JP2022114535A - Person confirmation system and person confirmation method and information processing terminal and program - Google Patents

Abstract

To provide a method for person confirmation, an information processing terminal, and a program that are phishing-resistant and immediately available for everyone.SOLUTION: A person confirmation system 1 comprises an ATM10, a transaction server 30, and a portable terminal 40 that a user has. The ATM10 comprises a personal identification number acquisition part that accept an input of a personal identification number set to information media that the user presents, an authentication result acquisition part that requests an administrative server 20 of authentication of the personal identification number to obtain a result of the authentication, a code issuance request part that request an issuance of a code for authentication to enable a transaction to a transaction server when the authentication of the personal identification number was successful, and a code display part that displays the code information acquired from the transaction server on a display. The portable terminal 40 transmits the code information read by itself and information for identifying the portable terminal 40 to the transaction server 30, the transaction server 30 executes a process enabling the transaction based on the information received from the portable terminal 40.SELECTED DRAWING: Figure 1

Description

The present invention relates to an identity verification system, an identity verification method, an information processing terminal, and a program.

In recent years, many people use electronic payment services using smartphone applications. In order to use such services, it is necessary to register bank account information and credit card information, so personal identification is essential to prevent unauthorized use (for example, Patent Document 1).

As a method of identity verification, there is a method of entering a random number table provided by a financial institution, a method of entering an authentication number obtained from a hardware token, a method of using a dedicated application for smartphone authentication, a method of using a short message service or a phone call. It is common to obtain a number for authentication by, for example,

JP 2020-113015 A

However, conventionally used personal identification methods have problems such as the need to acquire authentication tools and high vulnerability to phishing.

SUMMARY OF THE INVENTION The present invention has been made in view of the circumstances described above, and an object of the present invention is to provide an identity verification method that is resistant to phishing and that can be readily used by anyone.

A personal identification system according to the present invention comprises an information processing terminal, a transaction server, and a portable terminal possessed by a user. an authentication result acquisition unit for requesting an inquiry system to authenticate the PIN and acquiring an authentication result; and a code display unit for displaying code information acquired from the transaction server on a display device, wherein the mobile terminal reads the Code information and information identifying the mobile terminal are transmitted to the transaction server, and the transaction server executes processing for validating the transaction based on the information received from the mobile terminal.

A personal identification method according to the present invention includes a step in which an information processing terminal receives an input of a personal identification number set in an information medium presented by a user; obtaining a result of the authentication; requesting the transaction server to issue an authentication code for validating the transaction when the information processing terminal successfully authenticates the personal identification number; displaying the code information acquired from the transaction server by the information processing terminal on a display device; reading the code information with the mobile terminal of the user; and transmitting the code information from the mobile terminal to the transaction server. , transmitting information identifying the mobile terminal; and performing, by the transaction server, a process of validating the transaction based on the information obtained from the mobile terminal.

An information processing terminal according to the present invention includes a personal identification number acquisition unit that receives an input of a personal identification number set on an information medium presented by a user, and a request for authentication of the personal identification number to an inquiry system, and obtains the result of the authentication. an authentication result acquisition unit, a code issuance request unit that requests the transaction server to issue an authentication code for validating the transaction when the authentication of the personal identification number is successful, and a code information acquired from the transaction server. and a code display section for displaying on a display device.

A program according to the present invention comprises a computer, a personal identification number acquisition unit that accepts input of a personal identification number set in an information medium presented by a user, a request for authentication of the personal identification number to a query system, and acquisition of the authentication result. a code issuance requesting unit for requesting the transaction server to issue an authentication code for validating the transaction when the authentication of the personal identification number is successful; and code information acquired from the transaction server. is displayed on the display device.

According to the present invention, it is possible to provide an identity verification method that is resistant to phishing and that anyone can readily use.

1 is a block diagram showing the configuration of a personal identification system 1 according to one embodiment of the present invention; FIG. The figure which shows the external appearance of ATM10 which concerns on one Embodiment of this invention. The block diagram which shows the functional structure of ATM10 which concerns on one Embodiment of this invention. FIG. 4 is a sequence diagram of identity verification processing according to an embodiment of the present invention; The figure which shows the example of a screen transition at the time of performing an identity verification with ATM10 which concerns on one Embodiment of this invention.

