the IC card 47 has the public key KPBNK of the bank 15 and the service provider 27.
Private key KSB of the service provider 27, public key KPB of the service provider 27,
User ID (IDb) of service provider 27, user I
Bank S's signature S on D (IDb) and public key KPB
b is stored. Further, in this example, it is assumed that the service beneficiary 11 pays with the electronic check charged in step S129 of FIG.

First, in step S131, the service provider 27 bills the service beneficiary 11 for payment of the service or product. next,
In step S132, the service beneficiary 11 determines that the IC
The card 45 is instructed to pay out an electronic check. Then, in step S133, the IC card 45 that has received the electronic check payout instruction confirms the identity of the service beneficiary 11 with the service beneficiary 11. The method of identifying the individual is carried out by a single method or a combination of methods using biological characteristics such as a personal identification number, voice print, and fingerprint. After this personal identification, in step S134, the IC card 45 notifies the service beneficiary 11 of the amount, the number, the total amount, etc. of the electronic checks stored in the IC card 45, and how much is paid. Ask the service beneficiary 11 whether to pay the check.

Next, in step S135, the service beneficiary 11 specifies to the IC card 45 how much to pay out or which electronic check to pay out. Here, it is assumed that the electronic check charged in step S129 is issued. Next, in step S136, the designated IC card 45, if designated by the amount of money, confirms that there is an electronic check with a balance equal to or more than the designated amount, and pays the IC card 47 by the electronic check. Notify you to do so. Next, in step S137, the IC card 45 and the IC card 47 perform mutual authentication to confirm that they are valid communication partners. For example, mutual authentication and public key exchange are performed by the following method. IC card 45 is KSA, IDa, S
a is transmitted to the IC card 47. With the IC card 47,
By verifying the signature Sa with the public key KPBNK of the bank 125, it can be confirmed that the IC card 45 is issued by the bank 15 and that the KSA and IDa are correct. Also, by similarly transmitting KSB, IDb, and Sb from the IC card 47 to the IC card 45, the IC card 45 can verify the validity of the IC card 47 and its public key KPB.

Next, in step S138, the IC card 47 generates N random numbers rb1 to rbn. The number of random numbers generated at this time is determined by step S124 in FIG.
It is assumed that the same number as the number of random numbers generated in step (3) is generated, and that all generated random numbers have different values. In this example, five random numbers rb1 to rb5 are generated, and rb1,
rb2, rb3, rb4, rb5 are arranged in this order, encrypted with the one-way function fr and the public key KPA as follows, and I
Send to C card 45.

Erb = fr (rb1 + rb2 + rb3 +
rb4 + rb5, KPA) In this example, the magnitude relationship of rb1 to rb5 is rb1.
<Rb3 <rb5 <rb2 <rb4.

Next, in step S139, the IC card 45 decrypts the Erb, obtains the one-way function G from rb1 to rb5 and its own IDa, and the authenticator MACa from the secret key KSA as follows. To generate.

Rb1 + rb2 + rb3 + rb4 + rb5
= Fr * (Erb, KSA) MACa = G * (rb1, rb2, rb3, rb4, r
(b5, IDa, ..., KSA) Next, in step S140, the electronic check stored in step S139 is a “drawing permission notification text of electronic check of 5000 yen + rbnk1 + MACbnk1 + rbnk2 +.
“MACbnk2 + ... + rbbnk5 + MACbnk5” is taken out, and rbnk1 + MACbnk1 to rbnk5 + MACbn in the order of magnitude relation of the received random numbers rb1 to rb5.
rearrange k5. In this example, the random number rbnk1
The magnitude relationship of ˜rbnk5 is rbnk1 <rbnk2 <rbnk3 <rbnk4 as shown in step S124.
<Because rbnk5, 5000 yen electronic check issuance permission notice sentence + rbnk1
+ MACbnk1 + rbnk4 + MACbnk4 + rb
nk2 + MACbnk2 + rbnk5 + MACbnk5
Rearrange as + rbbnk3 + MACbnk3.

Since the random number transmitted from the IC card 47 is rb1 <rb3 <rb5 <rb2 <rb4, it is assumed that rb1 = 1, rb2 = 4, rb3 = 2, r.
If b4 = 5 and rb5 = 3, then rbnk1 to rbnk5 received from the bank 15 are rbnk1 <rbnk2 <.
rbnk3 <rbnk4 <rbnk5. Therefore,
This is rbnk1, rbnk4, rbnk2, rbnk
5 and rbnk3 are rearranged in this order.

