JP2006065370A - Card transaction device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a card transaction device which reduces damage caused by the illegal use of a card without affecting conveniences to users. <P>SOLUTION: An authenticating action is made when a money deposit machine for cards 21 is turned on, and a security state is generated if the authentication is failed. When an accumulated amount of money which an IC card receives reaches a transaction limitation amount after the generation of the security state, the authentication of the money deposit machine for cards 21 is detected again. When the second authentication is also failed, writing money amount information to the IC card is refused. If the first or second authentication is successful, a normal state is generated. Accordingly, the illegal use of the money deposit machine for cards 21 for over a preliminarily fixed limited amount of money is prevented and the operability of the money deposit machine for cards 21 is not damaged. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a card transaction apparatus that changes the value added to a card by rewriting information stored in the card. In particular, the present invention relates to a card depositing machine that changes amount information stored in an IC card in accordance with cash inserted in an electronic money system.

  Among electronic money systems, there is a system in which a monetary value is converted into electronic information, stored in an IC card, and payment is completed by exchanging electronic information using the IC card. Such a system is provided in a hospital or the like. By performing settlement using an IC card, the user can enjoy a preset product or service, and there is an advantage that it is not necessary to perform troublesome operations in cash settlement.

  IC card card transaction apparatuses used in electronic money systems include a card deposit machine having a deposit function, a card settlement machine having a settlement function, and a card settlement machine having a settlement function. The card deposit machine rewrites the amount information of the IC card so that the amount corresponding to the inserted cash is added. The card settlement machine rewrites the amount information of the IC card so as to subtract the amount corresponding to the goods or services to be supplied. The card settlement machine rewrites the amount information of the IC card so as to pay out the cash corresponding to the amount information of the IC card and subtract the amount of cash that has been paid out.

  A first conventional card deposit machine is disclosed in Patent Document 1 as an IC card transaction apparatus. In this technique, when the upper limit amount is set for the electronic money of the IC card and the electronic money of the IC card is the upper limit value, the IC card transaction apparatus rejects the payment with cash.

  A second conventional card depositing machine is disclosed in Patent Document 2 as a depositing terminal. The card deposit machine stores various data in the management server when the power is turned off, and erases the various data in the internal storage device in order to prevent unauthorized data leakage. The card depositing machine downloads various data deleted at the time of power-on from the management server, and executes the depositing process using the downloaded data.

JP 2002-133377 A JP 2001-2222739 A

  Card deposit machines (card transaction devices) may be stolen by unauthorized users. In this case, fraudulent users insert cash into the card deposit machine to increase the IC card's electronic money, and withdraw the cash inserted from the card deposit machine, so that the amount information of the IC card can be obtained without inserting cash. The amount information of the IC card is illegally changed. There is a possibility that merchandise or services may be illegally enjoyed by repeating transactions with IC cards whose monetary information has been illegally changed and illegal changes to IC card monetary information.

  Although the card depositing machine described in Patent Document 1 described above has a limitation that it can only deposit up to the upper limit of the electronic money of the IC card, an unauthorized user can use the IC card for transactions and IC card amount information fraudulently below the upper limit. By repeating the change, there is a problem that the above-described unauthorized use of the IC card is continuously continued.

  Moreover, the card deposit machine of patent document 2 stops the transaction by a specific IC card based on the data given from the management server. However, when an IC card whose transaction is not canceled is used, there is a problem that the above-described unauthorized use of the IC card cannot be eliminated. In addition, when communication between the card deposit machine and the management server becomes impossible due to an unforeseen situation such as a power failure or a network abnormality, there is a problem that the user cannot perform a transaction using an IC card and the convenience is low. .

  The present invention has been made in view of such circumstances, and reduces damage caused by unauthorized use by suppressing unauthorized rewriting of information stored in a card without impairing convenience to the user. An object of the present invention is to provide a card transaction apparatus that can be used.

The present invention relates to a card transaction apparatus for performing transactions using the card by reading and writing information stored in a card possessed by a user,
Read / write means for reading and writing information stored in the card;
An authentication means for performing a predetermined authentication act;
Security control means for controlling writing of information to the card by the read / write means,
The security control means detects a predetermined state change and becomes a security state for monitoring whether or not a predetermined transaction stop condition is satisfied when the authentication act is not performed or the authentication act fails. Until the transaction stop condition is satisfied, information is written to the card by the read / write means, and the card can be used for the transaction.

  Further, the present invention is characterized in that the security control means prohibits writing of information to the card by the read / write means when the transaction stop condition is satisfied, and makes the transaction by the card impossible. .

  Further, the present invention is characterized in that the security control means makes the authentication act again when the transaction stop condition is satisfied.

The present invention further includes storage means for storing transaction total information obtained by accumulating information related to transactions with the card,
The transaction stop condition is based on total transaction information stored in the storage means.

In the present invention, the information stored in the card is monetary value information,
The transaction total information is a cumulative amount of monetary value information written on the card by the read / write means,
The transaction stop condition is whether or not the accumulated amount reaches a predetermined transaction limit amount.