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. The same reference numerals are given to the same elements, and overlapping explanations are omitted.

Embodiment FIG. 1 is a block diagram showing the configuration of a personal identification system 1 according to an embodiment of the present invention. As shown in FIG. 1, the personal identification system 1 includes an ATM (information processing terminal) 10 installed in a financial institution, a commercial facility, etc., a management server (inquiry system) 20 of the financial institution, etc., a smartphone dedicated application or a web It includes a transaction server 30 of a company or the like that provides settlement services through the site, and a mobile terminal 40 of the user. The ATM 10 and the management server 20 are connected via a dedicated line or a communication line for online settlement such as CAFIS (Credit And Finance Information Switching system). The ATM 10 and transaction server 30 are connected via a communication line such as the Internet or a dedicated line.

FIG. 2 is a diagram showing the appearance of the ATM 10. As shown in FIG. The ATM 10 includes a main display unit (display device) 101, a card reading unit 102 for accepting a magnetic card such as a cash card, a banknote depositing/dispensing unit 103 for depositing/withdrawing banknotes, an operation unit 104 operated by a user, a bar code or a two-dimensional code. A code reading unit 105 for reading codes such as the like, an optical reading unit 106, a stand 107, a sub-display unit 108, a non-contact IC communication unit 109, and a camera 110 are provided.

The main display unit 101 has, for example, display means such as a liquid crystal display, and input means such as a touch panel for receiving input from the user. A screen and input keys for guiding user operations are displayed on the display means, and the user can input information corresponding to the input keys by pressing the input keys on the touch panel. Note that the user can input similar information by operating the input means of the operation unit 104 instead of the input means displayed on the main display unit 101 .

The optical reading unit 106 is, for example, an image scanner, and can read, as an image, a photograph or characters attached to the face of an IC card or the like placed on the table 107 . The table 107 has a surface that is substantially horizontal with respect to the ground, and the optical reading unit 106 can obtain an image of constant quality without being affected by camera shake or the like.

The sub-display unit 108 has display means such as a liquid crystal display, and is installed on the surface of the stand 107 . The sub-display section 108 may have only display means, or may have input means in addition to the display means, like the main display section 101 . For example, the sub-display unit 108 may display a screen that guides the position where an IC card or the like read by the optical reading unit 106 is placed. As a result, even a user who is unfamiliar with the operation of the ATM 10 can smoothly operate the ATM 10 without hesitation.

The non-contact IC communication unit 109 is, for example, a non-contact IC reader/writer, and is installed inside the table 107 . The non-contact IC communication unit 109 performs non-contact communication with a non-contact IC chip mounted on an IC card or the like, and can read and write information stored in the non-contact IC chip. The contactless IC communication unit 109 can communicate with the contactless IC chip by placing an IC card or the like on the table 107 .

Camera 110 is a camera device capable of capturing moving images or still images. The camera 110 is installed so that the face image of the user who operates ATM10 can be image|photographed. Although one camera 110 is illustrated in FIG. 2, a plurality of cameras 110 may be mounted. By photographing face images with a plurality of cameras 110, it is possible to improve the matching accuracy of face images and prevent unauthorized use. In addition, the structure of ATM10 is not restricted to what was shown in FIG.

FIG. 3 is a block diagram showing the functional configuration of the ATM 10 according to one embodiment of the invention. The ATM 10 has a control device 11 and a storage device 12 inside the housing. The control device 11 includes, as hardware, a CPU, memories such as ROM and RAM, an input interface, an output interface, a communication interface, and a bus connecting these. The control device 11 implements various functions by executing programs stored in a ROM or the like by the CPU. The functional modules implemented by the control device 11 include a personal identification number acquisition unit 1101, an authentication result acquisition unit 1102, a code issuance request unit 1103, and a code display unit 1104, as shown in FIG.

The management server 20 is a server of a core system that manages transactions of a financial institution or the like connected to the ATM 10 via a dedicated line or the like. , and execute the processing according to the content of the request. Specifically, after authentication is performed using a cash card (information medium), processing is executed according to the content of the request, such as withdrawing or depositing cash and checking the balance.