Next, in step S141, the electronic checks rearranged in step S140 are added to step S13.
The MACa and IDa generated in 9 are added, and the ciphertext Epay is generated as follows using the one-way function Fpay and the public key KPB of the service provider 27.

Epay = Fpay (5000 yen electronic check payout permission notice text + rbnk1 + MACbnk1 +
rbnk4 + MACbnk4 + rbnk2 + MACbn
k2 + rbnk5 + MACbnk5 + rbnk3 + MA
Cbnk3 + MCACa + IDa, KPB) Next, in step S142, the IC card 45
The ciphertext Epay is transmitted to the IC card 47. If it is confirmed that the ciphertext Epay has reached the IC card 47 normally, the IC card 45 sends the electronic check “500
Drawout permission notice of electronic check of 0 yen + rbnk1 + MA
Cbnk1 + rbnk2 + MACbnk2 + ... + rbn
"k5 + MACbnk5" is invalidated.

Next, in step S143, the IC card 47 which has received the ciphertext Epay decrypts the ciphertext Epay with the secret key KSB.

Draw-out permission notice of electronic check of 5000 yen + rbnk1 + MACbnk1 + rbnk4 + MACb
nk4 + rbnk2 + MACbnk2 + rbnk5 + M
ACbnk5 + rbnk3 + MACbnk3 + MCAC
a + IDa = Fpay * (Epay, KSB) After decrypting the ciphertext Epay, in step S144, the IC card 47 signs the public key KPA of the IC card 45 from the random numbers rb1 to rb5, IDa, etc. generated in step S138. The signature of the IC card 45 is confirmed from the one-way function G for

MACa '= G (rb1, rb2, rb
3, rb4, rb5, IDa, ..., KPA) Then, the MACa ′ and the MA obtained in step S143.
It is compared with Ca, and if they are the same, it is recognized that the signature is given by the IC card 45.

Next, in step S145, the random numbers rb1 to rb transmitted to the IC card 45 in step S138.
From the magnitude relationship of b5, the ciphertext Epa is obtained in step S143.
It is confirmed that the arrangement of the magnitude relationships of rbnk1 to rbnk5 obtained when y is decoded is correct. In this example,
The size relation of the transmitted rb1 to rb5 is rb1 <rb3 <.
Since rb5 <rb2 <rb4, rbnk1 to rbnk1
bnk5 is rbnk1, rbnk4, rbnk2, rb
Confirm that they are arranged in the order of nk5 and rbnk3. If the order of the random numbers rbnk1 to rbnk5 is different from the order transmitted to the IC card 45 in step S138, it is not the one transmitted from the IC card 45 legitimately issued by the bank 15 and is illegally used. The service provider 27 is notified that the electronic check has been made, and the subsequent payment procedure is stopped.

Further, in the next step S146, I
The C card 47 takes out the amount of money to be issued, the name of the bank to be issued, the date and time of the issuance, etc. from the “5000 yen electronic check issuance permission notice”, and obtains the public key KPBNK of the bank 15 stored by itself from the name of the issuing bank. . And this public key KPBNK
MACbnk 1-5 signature using Sure Bank 15
Make sure it was done by.

MACbnk1 '= H (5000 yen, bank name, drawing date, ..., rbnk1, KPBNK) MACbnk4' = H (5000 yen, drawing bank name, drawing date, ..., rbnk4, KPBNK) ... MACbnk3 ' = H (5000 yen, issuing bank name, issuing date and time, ..., rbnk3, KPBNK) MACbnk1 ′ to MACbnk obtained by the above
5 ', and decrypts Epay in step S143 (Fpa
MAC included in the result of y * (Epay, KSB))
If bnk1 to MACbnk5 are the same, it is determined that this authenticator has been signed by the bank 15.

Next, in step S147, the bank 1
If the signature of 5 is confirmed, the IC card 47 notifies the service provider 27 of the amount of the electronic check received. And a payment permission notice of 5,000 yen electronic check + rbn
k1 + MACbnk1 + rbnk4 + MACbnk4 +
rbnk2 + MACbnk2 + rbnk5 + MACbn
Store k5 + rbnk3 + MACbnk3 as an electronic check.