In the present invention, the cumulative transaction information is a cumulative number of times information is written to the card by the read / write means.
The transaction stop condition is whether or not the cumulative number reaches a predetermined transaction limit number.

  Further, the present invention is characterized in that the transaction stop condition is whether or not a predetermined period has elapsed since the security state was reached.

  Further, the present invention is characterized in that the authentication means performs the authentication act with a management device provided separately from the card transaction device.

  Further, the present invention is characterized in that the authentication means performs the authentication action with a card that stores authentication information in advance.

The present invention further includes an operation means for inputting authentication information,
The authentication unit performs the authentication act based on authentication information input by the operation unit.

  According to the present invention, when a predetermined state change is detected and the authentication action is not performed or the authentication action fails, the security state is monitored to check whether a predetermined transaction stop condition is satisfied. Until the transaction stop condition is satisfied, the card transaction apparatus can be used in the same operation procedure as in the normal state, and convenience is not impaired.

  In addition, by disabling card transactions when the transaction stoppage conditions are met, even if the card transaction device is used illegally, the card can be prevented from being used beyond a predetermined limit, It is possible to prevent permanent rewriting of illegal information on the Internet and to prevent damage caused by unauthorized use.

  In addition, by performing the authentication act again when the transaction stop condition is satisfied, if the authentication act is successful, the period during which the card transaction is impossible can be substantially eliminated, and the user feels uncomfortable. The period during which the user can use the card transaction apparatus can be increased.

  Further, the transaction total information obtained by accumulating the information related to the card transaction is stored in the storage unit, and the transaction stop condition is determined based on the transaction total information stored in the storage unit, so that the card can be used according to the transaction state of the card. Whether or not the transaction is possible can be determined, and convenience can be enhanced. For example, by stopping the transaction with the card when the accumulated amount after entering the security state reaches a predetermined transaction limit, it is possible to prevent damage caused by unauthorized use from exceeding the predetermined transaction limit. .

  In addition, by stopping the transaction with the card when the cumulative number of times after entering the security state reaches the predetermined transaction limit number, the number of transactions until the transaction with the card is rejected can be determined in advance. , Can improve convenience.

  In addition, by stopping the transaction with the card when the predetermined period of time has elapsed since entering the security state, the grace period until the transaction with the card is rejected can be determined in advance. Can be improved.

  Also, by performing an authentication action with the management device, there is no need to perform an authentication action with an administrator, etc., so that the trouble of the administrator can be saved and the authentication action can be complicated. , Can improve safety.

  Also, by performing authentication with the card that stores the authentication information, more complicated authentication information can be set and safety can be set compared to when performing authentication with the administrator. Can do. Further, by using information stored in the same type of card as the card possessed by the user as authentication information, the card transaction apparatus can be configured at low cost without requiring a new configuration. In addition, the card transaction device can be operated independently without requiring an authentication act between the card transaction device and the management device, and the degree of freedom of the installation location of the card transaction device can be expanded.

  In addition, when authentication information such as a personal identification number is input from the operation means by an administrator or the like, the authentication means performs an authentication action with the administrator, whereby an authentication action between the card transaction apparatus and the management apparatus is performed. The card transaction device can be operated independently, and the degree of freedom of the installation location of the card transaction device can be expanded.

  Hereinafter, preferred embodiments of a card transaction apparatus according to the present invention will be described in detail with reference to the accompanying drawings. In the following, the card transaction apparatus will be described as an example of a card depositing machine used in an electronic money system using an IC card.

  FIG. 1 is a block diagram showing a system configuration of an electronic money system 20 according to the first embodiment of the present invention. As shown in the figure, the electronic money system 20 includes a card depositing machine 21, which is a card transaction apparatus, a card settlement machine 22, a card settlement machine 23, and a settlement server 26, which is a management apparatus. It is configured to be able to exchange data by communicating. The card deposit machine 21, the card settlement machine 22, the card settlement machine 23 and the settlement server 26 are provided in a use facility where goods or services are supplied and are connected to each other via a network 29. The facility used is a hospital or employee cafeteria.

  In the electronic money system 20, payment for the supply of goods and services in the use facility is performed using an IC card carried by each user and stored in the IC card by each device 21, 22, 23. The transaction is completed by reading and writing monetary value information, which is monetary value information.

  The card depositing machine 21 reads the amount information of the IC card to determine the amount added to the IC card (hereinafter referred to as electronic money), and the amount of electronic money in the IC card is calculated by inserting cash. Then, the total amount obtained by adding the amount corresponding to the inserted cash is calculated, and the amount information of the IC card is rewritten so that the amount of electronic money of the IC card becomes the total amount. In this way, the card depositing machine 21 performs a depositing operation (charging operation) in which electronic money is increased and deposited.