The transaction server 30 is a server of a service provider or the like connected to the ATM 10 via a communication line. In this embodiment, the transaction server 30 provides a payment service via a dedicated application installed on the mobile terminal 40 of the user. The transaction server 30 has a control device 31 and a storage device 32 . The control device 31 includes, as hardware, a CPU, memories such as ROM and RAM, an input interface, an output interface, a communication interface, and a bus connecting these. The control device 31 implements various functions by the CPU executing programs stored in the ROM or the like. The storage device 32 is equipped with a customer management database, and contains user IDs and passwords registered on dedicated applications and websites, terminal identification information, initial registration information (name, address, date of birth, etc.), and account information. (branch number, account number), etc.

The mobile terminal 40 is a terminal owned by a user, such as a smart phone, a tablet terminal, a personal computer (PC), a notebook PC, a wearable device, or a personal digital assistant (PDA). The mobile terminal 40 includes a processor, an input device such as a touch panel, operation buttons, a keyboard, and a mouse, a display device such as a liquid crystal display, a communication interface, and a storage device such as a disk drive or semiconductor memory (ROM, RAM, etc.). I have it. The storage device stores a computer program executed by the processor and a dedicated application for performing payment processing in cooperation with the transaction server 30 . It is also possible to use the settlement service provided by the transaction server 30 via a dedicated website without using a dedicated application.

Next, the flow of identity verification processing for a user who operates the ATM 10 according to this embodiment will be described with reference to the sequence diagram of FIG. 4 and the screen transition diagram of FIG. In the present embodiment, an initial authentication process (a process of validating a transaction) performed by a user to use a payment service using a dedicated application installed on the mobile terminal 40 will be described as an example. In addition, it is also possible to use the payment service and perform initial authentication via a dedicated website without going through the dedicated app.

The user operates the mobile terminal 40 in advance, downloads the dedicated application, registers initial registration information (name, address, date of birth, etc.), and obtains a login ID and password. Further, the transaction server 30 is requested to issue an authentication code for initial authentication via the dedicated application (step S101). When requesting the issuance of an authentication code, the account information (branch number, account number) used for settlement may be entered. You may make it acquire from a cash card. The authentication code issuance request is transmitted to the transaction server 30 . The transaction server 30 registers and manages IDs, passwords, terminal identification information, initial registration information, whether or not an authentication code issuance request has been received, account information (branch number, account number), etc. in the customer management database.

The user, carrying the portable terminal 40, goes to the facility where the ATM 10 is installed, and inserts the cash card (information medium) of the account used for settlement into the card reader 102 of the ATM 10 (step S102).

A transaction selection screen as shown in FIG. 5A is displayed on the main display unit 101 of the ATM 10 . The transaction selection screen displays buttons for selecting a desired transaction, as shown in FIG. 5(A). The user selects "issue code" at the bottom right of the screen. When "issue code" is selected, a personal identification number input screen is displayed as shown in FIG. 5B, and the user inputs a personal identification number (step S103). Alternatively, the cash card may be inserted after selecting the transaction function (selecting "issue code") on the initial screen of the ATM 10. FIG.

When the password is entered, the account information (store number, account number) read from the cash card and the password are sent to the management server 20 (step S104). At this time, the ATM 10 may send to the management server 20 the same electronic message as when requesting balance inquiry. As a result, it is possible to execute personal identification processing by using the message for existing balance inquiry processing.

Authentication processing is performed in the management server 20, and when a response indicating that the authentication is successful is returned from the management server 20 to the ATM 10, the main display unit 101 of the ATM 10 displays a code as shown in FIG. A type selection screen is displayed (step S105). If the authentication fails, a message or the like notifying that the transaction cannot be made is displayed.

As shown in FIG. 5C, the code type selection screen displays buttons for selecting the type of code to be issued. When the user selects a desired code type (for example, for smartphone application setting), a guide screen as shown in FIG. 5(D) is displayed (step S106). On the guidance screen, notes and the like corresponding to the selected code type and the like are displayed. Specifically, it is displayed that it is necessary to request the issuance of an authentication code in the app in advance. If there is only one code that can be selected, the guidance screen may be directly displayed without displaying the code type selection screen.