Next, the procedure for the service provider 27 to make a payment to the bank 15 using the electronic check will be described.

12 and 13 show the service provider 2
7 is a flowchart showing a procedure for presenting an electronic check of 5000 yen received from the service beneficiary 11 to the bank 15 by 7 and making a payment.

First, in step S151, the service provider 27 makes the IC card 47, which is an electronic check ledger.
Can make a communication with the ATM of the bank 15 that can be used by the bank or a terminal that can use the IC card 47, which is an electronic check ledger, and makes a payment request for the electronic check to the IC card 47.

Next, in step S152, the IC card 47 which has received the electronic check payout instruction confirms the identity of the service provider 27 with the service provider 27.
The method of identifying the individual is carried out by a single method or a combination of methods using biological characteristics such as a personal identification number, voice print, and fingerprint.

After this identification, in step S153, the IC card 47 notifies the service provider 27 of the issuing bank of the electronic check stored in the card, the date of submission, the amount, the number, the total amount, etc. Inquires the service provider 27 which electronic check is to be settled. Next, in step S154, the service provider 27 specifies the electronic check to be settled on the IC card 47. Here, a 5000 yen electronic check issued by a bank 15 issued by a service beneficiary 11 (see FIGS. 10 and 11)
Shall be settled. Next, in step S155, the designated IC card 47 notifies the bank 15 that the electronic check is to be settled.

Then, in step S156, the IC
The card 4 and the bank 15 mutually authenticate each other to confirm that they are valid communication partners. Here, KSB, IDb, and Sb are transmitted from the IC card 47 to the bank 15, as in step S114 of FIG. Further, the bank 15 can perform mutual authentication by signing the public key KPBNK and the received IDb with its own secret key KSBNK and transmitting only the signature information to the IC card 47.

Next, in step S157, the bank 1
5 generates N random numbers rg1 to rgn. The number of random numbers generated at this time is the same as the number of random numbers generated in step S124, and the generated random numbers have different values. In this example, 5
Random numbers rg1 to rg5 are generated, and rg1, rg2, r
g3, rg4, rg5 are arranged in this order, and the one-way function frg
And public key KPB are encrypted as follows, and IC
Send to card 47.

Erg = fr (rb1 + rb2 + rb3 +
rb4 + rb5, KPA) In this example, the magnitude relationship between rg1 and rg5 is rg4.
<Rg1 <rg2 <rg5 <rg3.

Next, in step S158, the IC card 47 decrypts the Erg and receives the received rg1 to rg5.
And the one-way function G from its own IDb etc., the secret key KSB
To generate the authenticator MACb as follows.

Rb1 + rb2 + rb3 + rb4 + rb5
= Fr * (Erb, KSA) MACb = G * (rg1, rg2, rg3, rg4, r
(g5, IDb, ..., KSB) Next, in step S159, the electronic check stored in step S157 is a “drawing permission notification text of electronic check of 5000 yen + rbnk1 + MACbnk1 + rbnk2 +.
“MACbnk2 + ... + rbbnk5 + MACbnk5” is taken out, and rbnk1 + MACbnk1 to rbnk5 + MACbn in the order of magnitude relation of the received random numbers rg1 to rg5.
rearrange k5. In this example, rbnk1-r
The magnitude relationship of bnk5 is rbnk1 <rbnk2 <rbnk3 <rbnk4 as shown in step S124.
<Because it is rbnk5, the payment permission notice of electronic check of 5000 yen + rbnk2
+ MACbnk2 + rbnk3 + MACbnk3 + rb
nk5 + MACbnk5 + rbnk1 + MACbnk1
Rearrange as + rbbnk4 + MACbnk4.

Since the random numbers transmitted from the IC card 47 are rg4 <rg1 <rg2 <rg5 <rg3, it is assumed that rb1 = 2, rb2 = 3, rb3 = 5, r.
If b4 = 1 and rb5 = 4, the random numbers rbnk1 to rbnk5 of the bank 15 received from the service beneficiary 11 are:
rbnk1 <rbnk2 <rbnk3 <rbnk4 <r
It is bnk5. Therefore, rbnk2, rbnk3, r
Rearrange in the order of bnk5, rbnk1, and rbnk4.