  The card settlement machine 22 reads the amount information of the IC card to determine the amount of electronic money, and the amount of electronic money of the IC card becomes an amount obtained by subtracting the amount corresponding to the product or service to be supplied. , Rewrite IC card amount information. In this way, the card settlement machine 22 performs a settlement operation to settle by reducing the electronic money of the IC card.

  The card settlement machine 23 reads the amount information of the IC card, determines the amount of electronic money, pays out the cash requested by the user, and subtracts the amount corresponding to the amount of cash paid out. Thus, the amount information of the IC card is rewritten. In this way, the card settlement machine performs a settlement operation for settlement by reducing the electronic money of the IC card.

  The settlement server 26 is a server computer that stores information about electronic money and manages the electronic money system 20. Specifically, a payment history is obtained from the card deposit machine 21 via the network 29, a settlement history is obtained from the card settlement machine 22, a settlement history is obtained from the card settlement machine 23, and the acquired information is stored. To do. The settlement server 26 also has a function of storing authentication information for the card deposit machine 21 to perform an authentication act.

  The IC card is a card-like storage medium, stores monetary information in a rewritable nonvolatile memory, stores identification information such as a manufacturing number in a read-only memory, the card deposit machine 21, the card settlement machine 22, and the card checkout. Information is read and written in a non-contact state with respect to the machine 23.

  The user increases the amount of electronic money of the IC card he possesses by putting cash into the card deposit machine 21. Further, when the IC card is used to enjoy a product or service by the card settlement machine 22, the electronic money of the IC card possessed is reduced. Further, when cash is paid out by paying out IC card electronic money by the card settlement machine 23, the electronic money of the IC card possessed is reduced.

  Next, the card deposit machine 21 which is one embodiment of the present invention will be specifically described with reference to FIG. In the present embodiment, the cash inserted into the card deposit machine 21 is limited to one type of banknote, and is configured to accept, for example, a 1000 yen bill. May be configured to be accepted.

  The card depositing machine 21 has a bill processing means 38 for processing bills to be inserted. Specifically, the banknote processing means 38 identifies whether or not the inserted banknote is a receivable banknote, and if it is determined that a receivable banknote has been inserted, the banknote accommodating part inside the depositing machine is used. To house. The banknote storage part is formed with a safe door for an administrator to take out banknotes to be stored. The administrator can take out the banknotes stored in the banknote storage portion by unlocking the safe door and opening the safe door. The administrator is a specific person who manages the card depositing machine 21 and is given a special authority.

  The card depositing machine 21 transmits and receives radio waves to read information stored in the IC card and rewrites information stored in the IC card (hereinafter referred to as IC reader / writer 39). Have The IC reader / writer 39 reads / writes information from / to the IC card according to an instruction from the main control means 54 described later when the IC card is placed at the reading / writing position of the card depositing machine 21.

  Further, the card depositing machine 21 includes a display unit 40 that displays deposit information, character information indicating the state of the card depositing machine 21, and a communication unit 42 for connecting to the network 29. The display means 40 is realized by a liquid crystal display or the like by changing the display mode in accordance with an instruction from the main control means 54 described later. The communication unit 42 transmits / receives data to / from the settlement server 26 in accordance with an instruction from the main control unit 54 described later.

  The card depositing machine 21 has a main control means 54 that controls a plurality of input / output means. The main control means 54 controls each input / output means by calculating the operation command of each input / output means and giving the calculation result to each input / output means. The main control means 54 has a storage means 55 and can output a predetermined calculation result by reading and executing the calculation program stored in the storage means 55. In the following description, the operation of the main control means 54 may be described as the operation of the card deposit machine 21.

  The main control means 54 is a deposit control means 57 that performs an operation of increasing the amount information to the IC card by the amount of the inserted bill, an authentication means 47 that performs an authentication action, and a security that performs an operation of monitoring unauthorized use. A control means 48 and a clock means 49 for measuring the date and time are provided, and each input / output means is controlled based on the calculation results of these means.

  Each means (payment control means 57, authentication means 47, security control means 48, and clock means 49) included in the main control means 54 described above has a functional configuration and is actually stored in the storage means 55. It is realized by executing the operation program, and merely represents each means for explaining the function.

  The authentication means 47 performs an authentication act as an act of determining whether or not the card depositing machine 21 is in a managed state. In the present embodiment, the authentication is performed when the authentication information given from the settlement server 26 is acquired. It is determined that the authentication has succeeded, and if authentication information cannot be acquired, it is determined that the authentication has failed. Further, the clock means 49 continues to measure the date and time by the internal power supply even when the external power supply is cut off.

  In addition to the operation program, the storage means 55 stores information related to unauthorized use and payment history related to payment processing, and can maintain the storage of each piece of information even when no power is supplied from the outside. It is configured as follows.

  The memory | storage means 55 memorize | stores the authentication information used for an authentication act, check information, transaction information, transaction cumulative information, and transaction stop conditions as information relevant to unauthorized use. The check information is information for identifying whether the current state of the card depositing machine 21 is a state where the authentication is successful or a state where the authentication is unsuccessful. The transaction information is information relating to the transaction for each card deposit machine 21 and IC card, and the transaction total information is information obtained by accumulating and storing the transaction information under the security state. The transaction stop condition is information indicating a condition for determining whether or not the card transaction is possible under the security state.