When the user operates the confirmation button on the guidance screen, the ATM 10 transmits to the transaction server 30 a message requesting the issuance of the selected type of authentication code (step S107). The message includes account information (branch number, account information) and location information of the ATM 10 . The location information can be latitude and longitude information of the place where the ATM 10 is installed, the address of the facility where the ATM 10 is installed, or the like. Alternatively, the ATM 10 may acquire an encryption key from the transaction server 30 and encrypt the message using the acquired encryption key prior to transmission of the message from the ATM 10 to the transaction server 30 .

Transaction server 30 issues a specified type of authentication code (two-dimensional code or the like) based on the received message and transmits it to ATM 10 (step S108). The received account information and location information are stored in association with the issued authentication code.

The ATM 10 displays the received authentication code on the main display section 101, as shown in FIG. 5(E) (step S109). In addition, a message prompting the portable terminal 40 to read the two-dimensional code is also displayed. In addition, a message prompting the user to operate the confirmation button at the bottom right is also displayed when the initial authentication request procedure is completed.

The user activates the dedicated application on the mobile terminal 40 and reads the two-dimensional code via the dedicated application (step S110). When the two-dimensional code is read via the dedicated application, an initial authentication request is transmitted from the mobile terminal 40 to the transaction server 30 (step S111). For the initial authentication request, terminal information (login ID, terminal identification information, etc.), authentication code (information on read two-dimensional code), account information (shop number, account information), location information of mobile terminal 40 (obtained from GPS latitude and longitude information, etc.). Note that if the account information is not entered when the issuance of the authentication code is requested in step S101, the account information may not be included.

Upon receiving the initial authentication request, transaction server 30 refers to the customer management database based on the terminal information to confirm whether or not the initial authentication request has been received. When the initial authentication request has been received, the received authentication code and the issued authentication code are compared. Furthermore, when the account information is received in step S111, it is compared with the account information received in step S107. Further, the location information of the mobile terminal 40 received in step S111 and the location information of the ATM 10 received in step S107 are compared to determine whether or not the mobile terminal 40 and the ATM 10 are within a certain distance range. When the location information of the ATM 10 is the address of the facility, the map data may be converted into latitude and longitude information.

The transaction server 30 has already received the initial authentication request, successfully matches the authentication code with the account information (arbitrary), and judges that the mobile terminal 40 and the ATM 10 are within a certain distance (for example, 2 meters). If so (step S112: YES), a notification to the effect that the initial authentication has been completed is transmitted to the portable terminal 40 (step S113). As a result, users will be able to use payment services through dedicated apps. If verification of the authentication code fails, or if it is determined that the portable terminal 40 and the ATM 10 are not within a certain distance (step S112: NO), a message indicating that the initial authentication has failed is displayed. It transmits (step S114).

If an initial authentication request is received from the mobile terminal 40 after a certain period of time (for example, 30 seconds or longer) has elapsed since the transaction server 30 issued the two-dimensional code, the initial authentication request should not be issued. can be By limiting the time required for the procedure in this way, for example, it is possible to take an image of the two-dimensional code with a camera and send it to another person. can be prevented.

As described above, according to the present embodiment, in order to perform the initial authentication for using the payment service application, the user performs inquiry processing at the ATM 10 using the cash card and password, and if the inquiry is successful, , the transaction server 30 issues a two-dimensional code for initial authentication of the application and displays it on the screen of the ATM 10. - 特許庁Furthermore, when the user reads the two-dimensional code with the mobile terminal 40 on which the application is installed, an initial authentication request is sent to the transaction server 30 together with information on the read two-dimensional code. Allowed the process to complete. According to this method, there is no fear that the account number and password will be stolen by phishing on a fake site, and anyone can easily confirm the person's identity by going to a store with an ATM 10 or the like.

Also, when collating the two-dimensional code, the initial authentication is completed only when it is determined that the portable terminal 40 of the user and the ATM 10 are within a certain distance range. This makes it possible to send an image of a two-dimensional code taken with a camera to another person in a remote location, and the other person who receives the image of the two-dimensional code may perform an unauthorized procedure such as an initial authentication request, or a legitimate user may It is possible to prevent impersonation and use of payment service applications.