Next, in step S160, the electronic checks rearranged in step S159 are added to step S15.
The MACb and IDb generated in 7 are added, and the ciphertext Eacc is generated by the one-way function Facc and the public key KPBNK of the bank 15 stored in the IC card 47.

Eacc = Facc (Drawing permission notice of electronic check of 5000 yen + rbnk2 + MACbnk2 +
rbnk3 + MACbnk3 + rbnk5 + MACbn
k5 + rbnk1 + MACbnk1 + rbnk4 + MA
Cbnk4 + MCACb + IDb, KPBNK) Next, in step S161, the IC card 47
The ciphertext Eacc is transmitted to the bank 15. IC card 47
After confirming that the ciphertext Eacc has reached the bank 15 normally, the electronic check “5000 yen of electronic check issuance permission notice text + rbnk1 + MACbnk1” is sent.
+ Rbnk2 + MAC bnk2 + ... rbnk5 + MAC
bnk5 "is invalidated. Next, in step S162, the bank 15 that has received the ciphertext Eacc has the secret key K.
This ciphertext Eacc is decrypted by SBNK as follows.

Draw-out permission notice of electronic check of 5000 yen + rbnk2 + MACbnk2 + rbnk3 + MACb
nk3 + rbnk5 + MACbnk5 + rbnk1 + M
ACbnk1 + rbnk4 + MACbnk4 + MCAC
b + IDb = Facc * (Eacc, KSBNK) The bank 15 that decrypts the ciphertext Eacc in this way
Is the I of the decoded data in step S163.
The public key KPB of the IC card 47 is searched from Db, and the signature of the IC card 47 is confirmed from the random numbers rg1 to rg5, IDb, etc. generated in step S157 as follows.

MACb '= G (rg1, rg2, rg
3, rg4, rg5, IDb, ..., KPB) This MACb 'and the MAC obtained in step S162
b is compared, and if they are the same, it is determined that the IC card 47 has been signed.

Next, in step S164, the random numbers rg1 to rg transmitted to the IC card 47 in step S157.
From the size relationship of g5, the ciphertext Eacc in step S162
It is confirmed that the arrangement of the magnitude relationships of rbnk1 to rbnk5 obtained when decoding is correct is correct. In this example, the magnitude relationship between the transmitted rg1 to rg5 is rg4 <rg1 <r.
Since g2 <rg5 <rg3, rbnk1 to rb
nk5 is rbnk2, rbnk3, rbnk5, rbn
Confirm that they are arranged in the order of k1 and rbnk4.
If the random numbers rbnk1 to rbnk5 are received in a different order from the order transmitted to the IC card 47 in step S157, the ICs that the bank 15 has legally issued.
The bank 15 stops the subsequent payment procedure as an electronic check that has been illegally used instead of being transmitted from the card 47.

Further, in step S165, the bank 1
5 uses its public key KPBNK to verify the signatures of MACbnk 1-5 as follows, and confirms that it was indeed issued by itself.

MACbnk2 ′ = H (5000 yen, bank name of the drawing, date and time of drawing, ..., rbnk2, KPBNK) MACbnk3 ′ = H (5000 yen, bank name of the drawing, date and time of drawing, ..., rbnk3, KPBNK) ... MACbnk4 ′ = H (5000 yen, bank name issued, date and time of payment, ..., rbnk4, KPBNK) Next, in step S166, if the bank 15 can confirm that the check is a check issued by itself, the bank 15 pays out its own money deposited in step S126. 5,000 yen is transferred from the account 21 for payment of check to the account 35 of the service provider 27, and the IC card 47 is notified of that fact. And
In the next step S167, the IC card 47 notifies the service provider 27 of the notification content from the bank 15.

In the above embodiment, the simplified electronic check system of FIG. 2 is taken as an example for simplifying the description, but the service provider 27 receives the electronic check received from the service beneficiary 11 as shown in FIG. By executing the procedure shown in FIG. 11, it is possible to pay also to another third party (not shown) having an IC card (not shown) issued by the bank 15. In addition, when the service provider 27 has electronic checks of plural kinds of denominations, the electronic check paid by the service beneficiary 11 is processed in step S1.
The service provider 11 can also pay the change to the service beneficiary 27 by executing the procedure shown in 47 to S157 in the reverse direction. In this embodiment, F
For chr, Fpay, and facc, the public key cryptosystem whose safety has been confirmed, such as the RSA cryptosystem, is used, but the key used for encryption is changed at fixed intervals (or transactions). If you do, D
A common key cryptosystem such as ES or FEAL can also be used.