  Further, the card depositing machine 21 has a receipt issuing means 32 (described in FIG. 2), a receipt issuing button 33 (described in FIG. 2), and an IC arranged at a read / write position in order to communicate with the user. It has the alerting | reporting means 41 which alert | reports whether a card can be read-write. In addition, it has a memory card reader / writer 30 for reading and writing information stored in the memory card, and an operation means 31 for inputting information from an administrator.

  The memory card is a non-volatile storage medium, which is realized by, for example, a compact flash (registered trademark), and stores information by the memory card reader / writer 30 to backup transaction information such as a payment history, Used as transaction information storage means when communication is impossible. The memory card reader / writer 30 reads / writes information from / to the memory card in accordance with an instruction from the main control means 54.

  The operation means 31 has an operation unit that can be operated by an administrator. When the operation unit is operated, a transaction stop condition and an authentication information setting command and a change command to be described later are input from the administrator. A command is given to the main control means 54. In this embodiment, the operation means 31 is provided with a numeric keypad button for inputting a personal identification number from an administrator, and is a remote control.

  The card depositing machine 21 has a power supply unit 35 that supplies power to each means. The power supply unit 35 uses the power supplied from the outside as the power of the card depositing machine 21, and uses the power supplied from the internal power supply as the power of the card depositing machine 21 when the supply of power supplied from the outside is cut off. Further, the power supply unit 35 is provided with a power switch. When a start command is given from the administrator by the power switch, the start command is transmitted to the main control means 54.

  Each means (memory card reader / writer 30, operation means 31, power supply unit 35) for exchanging with the manager is covered by the operation door, and the means 30, 31 are opened by opening the operation door. , 35 can be used by the administrator. In addition, since the operation door is locked in a closed state, the setting can be prevented from being changed easily. In addition, the structure by which the safe door in which a banknote is accommodated, and the operation door may be combined may be sufficient.

  The card depositing machine 21 has door opening / closing detection means 34. The door open / close detecting means 34 detects the open / closed state of at least one of the above-described operation door or safe door. When the door open / closed detecting means 34 detects that the door is open, the door opening / closing detecting means 34 gives the information to the main control means 54. Realized by a sensor or the like.

  FIG. 2 is a perspective view showing the external appearance of the card depositing machine 21. As shown in FIG. 2, the card depositing machine 21 of the present embodiment is formed in a substantially rectangular parallelepiped shape. The card depositing machine 21 is formed by exposing the display means 40, the notification means 41, the IC reader / writer 39, the banknote processing means 38, the receipt issuing button 33 and the receipt issuing means 32 to the outside.

  As a result, the user can check the state of the card depositing machine 21 and then read the IC card amount information into the IC reader / writer 39 to increase the electronic money of the IC card. A receipt certifying payment to the card can be issued. These means 32, 33, 38, 39, 40, 41 are provided on the front side portion of the card depositing machine 21.

  The card depositing machine 21 is formed such that the edge length A1 along the front side portion is about 200 mm, the edge length along the side surface portion is about 250 mm, and the height is about 650 mm, and the weight is about 20 kg. It is configured to be relatively small and light so that it can be carried. In the present embodiment, an operation door is provided in the front direction so as to be openable and closable, so that each means (memory card reader / writer 30, operation means 31, power supply unit 35) for communicating with the administrator is not exposed by the operation door. Covered.

  In the first embodiment, the card depositing machine 21 and the settlement server 26 are connected online. The card depositing machine 21 performs an authentication action with the settlement server 26 when the power is supplied and an activation command is given. If the authentication action fails, the security state is controlled. The security state is a state where the transaction state of the card deposit machine 21 is monitored. If the transaction state is in the security state, the same transaction as usual can be performed until a preset transaction stop condition is reached. However, when the transaction stop condition is reached, the authentication action is performed again, and if the authentication fails, the transaction is stopped.

  FIG. 3 is a flowchart for explaining the operation of the card depositing machine 21 in the first embodiment. As the previous stage of the start of the flowchart (step s0), it is necessary to store authentication information for authentication and a transaction stop condition for stopping the transaction. Further, in this embodiment, the case where the upper limit amount (hereinafter referred to as the transaction limit amount) of the sum of the amount added to the IC card after the security state is reached is described as the case where the transaction stop condition is reached. . In this embodiment, the transaction limit is 10000 yen.

  The card depositing machine 21 waits in a state where the preparation operation is completed by storing the authentication information and the transaction stop condition described above (step s0), and when the power switch is pressed (step s1), the activation process is performed. And a first authentication action is performed by the authentication means 47 (step s2). In the present embodiment, the input of the activation command when the power switch is pressed is the “predetermined state change” described in the claims.