Also, when verifying the two-dimensional code, if an initial authentication request is received from the mobile terminal 40 of the user after a certain period of time has passed since the two-dimensional code was issued, the initial authentication is not performed. did. As a result, the two-dimensional code can be photographed with a camera and sent to others, and the other person who receives the image of the two-dimensional code can perform fraudulent procedures such as initial authentication requests, or impersonate a legitimate user and use the payment service application. You can prevent it from being used.

In the present embodiment, personal identification is performed using a cash card of an account at a financial institution or the like, but the medium for personal identification is not limited to a cash card, and a credit card or the like may be used. In addition, the identity verification method according to the present invention is not limited to the initial authentication of the application (processing to validate the transaction) as in the above embodiment, but also requires identity verification such as changing registered information (address, contact information, etc.). It can be used for any procedure.

It should be noted that the present invention is not limited to the embodiments described above, and can be implemented in various other forms without departing from the gist of the present invention. Therefore, the above-described embodiment is merely an example in all respects, and should not be construed as limiting. For example, the processing steps described above can be arbitrarily changed in order or executed in parallel as long as there is no contradiction in the processing contents.

1... Identity verification system 10... ATM
11... Control device 12... Storage device 20... Management server 30... Transaction server 31... Control device 32... Storage device 40... Portable terminal 101... Main display unit 102... Card reading unit 103... Bill deposit/withdrawal unit 104... Operation unit 105... Code reading unit 106 Optical reading unit 107 Stand 108 Sub-display unit 109 Non-contact IC communication unit 110 Camera 1101 Password acquisition unit 1102 Authentication result acquisition unit 1103 Code issuance request unit 1104 Code display unit

Claims (6)

an information processing terminal;
a trading server;
Equipped with a mobile terminal owned by the user,
The information processing terminal is
a personal identification number acquisition unit that accepts input of a personal identification number set on the information medium presented by the user;
an authentication result acquisition unit that requests authentication of the personal identification number to the inquiry system and acquires an authentication result;
a code issuance requesting unit for requesting the transaction server to issue an authentication code for validating a transaction when the authentication of the personal identification number is successful;
a code display unit that displays code information acquired from the transaction server on a display device;
the mobile terminal transmits the read code information and information identifying the mobile terminal to the transaction server;
The transaction server is an identity verification system that executes processing for validating the transaction based on information received from the mobile terminal. The transaction server is
The position information of the information processing terminal and the position information of the mobile terminal are obtained, and when the code information is received from the mobile terminal, the distance between the position of the information processing terminal and the position of the mobile terminal is within a certain value. 2. The personal identification system according to claim 1, wherein, when , a process of validating the transaction is executed. The transaction server is
3. The process of validating the transaction is not executed when the code information read from the portable terminal is received after a certain period of time or more has elapsed since the authentication code was issued. identity verification system. a step in which an information processing terminal receives an input of a personal identification number set in an information medium presented by a user;
a step of the information processing terminal requesting a query system to authenticate the personal identification number and obtaining a result of the authentication;
a step in which the information processing terminal requests the transaction server to issue an authentication code for validating the transaction when the authentication of the personal identification number is successful;
a step in which the information processing terminal displays code information acquired from the transaction server on a display device;
reading the code information with the user's mobile terminal;
transmitting the code information and information identifying the mobile terminal from the mobile terminal to the transaction server;
A personal identification method comprising the step of: said transaction server executing a process of validating said transaction based on information obtained from said mobile terminal. a personal identification number acquisition unit that accepts input of a personal identification number set on an information medium presented by a user;
an authentication result acquisition unit that requests authentication of the personal identification number to the inquiry system and acquires an authentication result;
a code issuance requesting unit that requests the transaction server to issue an authentication code for validating the transaction when the authentication of the personal identification number is successful;
an information processing terminal comprising: a code display section for displaying code information acquired from the transaction server on a display device. the computer,
a personal identification number acquisition unit that accepts input of a personal identification number set on an information medium presented by a user;
an authentication result acquisition unit that requests authentication of the personal identification number to the inquiry system and acquires an authentication result;
a code issuance requesting unit that requests the transaction server to issue an authentication code for validating the transaction when the authentication of the personal identification number is successful;
A program that functions as a code display unit that displays code information acquired from the transaction server on a display device.

Images