The functions D *, H *, and G * used for signature (functions used for confirming the signature) are disclosed in Japanese Patent Laid-Open No. 60-26378 (digital signature system). Signing can be done in the manner described.

Further, in this embodiment, in order to confirm that the IC cards 45 and 47 are legally issued by the bank 15, the ID and public key of these IC cards are signed by the bank 15 to confirm I confirmed the legitimacy,
It is also possible to confirm that each IC card has secret information common to the system by a zero knowledge proof method or the like.

As described above, in the data of the electronic check issued by the bank 15, as shown in this embodiment, the order of the data is changed at the time of paying to another person, but the data itself is not processed. Therefore, the receiving party can surely confirm the signature of the sender. The recipient can also pay to the third party with the electronic check received.

Further, by using an electronic check with the bank as the sender, the public key for confirming the signature is common to the recipients of the electronic check, so that the key management becomes very easy. Furthermore, if the public key of the bank is stored at the time of issuing the IC card, it is not necessary to make an inquiry to the bank or a third-party credit institution when confirming the signature of the bank.

It should be noted that the above-mentioned contents are only related to one embodiment of the present invention, and it is needless to say that the present invention is not limited to the above contents.

[Brief description of drawings]

FIG. 1 is a block diagram showing a conventional electronic check system.

FIG. 2 is a block diagram showing an electronic check system according to an embodiment of the present invention.

FIG. 3 is an enlarged view showing components of an electronic check system according to one embodiment.

FIG. 4 is an explanatory diagram showing encrypted data transmitted from a bank to an IC card 15 of a service beneficiary.

FIG. 5 is a flowchart showing a procedure for issuing an electronic checkbook necessary for using the system.

FIG. 6 is a flowchart showing a procedure for issuing a request for issuing an electronic check to a bank of a service beneficiary.

FIG. 7 is a flowchart showing a procedure for issuing a request for issuing an electronic check to a bank of a service beneficiary.

FIG. 8 is a block diagram showing a processing procedure for obtaining an authenticator to be added to a message sent to a bank.

FIG. 9 is a block diagram showing a processing procedure for encrypting a communication text to be transmitted to a bank.

FIG. 10 is a flow chart showing a payment procedure by electronic check for a service provider.

FIG. 11 is a flow chart showing a payment procedure by electronic check for a service provider.

FIG. 12 is a flow chart showing a procedure for payment by electronic check between a service provider and a bank.

FIG. 13 is a flow chart showing a procedure for making a payment by electronic check between a service provider and a bank.

[Explanation of symbols]

11 Service beneficiaries 15 banks 17 Service beneficiary bank account 21 Bank 15 withdrawal check payment account 27 Service Provider 35 Service Provider Bank Account 41,43 Terminal 45, 47 IC card

─────────────────────────────────────────────────── ─── Continuation of the front page (56) Reference JP-A-6-162059 (JP, A) JP-A-4-91531 (JP, A) JP-A-6-150082 (JP, A) JP-A-5- 166012 (JP, A) International publication 95/23465 (WO, A1) Electronic commerce The challenge to create a market begins PART2 Ready to realize electronic payment, Nikkei Communication, Nikkei BP, January 1996 1 Sun, No. 213, pp. 78-85 (58) Fields investigated (Int.Cl. ⁷ , DB name) G06F 17/60 G07F 7/08 JISST file (JOIS)

Claims (9)

