JP2000242749A - Id managing method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make automatically detectable an ID having a possibility of illegal by allowing an ID management system to not only detect a preliminarily assumed illegality by collecting, filing and analyzing use data of a daily card but also to evaluate the fluctuation quantity of the use situation for every ID by analyzing a use history in a fixed period for every card. SOLUTION: An ID management center 1030 controlling the whole ID management system collects used data of all daily cards, analyzes all of the collected used data and finds the use of preliminarily assumed illegal cards. It also detects an ID having an illegal possibility by analyzing the use history of each card even when a card is illegally used by a means outside assumption.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method for checking the ID of various cards using a storage medium such as an IC card, and particularly to a wide area such as a member card, a credit card, or a regular ticket for transportation. ID management system that checks the validity of cards, eliminates invalid cards, and detects unauthorized use of cards when a user uses each card-using device placed in a safe area, and an ID management system that realizes the ID management method. It is about.

[0002]

2. Description of the Related Art A conventional ID management system is mainly designed to invalidate a card of a corresponding ID when a card is stolen or lost, thereby preventing unauthorized use of the card.
In addition, the ID management system detects a card illegal use method assumed in advance, and invalidates the card in order to prevent unauthorized use from the next time.

[0003]

Generally, fraud is caused and spreads by penetrating a loophole of fraud check by the ID management system, and when an unexpected fraudulent method of the ID management system is discovered by anyone. Has a problem that the ID management system cannot cope with it and accepts fraud.

[0004] The problem to be solved by the present invention is that the ID management system collects, organizes, and analyzes daily card use data to detect fraudulently assumed in advance, as well as unexpectedly. Regarding fraudulent IDs, by analyzing the usage history for a certain period for each card ID and evaluating the amount of change in the usage status for each ID, an ID that may be fraudulent is automatically detected. It is in. In addition, the operator can determine the details of the use status of the ID that is likely to be fraudulent, thereby enabling early detection of a fraudulent method that has not been assumed so far, and prevention of new fraud. An object of the present invention is to make it possible to flexibly cope with a new security threat caused by a blind spot of a system by flexibly coping with the system security level.

[0005]

Means for Solving the Problems An ID management center that controls the entire ID management system collects daily usage data of all cards, analyzes all the collected usage data,
Discover the use of unauthorized cards that are assumed in advance.

[0006] Further, even when a card is illegally used by unexpected means, an ID that may be illegal is detected by analyzing the use history of each card.

[0007] Further, the use status of a card that may be fraudulent is presented to the operator, an unexpected fraudulent method is discovered by the operator's judgment, and the fraud detection logic of the system is changed to automatically detect a new fraudulent method. Can be detected.

[0008]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Referring to FIGS. 1 to 15, an embodiment of the present invention, an I with a prepaid fare (stored fair: hereinafter referred to as SF = Stored Fare) function, will be described.
The contents of the invention will be described in detail by taking an ID management system of a C card commuter pass as an example.

FIG. 1 is an overall configuration diagram of the ID management system. The ID management system is a station equipment 1 such as a periodic issuing machine, an accumulator, an automatic ticket gate, an automatic payment machine, etc. installed at each station.
010, a communication network 1020, and an ID management center 1030. The usage status of the IC card commuter pass in station equipment at each station (1 to n) is monitored to prevent unauthorized use of the commuter pass, and to maintain each device. And various functions such as profit management.

The ID management center comprises an ID management center server 1031 and a monitoring / control terminal 1034 for monitoring and controlling the operation of the server.

The input to the ID management center server 1031 is the usage history 1032 of all the cards, such as daily ticket gate data and SF accumulation data, and the output corresponds to loss, theft, unauthorized use, etc. of the commuter pass. ID list of invalid card that invalidates card use (hereinafter referred to as negative list) 1
033.

