1. Field of the Invention
The present invention relates generally to a transaction number management method in Internet commodity sale transactions, and more particularly, to security protection of transaction numbers.
2. Description of the Related Arts
Internet commodity sales are in a rapid spread. A user connects a terminal to Internet via a communication line, and displays a commodity sale site provided by a server managed by a commodity sale enterprise on a screen of the terminal.
The user operates the terminal, and selects a commodity which the user desires from a plurality of commodities displayed in the commodity sale site. The selected commodity data are noticed to the server, which temporally stores the data in a predetermined file until a purchase of the commodity is determined. Namely, the selected commodity data are temporally stored in the file of the server, and the condition is compared to a condition that the selected commodity is entered into a cart in contrast to a shopping at a conventional store. Therefore, this predetermined file is called a cart file.
In order to discriminate each cart, the server provides a transaction number (cart ID) to the cart file. Namely, the transaction number (cart ID) is provided to a single shopping transaction with the user. When the server receives commodity data selected first in a certain shopping of the user, it issues a new cart ID, and stores the commodity data selected in the cart file in response to the cart ID.
The issued cart ID is sent to the terminal, and is stored in the terminal by predetermined means. For example, the cart ID is stored in a memory unit (hard disk unit) of the terminal as a cookie. Alternatively, the cart ID is displayed on a terminal screen as a URL of a commodity sale site. Alternatively, the cart ID is written into a HTML document of the commodity sale site sent from the server. In this case, the HTML document may be constituted so as not to display the cart ID on the screen, but the cart ID written into the HTML document is held in the terminal.
When the user selects a next commodity, the commodity data are noticed to the server along with the cart ID. The server stores the commodity data in the cart file corresponding to the cart ID. In this manner, even in the case where the commodities are selected a plurality of times before confirming the purchase in a single shopping by the user, a plurality of the commodity data can be stored in the same cart file.
Meantime, in many cases, a conventional cart ID was constituted by, for example, date information such as an issue date, time, or the like and a receipt number of the cart ID. The receipt number is a serial number indicating a number of the cart ID issued in the order of transaction receipts on the date. For example, in the case where the 185-th cart ID on the date is issued at 9:26 p.m. on Feb. 28, 2000, the cart ID is “0002282126185.” In this manner, it is possible to manage the cart ID in a uni-sense by utilizing the serial number for the cart ID, thereby facilitating the management of the cart ID.
However, the management of the cart ID by the receipt number causes a drawback in security. For example, in the case where such the cart ID is displayed as the URL at the terminal of the user, the user can readily know another person's cart ID. Accordingly, by inputting a digit code assumed as the another person's cart ID as the URL, there is a possibility that a shopping data connected with the another person's cart ID is acquired from the server, so that the user can see it. Furthermore, the user can alter another person's order, too.
In order to solve such drawbacks, it is considered that the cart ID is not displayed. Specifically, as described above, the cart ID is written into a memory unit of the terminal as a cookie, or is non-openly incorporated into the HTML document, so that the cart ID can be non-disclosed.
However, the non-disclosure of the cart ID causes the following inconveniences. Namely, in general, Internet sales enterprise has a support system which receives a user's questions by a telephone call. In the case where the user telephones in the transaction during a commodity selection, as the user cannot tell the own cart ID, the enterprise cannot judge which transaction the user is talking about, so the user can't get a smart and sufficient support.
Furthermore, in order to solve the aforesaid drawbacks, it is considered that the cart ID is encoded and the encoded ID is disclosed to the user. Namely, the cart ID containing information of a date, a time, and a receipt number is encoded by a password algorithm to form a random code, so that a sense included in the cart ID is not clarified to the user. Thus, it becomes difficult to analogize the other existent cart IDs.
However, encoding of the cart ID causes the below inconveniences. Namely, the encoding of the cart ID gives a large load on the server. Specifically, in the case where the cart ID is encoded, it is necessary to encode in the server and also decode, and for this reason, a surplus time has to be taken.
Furthermore, in the case where the user puts a question to the enterprise having the aforesaid support system by a telephone call, the user tells the disclosed encoded ID. Accordingly, unless the enterprise decodes it once and acquires the cart ID, the enterprise cannot grasp transaction information of the user corresponding to the cart ID. Therefore, the enterprise cannot correspond promptly to the user. In this manner, when the cart ID itself containing the serial number is not disclosed, the inconveniences are given to the user. It is thus undesirable.