(57) [Claims] 1. An electronic check system applied to electronic commerce, comprising a computer of a bank for issuing and paying electronic checks, and an IC card possessed by each of a plurality of users who use the electronic checks, The bank computer has a signing unit for including the electronic signature of the bank in the electronic check issued, and a number string adding unit for including a plurality of numbers arranged in a fixed order in the electronic check issued. An IC card of each user, a private key storage means for storing the private key of each user in a state in which it cannot be read out to the outside of the IC card; a public key of each user and the public of the bank. A public key storage means for storing a key, and the payer when receiving an electronic check from the payer device, which is either the bank computer or the IC card of another user. Public key transmitting means for transmitting the public key of each user to the device, check receiving means for receiving the electronic check from the payer device, and the received electronic check using the private key of each user. A check decrypting means for decrypting, a signature verifying means for confirming that the bank signature contained in the decrypted electronic check is correct, using the bank's public key, and the bank signature being correct Is confirmed, the check storage means stores the received electronic check as having been received, and when the electronic check in the check storage means is transmitted to the IC card of the other user, the other user Public key receiving means for receiving the other user's public key from the IC card, and an electronic check in the check storing means are encrypted by the received other user's public key. A stamp encryption means, the electronic check was the encrypted, and checks transmission means for transmitting to the other users of the IC card, the electronic check from the said other users IC card which is the source of the electronic check Is a recipient device that receives
The case, the sender of the electronic check by generating a first random number
In the case of the random number generating means for transmitting to the IC card of the other user and the recipient device for receiving the electronic check, the order of the plurality of numbers included in the received electronic check is The other user who is the sender of the electronic check
Be a numeric order confirmation means according to said first random number and notifies the IC card to make sure that it is correctly changed under certain rules, the electronic check transmitted to the other users of the IC card
That when a payer device, the electronic check in the check storing unit, when transmitting to the bank computer and recipient device is either the IC card of the other user, the recipient device is generated Random number receiving means for receiving the generated second random number from the recipient device, and transmitting the electronic check to the IC card of the other user.
In the case of a payer device according to the present invention, the order changing means for changing the plurality of numbers included in the electronic check in the check storing means under the predetermined rule according to the received second random number, And the IC card of each user receives the electronic check, respectively.
In the case of the recipient device that performs the check, the check storage unit of each of the IC cards confirms that the bank signature is correct, and that the received electronic check is changed in the correct numeric order. The electronic check system stores the received electronic check as having been received. 2. The electronic check system according to claim 1, wherein the IC card of each user further includes a key generation unit that generates a private key and a public key of the user. system. 3. The electronic check system according to claim 2, wherein the bank computer further comprises means for issuing the IC card to a user, and the key generating means of the IC card is used when issued. An electronic check system characterized by generating a private key and a public key of a user and notifying the generated public key of the user to the computer of the bank. 4. The electronic check system according to claim 1, wherein the computer of the bank stores the private key of the bank in a state in which the private key of the bank cannot be read out of the bank, and the bank. Bank public key storage means for storing the public key of the user and the public key of the user, and a draw check encryption means for encrypting the issued electronic check with the public key of the user, and the encrypted electronic check Check the payer device
Wherein the drawer check transmission means for transmitting to one of the IC card of each user, and payment checks receiving means for receiving an electronic check payment interest from the IC card of the a recipient device each user is, the A payment check decryption unit that decrypts the received electronic check for payment using the private key of the bank, and that the bank signature included in the decrypted electronic check for payment is correct. Further comprising: a bank signature verification means for verifying using the public key of, and a payment execution means for executing the payment by the electronic check for payment when the bank signature of the electronic check for payment is confirmed to be correct. An electronic check system characterized by having. 5. The electronic check system according to claim 4, wherein the bank computer causes the IC card of each user to perform the electronic check.
In the case of a payer device transmitting to a computer, when the electronic check to be settled is received from the IC card of each user, the second random number is generated to use each of the uses.
Bank random number generating means for notifying the IC card of the user, and the order of the plurality of numbers included in the electronic check to be settled received from the IC card of each user is constant according to the notified second random number. Bank number sequence confirmation means for confirming that the bank signature has been correctly changed under the rule of, and the settlement execution means of the bank computer has confirmed that the bank signature is correct, An electronic check system, wherein payment of the electronic check of the payment target is executed when it is confirmed that the numerical order of the electronic check of the payment target is correctly changed. 6. An electronic check system applied to electronic commerce, comprising: a bank computer for issuing and paying electronic checks; and an IC card possessed by each of a plurality of users who use the electronic checks, The bank computer has a number string adding means for including a plurality of numbers arranged in a fixed order in the electronic check issued, and the IC card of each user is a source of the electronic check. the user of the IC card of - field is recipient device that receives the electronic check from the de