The ID management center server collects the usage histories of all the cards inputted in real time or by batch processing every day, and analyzes the data, thereby finding a previously assumed illegal pattern. in this case,
The ID management center server registers and manages the negative list and distributes the update information of the negative list to each station service device. On the other hand, with regard to unexpected fraud, the possibility of fraud is detected by inference, and the detected fraud is displayed on the monitoring / control monitor, and the operator determines whether there is fraud. Thereby, when a new fraudulent means is found, it is possible to quickly respond to the new fraud by adjusting the assumed fraud detection logic.

FIG. 2 is a configuration diagram of station equipment. The station service device 2010 is connected to the ID management center 2020 and the communication network 203.
0. Station service equipment is installed for each station, and station service equipment at each station is a regular issue machine.
12, accumulator 2013, automatic ticket gate 2014, automatic payment machine 2015, and ID management station server 201 for managing them
1 The ID management station server manages a negative list registered in each station service device, collects usage information of an IC card commuter pass that has accessed each station service device, and transmits the information to the ID management center.

FIG. 3 is a schematic diagram of a ticket issuing machine, a multiplying machine, and a payment machine. The display 3010 provides various operation guidance to the user, and the card input unit 3030 provides an IC
Enter your card commuter pass or membership card with credit function. In addition, cash is inserted from the cash insertion slot 3040.
The operation button 3020 is operated according to the service used by the user. At the IC card commuter pass / discharge port 3060, when a new commuter pass is issued, a new commuter pass is discharged, and when change occurs, change is discharged. The device 3050 in the device is a small computer that authenticates the validity of the input card. When the user inputs an IC card commuter pass or a membership card to the card input unit, the validity of the card is checked. Whether the card ID is checked against the stationery equipment or the negative list stored in the station server is checked. At this time, if the same ID as the card ID being used is registered in the negative list, this card is determined to be an invalid card, and all functions are stopped.

FIG. 4 shows card storage information of an IC card commuter pass with an SF function. The card storage information 4000 of the IC card commuter pass includes personal information, commuter pass information, SF ticket information,
It consists of card issuance information.

The personal information includes a user ID 4010,
User name 4020, address 4030, telephone number 404
0, data such as date of birth 4050, etc. are stored.

The commuter pass information includes a regular use section 40.
60, regular use start date 4070, regular expiration date 40
80, student discount, type of commuter pass 4090 such as adult, child, etc., ticket collection station 4100 for recording the latest boarding section, ticket collection gate 4110 for identifying the ticket gate that passed at that time, and time when the ticket was passed The data such as a change ticket time 4120 to be executed is stored.

As the SF ticket information, the SF value balance 4130 and the SF that records the history of accumulating SF values are recorded.
It comprises an accumulation history 4140, an SF usage amount 4150 for recording the latest SF value usage amount, and an SF usage interval 4160 for recording the latest SF value usage interval.

The card issuance information includes a regular issuance ID 4170, which is updated when a regular issuance is issued, a card issuance date 4180 for recording the date on which the regular issuance is performed, a card expiration date 4190 for recording the expiration date of the card itself, and a commuter pass. Data such as a commuter pass issuance amount 4200 for recording the amount at the time of issuance is stored.

FIG. 5 is a schematic diagram of an automatic ticket gate 5000 corresponding to an IC card commuter pass with an SF function.

When passing through the ticket gate, the user holds his / her IC card commuter pass over the IC card reading unit 5010 and passes through the ticket gate. At this time, the use section and the expiration date of the commuter pass are checked, and the card ID of the IC card commuter pass is compared with the small computer 5020 in the same manner as the above-described ticketing machine, multiplying machine, and payment machine. Checks the validity of the card. If this check determines that the commuter pass is invalid, the gate 5030
Is closed to hinder the passage of the user, and the display window 50 is closed.
At 40, the reason for closing the gate and guidance to the user are displayed.

On the other hand, when the card is valid and the user passes the ticket gate safely, one item details information based on the information of the IC card commuter pass and the information of the ticket gate that the user has passed. (Usage information of card in station equipment) is created and transmitted to the station server in real time or in batch. The station server accumulates these one-item details for one day, and transmits all card use data of the station to the central ID management center when the operation of the day is completed.