  If it is determined that the first authentication act has failed (NO in step s2), the security control means 48 determines that there is a possibility that the card depositing machine 21 has been illegally used, and enters a security state (step). s3). Then, when the security state is entered, the transaction information stored in the storage means 55 and the transaction limit amount are read, and the cumulative total of the IC card deposit amount (transaction cumulative information) after entering the security state is a predetermined transaction limit. It is determined whether or not the amount has been reached (step s4). If it is determined that the transaction limit amount has not been reached (NO in step s4), the process stands by in a state where writing of the amount information to the IC card is permitted (step s5).

  When it is determined by the instruction from the IC reader / writer 39 that the IC card is placed at the read / write position, the type of the IC card is valid and the balance of the electronic money on the IC card must reach the upper limit. If it is, it will be in the state of waiting for banknote detection (step s6). Next, when it is detected that a bill has been inserted into the bill insertion slot, the bill is identified, and if the bill is a receivable bill (step s7), the amount of the bill inserted by the IC reader / writer 39. Accordingly, the amount information is rewritten so as to increase the electronic money of the IC card, the bill is accommodated in the bill accommodating portion, and the amount of the inserted bill is stored in the storage means 55 as transaction information (step s8). Then, the total of the new deposit amount obtained by adding the current transaction amount to the previously calculated deposit amount is stored in the storage means 55 again. When an abnormality such as an invalid IC card type or a defective banknote is determined in steps s6 and s7, an error is displayed on the display means 40.

  When the depositing process is performed in this way, the process skips to step s4, and the security control means 48 determines again whether or not the total deposit amount of the IC card has reached the transaction limit amount (step s4). When the supply of power is stopped, the check state and transaction accumulation information are stored, the IC card write is rejected, and the deposit operation is terminated. Note that the depositing operations in steps s6 to s8 described above are merely examples of implementation, and other depositing operations may be performed.

  When the card depositing machine 21 permits the rewriting of the amount information to the IC card until the transaction stop amount is reached after entering the security state, and determines that the total amount of the transaction amount has reached the transaction limit amount (in step s4). YES), the authentication means 47 performs a second authentication action (actually, the same operation as the first authentication action) (step s9). If it is determined that the second authentication act has failed (NO in step s9), an error-down state is entered in which writing of money amount information to the IC card is rejected.

  Further, when the card depositing machine 21 determines that the first authentication action has been successful (YES in step s2), the card depositing machine 21 enters a normal state in which writing of the amount information of the IC card is permitted. If it is determined that the second authentication act has been successful (YES in step s9), the accumulated amount of accumulated money (transaction accumulated information) and the check information stored after entering the security state are erased (step s13), It becomes a normal state. The depositing operation in the normal state corresponds to the operations in steps s5 to s8 described above.

  Further, when the card depositing machine 21 enters the error down state, the card depositing machine 21 maintains the error down state until a predetermined process is performed by the administrator. . Further, after entering the error down state, a predetermined process is performed by the administrator to eliminate the error down state and return to the normal state again. The operation of the second embodiment to be described later can be applied to the predetermined process for eliminating the error-down state.

  Further, when the card depositing machine 21 is in the security state, the storage unit 55 stores the security state as check information. Thus, even if the power supply is cut off and the power is supplied again, the card depositing machine 21 can determine that the card is already in the security state. Similarly, since accumulated transaction information is stored in the storage means 55 after entering the security state, transaction information relating to transactions such as the date and time, transaction amount, and number of transactions that have elapsed since entering the security state, regardless of the presence or absence of power supply. It is also possible to grasp the accumulated transaction information.

  Next, the depositing operation to the IC card in the normal state will be described. FIG. 4 is a flowchart for explaining the depositing operation of the card depositing machine 21 in the normal state. When the card depositing machine 21 determines that the authentication is successful by the first authentication determining operation and the second authentication determining operation, the card depositing machine 21 stands by in a state in which writing of the amount information to the IC card is permitted (step s20).

  Then, it is determined that the IC card has been placed at the read / write position (step s21). When a bill is inserted from the insertion slot (step s22), the IC reader / writer 39 increases the electronic money of the IC card ( Step s23). Then, the process again stands by in a state where writing of money amount information to the IC card is permitted (step s20). The details of the depositing operation in the normal state are the same as the depositing operation in the security state before reaching the transaction limit condition described above, except that the transaction accumulation information is not stored in the storage unit 55. Description is omitted.

  Next, details of the authentication determination operation of the card deposit machine 21 will be described. In performing the authentication act, the card depositing machine 21 controls the communication means 42 to transmit a request for transmitting authentication information related to the authentication information to the settlement server 26. Upon receiving the transmission request, the settlement server 26 transmits authentication information related to the authentication information to the card deposit machine 21. The card depositing machine 21 decodes the authentication information given from the settlement server 26 and determines whether or not the decoded information corresponds to the authentication information stored in the storage means 55.

