1
INSURANCE METHOD, INSURANCE
SYSTEM, TRANSACTION MONITORING
METHOD, TRANSACTION MONITORING
SYSTEM, AND PROGRAM
5
FIELD OF THE INVENTION
The present invention relates to an insurance method and insurance system able to compensate for loss or damage resulting from unauthorized activities by a third party or 10 device or communication line problems, for example, interfering with transactions conducted over a network such as the Internet. More particularly, the present invention relates to a technique that is effective for providing a verification method enabling an insurance provider (insurance company) 15 to determine whether communication that caused the loss or damage actually occurred by providing means for monitoring communication data in a user's computer system.
BACKGROUND ART 20
Electronic commerce conducted over a network such as the Internet has become popular as a result of advances in computer and network technologies. As with other common transactions, a contract is established in the electronic com- 25 merce conducted over a network as a result of an offer being made and then accepted. Economic activities such as business transactions are conducted based on this contract system. Communication over a network is performed by exchanging electronic data, and the offer and its acceptance 30 are likewise conducted by exchanging electronic data. More specifically, electronic (digital) messages exchanged over a network are used to express the offer and acceptance on which a transaction is premised.
Invasion of privacy resulting from leaking, stealing, tarn- 35 pering with, or illegally selling personal information about the parties to a transaction is a particular concern for conducting electronic commerce over a network. It is therefore desired that some means for compensating for such invasion of privacy through insurance is provided. The 40 electronic commerce system taught in Japanese Patent LaidOpen Publication 2000-207453 is one example of a system providing such means. This electronic commerce system is structured to use insurance premiums to compensate for a loss incurred as a result of an invasion of privacy in 45 conjunction with an electronic commerce transaction when a party involved in the transaction conducted over an electronic network or a related party has an insurance contract with an insurance company.
Various risks other than losses from the invasion of 50 privacy (personal information) are also present in a networked environment. Examples of such risks include loss or damage resulting from lack of mutual understanding between parties, and loss or damage resulting from computer viruses. 55
Lack of mutual understanding between parties could occur in the following cases. One example is loss of data such as when a message sent by one party does not reach the other party. When messages are exchanged as electronic data, a natural person is unable to make an expression of 60 intention directly, and the expression of intention must first be converted to electronic data which is then sent. In other words, a computer system or other such data processing device is required as a means for expressing intent. When expressing an intention by such means, there is a danger of 65 operating the computer system so that the opposite of the user's true intention is expressed. There are also cases in
2
which a breakdown of the computer system or network prevents the intention being expressed even though an attempt has been made. Due to such reasons, a problem of losses or damages would occur to one or both of parties to the transaction, which might not occur if messages were conveyed correctly.
Also, a wide variety of computer viruses are present on the network, and there is an obvious risk of attacks by such viruses. Losses resulting from interference with transactions by the computer viruses may occur.
The likelihood of losses and damages being incurred, and the value of those losses, will continue to increase as transactions conducted with computers and networks become more sophisticated and complex, and as the number and value of the transactions increase. As such losses occur, the burden of compensating for those losses may become excessive for the parties to the transaction. Such losses and damages could therefore easily become an obstacle to the sound development of commercial transactions conducted over computer networks. There is therefore a growing need for insurance to compensate for such losses and damages.
The electronic commerce system having an insurance function disclosed in the cited Publication could also cope with risks other than the invasion of privacy. However, if risks resulting from interference with the exchange of messages as part of a transaction are to be insured, it is necessary to accurately determine what transactions and communications were actually conducted over the network. More specifically, it is necessary to monitor and record the content of all network communications without fail. The electronic commerce system cited above, however, has no means for monitoring the communicated data. It is also necessary to prevent the recorded transaction content from being tampered with in order to assure the accuracy of the recorded content.
SUMMARY OF THE INVENTION
An object of the present invention is therefore to provide a means for accurately and automatically recording the content of communications (transactions) conducted over a computer network. A further object of the present invention is to provide a means for preventing the recorded transaction content from being tampered with. A yet further object of the present invention is to provide a means for protecting the transaction record from hardware failures.
A yet further object of this invention is to provide an insurance method and system in which the insurance contract content is fairly enforced using the transaction recording means. A further object is to provide an insurance method and system enabling easier evaluation of conditions for paying insurance money.
The present invention is summarized below. That is, an insurance method according to the present invention includes the steps of sending a transaction monitoring program to either a computer system of a user or a computer system determined by mutual agreement with the user, according to an insurance contract with the user; receiving, from the user, a claim for payment of insurance money based on the insurance contract, receiving a transaction record recorded by the transaction monitoring program together with or separately from the claim, analyzing the transaction record, determining whether a transaction causing a loss on the user exists by referring to the results of the analyzing step, and paying the insurance money to the user if the determining step affirms and other conditions for payment of the insurance money are satisfied.