FIG. 6 shows one item information transmitted from each station service device to the station server every time the IC card is used. The one-item detailed information 6000 includes the card use date 6010, the user ID
6020, card issue ID 6030, use station 6040,
Device ID 6050, device use start time 6060, use end time ID 6070, SF balance 6080, use category 6
090, a status 6100 at the time of use.
Of these, the user ID, card issue ID, and SF balance are read from the IC card commuter pass, and the use date, use station, use device ID, use start time, use end time, and use contents are as follows: Automatically set depending on the situation.

The one-item detailed information generated in this manner is transmitted from the server at each station to the ID management center at once when the operation of the day is completed. The ID management center counts and analyzes all one-item detailed information for one day and checks whether the card has been illegally used. that time,
When a fraud assumed in advance is detected, the commuter pass with the corresponding ID is registered in the negative list as an invalid card and distributed to the station server of each station. On the other hand, for unexpected fraud, by analyzing the history of usage data for a certain period in the past (several weeks to several months) for each ID, it is possible to detect and monitor IDs that may be fraudulently used. The use information of the corresponding ID is displayed on the monitor, and a request is made for the judgment by the operator.

The outline of the fraud check process in the ID management center will be described below with reference to FIG.

When the operation of the day has ended and all station equipment has stopped providing services to the passengers, the station server at each station transmits one day's worth of station equipment usage data to the ID management center server. . The ID management center server receives one day's usage data transmitted from the station server of each station, and totals the usage data for the current day in step 7010.

Next, in step 7020, the usage data of the day is arranged for each card ID, and
It is added to the past use history of a certain period accumulated for each D.

Next, in step 7030, all the usage data and usage histories are checked for the presence or absence of the injustice by the known injustice detection rule with respect to all the illegal means known at the present time.

Next, in step 7040, it is determined whether or not fraud has occurred. If no fraud has been detected, the process proceeds to step 7060. If fraud has been detected, step 760 has occurred.
At 050, the corresponding card ID is registered in the negative list, and the flow advances to step 7060. In step 7060, in order to detect a new fraudulent means that is not assumed at the present time, the use characteristic is analyzed for each ID in the past card use history for a certain period.

Next, in step 7070, it is determined whether or not an abnormality has occurred in the usage characteristics of each ID. At this time, if no abnormal data is found, step 7
Proceeding to 120, if abnormal data is found, the past usage history and abnormal location of the ID determined to be abnormal are displayed on the monitoring / control terminal of the ID management center. Here, the operator determines whether or not the displayed abnormal data is due to a new illegal means or accidental disturbance.

Next, if it is determined in step 7090 that the unauthorized means is not a new unauthorized means, the process proceeds to step 7120. If it is determined that the unauthorized means is new, in step 7100, the current unauthorized means is handled. Modify the known fraud detection rules. Then, Step 7
The ID determined to be due to the new illegal means in 110 is registered as a negative list, and the flow advances to step 7120. In step 7120, the negative list updated in step 7050 or 7110 is delivered to the station server of each station.

Next, the known fraud check in step 7030 and the usage characteristic analysis processing in step 7060 will be described in detail.

FIG. 8 shows a system architecture for analyzing usage data and detecting fraud. The input data is a day use table 80 in which the day use data is arranged for each station.
10 and a usage history table 8020 storing usage results for each ID in a past fixed period. These input data are subjected to a known fraud check 8040 using a known fraud detection rule 8050 to check for fraud in an assumed range. At this time, if a fraud is found, the corresponding ID is registered in the negative list 8080.