  If the card depositing machine 21 determines that the information acquired from the settlement server 26 corresponds to the information stored in the storage unit 55, the card depositing machine 21 determines that the authentication is successful. If the information from the payment server 26 cannot be acquired, or if it is determined that the information acquired from the payment server 26 does not correspond to the information stored in the storage means 55, it is determined that the authentication has failed. When the card depositing machine 21 determines either the success or failure of the authentication action, the authentication process is terminated.

  Note that the above-described authentication operation is an example of implementation. Therefore, it is only necessary to verify whether or not the card depositing machine 21 is in a normal state under the management of the administrator, and other authentication operations may be executed. For example, the authentication information stored in the storage means 55 of the card depositing machine 21 may be transmitted to the settlement server 26, the authentication information may be confirmed on the settlement server side, and the confirmation result may be transmitted to the card depositing machine 21. In this case, the card depositing machine 21 knows the success or failure of the authentication by receiving the confirmation result. Further, for example, the authentication information may be given directly or indirectly from the administrator, and it may be determined that the authentication has been successful by acquiring the password entered by the administrator as the authentication information.

  FIG. 5 is a timing chart for explaining the transaction stop condition. In FIG. 5, an example of the time change of the state of the card deposit machine 21 and transaction amount is shown. The card depositing machine 21 according to the present embodiment has an operation period set within one day. For example, at 9 o'clock, which is the operation start time within one day, the supply of power is started, and the operation ends within one day. At 20:00, which is the time, power supply is stopped.

  As shown in FIG. 5A, when the card depositing machine 21 determines that the authentication at 9:00 on July 1 has succeeded, it performs the depositing operation shown in FIG. 4 as a normal state. Then, the authentication action is performed again at the start of the next day, that is, at 9:00. In this way, the card depositing machine 21 performs the first authentication determination every time it starts, specifically at 9 am every morning, in order to determine whether there is a possibility of fraud.

  As shown in FIG. 5B, when the card depositing machine 21 determines that the authentication at 9:00 on July 15 has failed, the card depositing machine 21 enters a security state. Even in the security state, writing of money amount information to the IC card is allowed for a while, and the transaction amount after the security state is increased as transactions are performed. If the transaction amount is within the transaction limit amount even when the operation end time of July 15 is reached at 20:00, the transaction amount is stored and the deposit operation is stopped. Next, the card depositing machine 21 performs an authentication act at 9:00 on July 16, which is the day after the authentication failure. When the card depositing machine 21 determines that the authentication act is successful, the card depositing machine 21 cancels the security state and sets the normal state. .

  As shown in FIG. 5 (3), when the card depositing machine 21 determines that the authentication at 9:00 on August 1 has failed, the card depositing machine 21 enters a security state. At the time when the transaction amount after reaching the security state reaches the limit amount of 10,000 yen and satisfies the transaction stop condition, for example, at 15:00 on August 1, the card deposit machine 21 performs the second authentication act. If it is determined that the authentication by the second authentication act is successful, the security state is canceled and the normal state is obtained.

  As shown in FIGS. 5 (2) and 5 (3), even if the connection state with the settlement server 26 is temporarily cut off during the activation period of the card depositing machine 21 and the authentication action fails, the information on the IC card Writing can be continued, and if the next authentication action is successful, it can be used without any change from normal times.

  As shown in FIG. 5 (4), when the card depositing machine 21 determines that the authentication at 9 o'clock on September 1 has failed, it enters a security state. Then, at the time when the transaction amount after reaching the security state reaches the limit amount and satisfies the transaction stop condition, for example, at 15:00 on September 1, the card deposit machine 21 performs the second authentication act. If it is determined that the authentication by the second authentication act has failed, an error-down state is entered. Accordingly, when the card depositing machine 21 is stolen, the transaction amount does not exceed the limit amount and is not illegally used, and permanent illegal use of the card depositing machine 21 can be prevented.

  In the present embodiment, if the transaction amount by the card deposit machine 21 reaches a predetermined transaction limit amount and authentication fails when the authentication is performed again, writing of the amount information to the IC card is rejected. Even if the IC card amount information is illegally rewritten so as to increase the electronic money of the IC card, the damage due to the unauthorized use can be suppressed within the predetermined transaction limit amount, and the damage amount is large. Can be prevented.

  In the present embodiment, the first authentication action is performed every time the power is turned on. Therefore, even before the transaction stop condition is reached, the possibility of successful authentication can be increased, and when the card deposit machine 21 is used properly, the possibility of reaching the transaction stop condition can be reduced. The possibility of refusing to write information to the IC card can be reduced. Moreover, when stolen, etc., it can be detected at an early stage, and damage caused by unauthorized use can be minimized.

  Further, as shown in FIG. 5B, even if the authentication at the time of activation fails due to communication failure with the settlement server 26, the communication failure with the settlement server 26 is resolved on the next day. Users and administrators do not need to perform special operations. Therefore, the user and the administrator can use and manage the card deposit machine 21 without being aware of the security state.