The case, before receiving the electronic check, a random number generating means for transmitting to the IC card of the other user by generating a first random number, receiving the electronic check from the IC card of the other users And a recipient device for receiving the electronic check, the order of the plurality of numbers included in the received electronic check is another source of the electronic check. Person
It confirmed that the and numbers order confirmation means for confirming that it is properly changed under the predetermined rule according to the first random number and notifies the IC card, numeral order of the electronic check said received are correctly changed Check memory means for storing the received electronic check as having been received, and transmitting the electronic check to the IC card of the other user.
If it is that the payer device, the electronic check in the check storing unit, before sending to the recipient device is either the bank computer and an IC card of the other users, is the recipient device Random number receiving means for receiving the generated second random number from the recipient device, and transmitting the electronic check to the IC card of the other user.
In the case of a payer device according to the present invention, the order changing means for changing the plurality of numbers included in the electronic check in the check storing means under the predetermined rule according to the received second random number, An electronic check system comprising: a check sending unit that sends the electronic check, the numerical order of which has been changed by the order changing unit, to the recipient device. 7. The electronic check system according to claim 6, wherein the bank computer causes the IC card of each user to perform the electronic check.
In the case of a payer device transmitting to a computer, the second random number is generated to receive each of the usages before receiving the electronic check to be settled from the IC card of each user.
Bank random number generating means for notifying the IC card of each user, a payment check receiving means for receiving the electronic check of the payment object from the IC card of each user, and an electronic payment object of the payment received from the IC card of each user Bank number sequence confirmation means for confirming that the order of the plurality of numbers included in the check is correctly changed under a certain rule according to the notified second random number; and the electronic check to be settled. An electronic check system comprising: a payment executing means for executing the payment of the electronic check to be settled when it is confirmed that the numerical order of is properly changed. 8. The electronic check system according to claim 6, wherein each of the plurality of numbers is a random number. 9. An electronic device issued from a bank computer
Checks that are digitally signed by the bank
Each of the multiple users has a
In your IC card,The electronic check has multiple numbers arranged in a certain order.
Included, The IC card of each user is Read out the private key of each user to the outside of the IC card
Secret key storage means for storing in a state where Store the public key of each user and the public key of the bank
Public key storage means, The IC card of the bank computer and other users
When you receive an electronic check from a payer device that is out of sync
The public key of each user to the payer device.
Public key transmission means, Check receipt for receiving the electronic check from the payer device
Communication means, Use the received electronic check with the private key of each user
Check decryption means for decrypting by The bank office included in the decrypted electronic check
Verify that the name is correct using the bank's public key
Book title confirmation means, When the bank signature is verified to be correct, the receipt
Check notes to be remembered as received electronic check
Storage means, Electronic checks in the check storage means of other users
When sending to an IC card, the other user's IC car
Public key receiver that receives the public key of the other user from the
Dan, In addition to receiving the electronic check in the check storage means,
Check encryption method that encrypts with the public key of the user
When, The encrypted electronic check is the IC card of the other user.
Check sending means for sending toThe sender of the electronic check IC card of other users
Receive the electronic check from the cardIf it is a recipient device
When, Generate the first random numberSender of the electronic check
IsRandom number generation to be sent to the other user's IC card
Means andIf the recipient device receives the electronic check ,Previous
Of the numbers included in the electronic check received
The order isThe other user who is the sender of the electronic check
IC cardreportedThe aboveConstant according to the first random number
Numerical order to make sure it is changed correctly under the rules
An order confirmation means,Send the electronic check to the other user's IC card
Is a payer device The charges in the check storage means
Check, the bank computer andThe aboveOther users
If you send it to the recipient device which is one of the
The second random number generated by the recipient device
Random number receiving means for receiving from the worker device,Send the electronic check to the other user's IC card
Is a payer device The charges in the check storage means
The receipt of the plurality of numbers contained in the child check
Order of changing under the certain rule according to the second random number
Means for changing the order, Have IC card of each userReceiving each electronic check
If the recipient device,Each of the above IC cardsof
The check storage means ensures that the bank signature is correct.
In addition to the accepted, the numerical order of the electronic checks received
If it is confirmed that the
Remembering that you have received an electronic check you have received
An IC card for the electronic check system that features.