On the other hand, with regard to unexpected fraud, the usage characteristic monitoring table 8100 is created by quantifying the usage characteristics 8070 using the usage history table 8020 and the variation definition table 8030 as inputs. By performing an abnormal data check 8100 on this table using the abnormal data detection rule 8060, the presence or absence of an abnormality in the usage characteristics is checked for all IDs. Next, the use status of the ID determined to be abnormal data is displayed on the monitoring / control monitor 8090, and when the operator determines that the ID is new fraud, the known fraud detection rule is modified. In response to the newly discovered illegal means, the corresponding ID is registered in the negative list.

Subsequently, the known fraud check 8040 shown in FIG.
The processing of the abnormal data check 8100 will be described. The known fraud check detects fraud by analyzing the current day use table and the use history table according to the known fraud detection rule 8050.

FIG. 9 shows the data structure of the day use table. The day-of-use table 9000 is a table in which usage data of all station services for one day is sorted in time order for each station. The data items are the use start time 9010, use end time 9020, user ID 9030, SF balance 90
40, a device ID 9050, a use category 9060, and a use status 9070.

FIG. 10 shows the data structure of the usage history table. The usage history table 10000 shows the usage results (station ticket information, regular update information,
This is a table in which SF balances are arranged for each user over a certain period in the past. The daily data items for each user are:
Use start time 10010, use end time 10020, use station 10030, SF balance 10040, device ID 100
50, use category 10060, use status 100
70.

FIG. 11 is an example of a known fraud check rule. Here, an example is shown in which a known fraud such as “use of a counterfeit card” is found by a known fraud detection rule. Even if a certain card is illegally copied, even if a forged card in which an appropriate value is set to the user ID is used, the forged card can be detected by using the known fraud detection rule of FIG.

(1) In the case of card duplication: A card with the same ID is used in a remote place (an immovable distance) in the same time zone. (2) In the case of ID fabrication: not issued or currently used While an unidentified ID is found, a use history table and a variation amount definition table 8 are used for unexpected fraud.
At 030, the usage characteristics of each user are quantified, a usage characteristics monitoring table is created, and the presence or absence of an abnormal value is checked. Here, a case will be described in which the amount of change in the usage status suddenly changes from a certain time and is detected as abnormal data.

FIG. 12 is an example of a variation conversion definition table for quantifying the usage characteristics. In order to quantify the usage characteristics, a table for quantifying the change in the usage status one day ago and the change in the usage status one week ago on the same day is defined. For example, if the boarding station and the getting off station are different on the previous day, it is defined as 5 points as the fluctuation value of the usage characteristic. In this way, the amount of change in the usage status is quantified and a usage characteristic monitoring table is created for each user ID.

FIG. 13 is a usage characteristic monitoring table.
The usage characteristic monitoring table 13000 contains all user IDs.
Each monitoring period (last week, last two weeks,
This is a table in which the amount of change in the usage status is calculated for each monitoring period in (last one month) 13010. The total value 13020 of the fluctuation amount in each monitoring period is the total of all the fluctuation amounts in FIG. 12 in each monitoring period, and the table is checked by the abnormality detection rule 8060 to check for the presence or absence of abnormal data.

For example, if the abnormality detection rule is “if the total value 13020 of the variation exceeds the allowable variation 13030, it is determined that there is an abnormality”, a change that should be noticed in the usage situation of the user satisfying this condition is Judge that it has occurred. Here, there is naturally an individual difference in the fluctuation amount, and the fluctuation amount is easily affected by the external world such as a season. Therefore, the allowable variation is
It should be set for each individual. For example, a value obtained by adding a certain value to the previous actual fluctuation amount is set as the current allowable fluctuation amount. For example, when the user ID is 60070281 and the monitoring period is the past two weeks, the total value of the current variation is 16
2, the next allowable fluctuation amount = the current fluctuation amount × α (α =
If 1.5), the allowable fluctuation amount for the next week is 243.