  In the present embodiment, the transaction stop condition is determined based on the transaction amount out of the amount information written on the IC card. However, the type of information written on the IC card, the date, the number of times of writing, and the writing The transaction stop condition may be determined based on the situation, the state of the card depositing machine 21, and the like. For example, the transaction stop condition may be whether or not the date and time that has elapsed since entering the security state reaches the number of transaction stop days that have passed a predetermined transaction limit period. Alternatively, it may be set as the day after X days after entering the security state, and whether or not that day will be reached. As a result, it is possible to determine in advance the grace period from when the security state is reached until the writing of the amount information to the IC card 25 is rejected. In this case, by setting the grace period longer than the recovery period spent before recovering from the state where communication with the settlement server 26 is impossible, the possibility of eliminating the security state can be increased. The permission to write information can be continued.

  In addition, when an authentication act by a manual operation by the administrator is possible, the administrator who has confirmed the security state at the time of inspection may operate the card deposit machine so as to release the security state. In this case, by setting the grace period longer than the inspection period of the card depositing machine 21 by the administrator, the possibility of eliminating the security state can be increased, and permission to write information to the IC card is continued. be able to.

  In addition to this, the card deposit machine 21 may determine the transaction stop condition based on the number of times the amount information of the IC card is rewritten instead of the limit date. By defining the number of times, the program for determining the transaction stop condition of the card deposit machine 21 can be simplified.

  In addition, when the writing of information to an abnormal IC card that is difficult to perform by normal operation occurs, the writing of money amount information to the IC card may be rejected. As a specific example, when depositing large amount of electronic money is performed continuously in a short time, when depositing electronic money into a specific IC card is performed continuously in a short time, other than the preset operation time The transaction stop condition may be determined by judging the case where payment is made. When this is used legitimately, it is possible to lengthen the period required to reach the transaction stop condition or to prevent the transaction stop condition from being reached. In addition, at the time of unauthorized use, writing of information on the IC card can be rejected at an early stage.

  Moreover, in this Embodiment, the card deposit machine 21 makes the display aspect for users for alerting | reporting to a user differ from the display aspect for administrators for alerting | reporting to an administrator. As a result, the administrator can be informed of the security state without making the user aware of the security state.

  FIG. 6 is a diagram illustrating an example of a display mode of the display unit 40. The card depositing machine 21 determines whether the door is opened or closed by the door opening / closing detection means 34, the display on the display means 40 when the door is closed is the display mode for the user, and the display means when the door is open. The display of 40 is set as a display mode for managers.

  Among the display modes of the display means 40, FIG. 6 (1) shows an example of a normal user display mode, FIG. 6 (2) shows an example of a normal manager display mode, and FIG. 3) shows an example of the display mode for the user of the security status. FIG. 6 (4) shows an example of the display mode for the administrator in the security state, FIG. 6 (5) shows an example of the display mode for the user in the error down state, and FIG. 6 (6) shows the error down state. An example of the display mode for managers is shown.

  As shown in FIGS. 6 (1) and 6 (3), the display mode for informing the user is the same display mode in the normal state and the security state. As a result, the user can perform an operation without a sense of incongruity between the normal state and the security state.

  On the other hand, as shown in FIGS. 6 (2) and 6 (4), the display mode for informing the administrator is set to a different display mode between the normal state and the security state. As a result, when the administrator periodically checks the card depositing machine 21, the administrator can confirm whether the security state is established by confirming the display on the display means 40. The security status can be canceled manually.

  As described above, in the first embodiment of the present invention, when the card depositing machine 21 is stolen, it is assumed that a state where the settlement server 26 and the card depositing machine 21 can communicate with each other is not secured at the theft destination. Therefore, even if the card deposit machine 21 repeats the authentication act, the authentication is not successful, and when the authentication performed when the transaction stop condition is reached, the writing of the amount information to the IC card is refused. In this way, permanent unauthorized use can be prevented.

  Further, when the card depositing machine 21 is stolen and illegally used, it can be assumed that power is always supplied from the power source to the card depositing machine 21 at the place where the card depositing machine 21 is stolen. Therefore, by setting the time when the supply of power is started as the timing for starting the first authentication action, it is possible to reliably determine a change in state caused by unauthorized use.

  In addition, authentication is performed only when power supply is started and only when the transaction stoppage condition is reached. It is possible to reduce the time spent for the authentication act per hour. Thus, even if the authentication action takes time, by reducing the number of times, it is possible to reduce the trouble of the user's use and to prevent the operability from being lowered.

  Further, by performing authentication determination based on authentication information related to authentication information given from a separate payment server 26 different from the card deposit machine 21, the authentication action can be complicated, for example, encrypted. , The continuation of unauthorized use can be surely prevented. In addition, the security can be further improved by enabling the administrator to set and change the authentication information. Further, by allowing the administrator to set and change the transaction stop condition, it is possible to determine the transaction stop condition according to the use state of the card depositing machine 21 and to improve convenience.