3
This insurance method can easily verify the existence of a communication proving the cause of a loss by referring to a transaction record recording a history of communications over a network. As a result, payment of insurance money can be made quickly. 5
This insurance method may also include the steps of receiving the transaction record at regular or irregular intervals, storing the received transaction record by associating with the user, and performing the analyzing step by referring to the latest transaction record received if a transaction 10 record is not received with the claim. In this case, the transaction record can be received and stored not only at the time of claiming insurance money but also at any other time. Loss of the transaction record due to, for example, a failure of the user's computer system can thus be prevented. 15
Further, the entire content or part of the transaction record may be encrypted so as to be effectively unreadable by any party other than the insurance provider of the insurance contract. This prevents a party other than the insurance provider, such as the user, from tampering with the trans- 20 action record, and thus prevents fraudulent claims for insurance money.
Another insurance method according to the present invention includes the steps of receiving a transaction monitoring program according to an insurance contract with an insur- 25 ance provider, installing the transaction monitoring program on one's own computer system or a computer system determined by mutual agreement with the insurance provider, exchanging data with a transaction party, recording, in a transaction record, a transaction involved in the data 30 exchange by means of the transaction monitoring program, and sending, to a computer system of the insurance provider, either a claim for payment of insurance money based on the insurance contract, or both the claim and the transaction record when a loss has been incurred as a result of the data 35 exchange with the transaction party. With this insurance method, the transaction record is collected automatically by the transaction monitoring program. In addition to the convenience of collecting the transaction record automatically, the transaction monitoring program is also useful to prevent 40 the willful creation of a fraudulent record by the user. Fair insurance claims can thus be systematically assured, and the evidential value of the transaction record can be enhanced.
The transaction record may be sent to a computer system of the insurance provider at regular or irregular intervals 45 irrespective of whether a loss has been incurred. This can cope with unintentional loss of the transaction record due to, for example, a computer system failure.
The entire content or part of the transaction record may be encrypted so as to be effectively unreadable by any party 50 other than the insurance provider. Tampering with the transaction record by the user or any other party can thus be prevented.
A transaction monitoring method according to the present invention is a method for monitoring a transaction of com- 55 munication with any party through a network including the steps of capturing communication data sent or received by one party to the communication, recording, in a transaction record, the communication data together with the identity of the other party, date and time of the communication, and 60 other attribute data, encrypting the entire content or part of the transaction record so as to be effectively unreadable by at least the one party, and sending the encrypted transaction record at regular or irregular intervals to a computer system of a third party that can decrypt the encrypted transaction 65 record. This transaction monitoring method prevents a user originating a transaction from tampering with the transaction
4
record, and thus improves the fairness and evidential value of the transaction record monitored.
This transaction monitoring method may further include the steps of generating a hash value for the communication data and attribute data; encrypting the hash value using a public key corresponding to a private key held by the third party, and recording the communication data, attribute data, and encrypted hash value to the transaction record. This method generates a hash value representative of the actual transaction record content and encrypts the hash value, thereby enabling tampering to be detected without actually encrypting all of the actual content of the transaction record. Anyone can reference the content of the transaction record in this case because the actual transaction record content is not encrypted, but if the content is then changed the hash value generated from the content will differ from the encrypted hash value. Tampering can thus be detected by comparing the decrypted hash value with the hash value generated from the current content.
The present invention can also be understood as a system invention or a program invention in addition to the method invention described above.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 shows an insurance system and insurance method according to a preferred embodiment of the present invention;
FIG. 2 is a block diagram showing the functions of an exemplary transaction monitoring program 5;
FIG. 3 is a flow chart of an insurance method according to a preferred embodiment of the present invention;
FIG. 4 is a flow chart of the transaction data monitoring process of the transaction monitoring program 5; and
FIG. 5 shows the concept of an insurance system and insurance method according to another preferred embodiment of the invention.
PREFERRED EMBODIMENTS OF THE
INVENTION
The preferred embodiments of the present invention will next be described. It is noted that the invention can be implemented in many different ways, and the invention should not be interpreted as being limited to the specific contents of the following embodiments. In the following, like reference numerals are used for like elements, respectively.
The preferred embodiments described below refer primarily to a method or system, but it will be obvious to one with ordinary skill in the related art that the present invention can also be implemented as a computer-executable program. The invention can therefore be implemented by hardware, software, or a combination of hardware and software. The program can be recorded in any computer-readable medium such as CD-ROM, hard disk drive, optical storage, or other magnetic storage.
A general computer system may be used in the following embodiments as a data processing system needed to implement the invention. The computer system that can be used in the embodiments has a central processing unit (CPU), main memory (RAM), nonvolatile memory (ROM), coprocessor, graphics accelerator, cache memory, input/output (I/O) controller, and other hardware resources such as found in a typical computer system. The computer system may also have a hard disk drive or other external storage device, and a communication means for connecting to the Internet or
|