As described above, the allowable fluctuation amount is dynamically updated every time according to the usage characteristics of each individual. In such a usage characteristic monitoring table, the fluctuation amount is evaluated for each user. For example, the user whose user ID is 6070281 has the fluctuation amount of 110 in the monitoring period of the past week.
Since the allowable value is 90, it is determined that the data is abnormal data. At that time, the past usage history of the person concerned is presented to the monitoring terminal, and the usage status is judged by the operator,
When it is determined that the data is fraudulent, the corresponding ID is registered in the negative list, and the operator defines a fraud detection rule that automatically detects the current abnormal data and registers the rule in the known fraud detection rule.

FIG. 14 shows the data structure of a negative list managed by the ID management center. One negative list includes a card ID 14010, a registration date 14020 registered as a negative list, a fraud count 14030 which is the number of fraud detections,
It is composed of a fraudulent pattern 14040 and a status 14050 indicating the current response. The meaning of each status is
"Pending" is stored as a negative list, but there is no evidence of abuse, so there is no need to distribute it to end devices. In such a case, monitoring should be continued in more detail. “Standby” indicates a state in which each terminal device is registered in the negative list so as not to be used illegally.

FIG. 15 is a negative rule distribution rule definition table. As the number of negatives increases, all negatives are distributed to all devices at all stations.
D explosively increases, making it difficult to solve problems such as negative check time. Therefore, it is necessary to limit the distribution area of the negative list depending on the content of the fraud and the regular use section. By distributing the negative list according to the distribution area definition table, the negative check is performed more efficiently.

[0046]

According to the present invention, when constructing an ID management system, the ID management system solves all problems on a daily basis in order to solve the problem that a fraudulent method that was not assumed at first was discovered and fraud spread. Since usage data is collected, organized, and analyzed to monitor for abnormalities in usage status for each ID, the fraud detection logic of the system is adjusted before fraud spreads, and new fraud methods are adopted. The security level of the system can be quickly adjusted.

[Brief description of the drawings]

FIG. 1 is an overall configuration diagram of an ID management system according to the present invention.

FIG. 2 is a configuration diagram of station equipment.

FIG. 3 is a schematic perspective view of a ticket issuing / accumulating / paying machine for an IC card commuter pass with an SF function.

FIG. 4 is a diagram showing card storage information of an IC card commuter pass with an SF function.

FIG. 5 is a schematic perspective view of an automatic ticket gate / ticket collecting machine compatible with an IC card commuter pass with an SF function.

FIG. 6 is a diagram showing one item specification information when an IC card uses station equipment.

FIG. 7 is a main processing flowchart of the ID management center.

FIG. 8 is a diagram showing a system architecture for performing fraud detection.

FIG. 9 is a diagram showing all usage data for one day.

FIG. 10 is a diagram showing a usage history table for each card ID.

FIG. 11 is a diagram showing an example of a known fraud detection rule for detecting a known fraud.

FIG. 12 is a diagram illustrating a fluctuation amount definition table for quantifying a usage characteristic.

FIG. 13 is a diagram illustrating a usage characteristic monitoring table in which a change in usage characteristics is quantified.

FIG. 14 is a diagram showing a data structure of a negative list managed by the ID management center.

FIG. 15 is a diagram showing a distribution rule definition table for a negative list.

[Explanation of symbols]

1010 station equipment, 1020 communication network, 1030 I
D management center.

Claims (1)

[Claims] 1. Each time a card is issued, such as a membership card or a commuter pass for transportation, an ID number is set for each card, and all issued card IDs are managed to manage the card IDs. In an ID management system that prevents unauthorized use, an ID management center that controls the entire ID management system collects daily usage data of all cards, analyzes all the collected usage data, and makes an assumption in advance. Detects the possibility of fraud even when a card is illegally used by an unexpected fraudulent method by analyzing the use characteristics of each card using the history information and the step of detecting unauthorized use of the card Performing the operation, presenting the usage history of the card in which the possibility of fraud has been detected to the operator, and displaying a new fraud method by the operator's judgment. ID, the fraud detection logic of the system, and adjusting to accommodate the new incorrect, when disabling the unauthorized use has been card
An ID management method, comprising: distributing a list (negative list) of invalid card IDs from a management center to a device to be managed.