  In addition, even when the card deposit machine 21 is properly used, the first authentication action may fail due to a power outage and communication failure, temporarily becoming unable to communicate with the settlement server 26. Until the transaction stop condition is satisfied, the user can operate the card depositing machine 21 as in the normal state. Further, during the grace period until the transaction stop condition is satisfied, it is possible to continue writing the amount information to the IC card by recovering the communication state in which communication with the settlement server 26 is possible.

  Therefore, the user does not need to recognize whether the state of the card depositing machine 21 is the security state or the normal state, and writes the amount information to the IC card in the same operation procedure as the normal state. Can be made and convenience is not lost. Furthermore, since authentication is performed unconsciously for the administrator, the administrator does not need to specifically recognize the security state and the normal state, thereby preventing troubles in the operation of the administrator. It is.

  Note that the card deposit machine 21 and the settlement server 26 are connected so that settlement information can be transmitted and received for transaction management. Therefore, storing the authentication information in the settlement server 26 can be easily realized without adding a new configuration. Accordingly, it is not necessary to separately provide a management device that stores information related to authentication information, and the electronic money system 20 can be configured at low cost.

  Next, the card deposit machine 21 used for the electronic money system which is the 2nd Embodiment of this invention is demonstrated. The card depositing machine 21 of the second embodiment has a similar configuration to the card depositing machine 21 of the first embodiment described above, and the configuration corresponding to the configuration of the first embodiment is The same code | symbol as the card deposit machine 21 of 1 embodiment is attached | subjected, and description is abbreviate | omitted.

  The card deposit machine 21 of the second embodiment is not connected to the settlement server 26 so as to be communicable. In this case, information such as the payment history is stored in the memory card by the memory card reader / writer 30 and is given to the payment server 26 via the memory card, whereby the payment management of the electronic money system is performed. Further, the card depositing machine 21 of the second embodiment is different from the card depositing machine 21 of the first embodiment in the communication unit 42 and the authentication unit 47 and the security control unit 48 in the main control unit 54.

  In the second embodiment, the card deposit machine 21 performs a security operation to prevent unauthorized use on the assumption that it can operate even if it cannot communicate with the payment server 26. Specifically, when the power switch is pressed and an activation command is given, the security state is entered, and until the transaction stop condition is reached, the writing of the amount information to the IC card is permitted and the transaction stop condition is satisfied as in the normal state. If the authentication is not successful even if it reaches, the writing of the amount information to the IC card is refused. Further, the card deposit machine 21 stores authentication information for performing authentication and transaction stop conditions in advance before performing a security operation.

  FIG. 7 is a flowchart for explaining the operation of the card deposit machine 21 in the second embodiment. As before the start of this flowchart (step a0), it is necessary to store authentication information and transaction stop conditions as in the first embodiment. Further, the transaction stop condition of the present embodiment is the same as that of the first embodiment, and reaches the upper limit amount (hereinafter referred to as “transaction limit amount”) of the accumulated amount added to the IC card after entering the security state. Will be described below when the transaction stoppage condition is reached.

  The card depositing machine 21 waits in a state where the preparation operation is completed by storing the authentication setting and the transaction stop condition described above (step a0), and when the power switch is pressed (step a1), the security control means 48, the security state is entered (step a2). When the security state is established, the transaction total information stored in the storage means 55 and the transaction stop condition are read, and it is determined whether or not the total deposit amount has reached a predetermined transaction limit amount (step a3). About the operation | movement when it has not reached transaction amount limit, the operation | movement similar to the security operation | movement (step s5-s8) of a 1st form shown in FIG. 3 is performed (step a4-a7).

  Next, after entering the security state, when the accumulated amount of deposit amount of the IC card reaches the transaction limit amount (YES in step a3), an error down state is entered (step a8). And it waits until an administrator performs an authentication act (step a9). The administrator performs an authentication action and determines whether or not the authentication action is successful (step a10). If the authentication information is not accurate, the process returns to the standby state in step a9, and waits again until the authentication action is performed in the error-down state.

  When the administrator performs an authentication action and determines that the authentication action is successful, the error-down state is canceled (step a11), and the transaction information and check information stored after the security state is entered are deleted. (Step a12), a normal state is obtained. The operation in the normal state is the same as the deposit operation shown in FIG. Note that the transaction stop condition may be other conditions as in the first embodiment.

  Next, details of the authentication determination operation of the card deposit machine 21 will be described. Here, the IC card used for authentication is of the same type as the IC card normally used by the user, and the administrator registers and stores it in the card depositing machine 21 in advance as an IC card for authentication.

  In performing the authentication act, when the IC card is placed at the read / write position, the card depositing machine 21 decodes the identification information of the IC card, and the IC card in which the decoded identification information of the IC card is stored as authentication information. It is determined whether or not it matches the card identification information.

  When it is determined that the identification information of the IC card corresponds to the information stored in the storage means 55, it is determined that the authentication is successful. Further, when the identification information of the IC card cannot be acquired, or when it is determined that the identification information acquired from the IC card does not correspond to the stored information, it is determined that the authentication has failed. If it is determined whether the authentication is successful or unsuccessful, the authentication determination operation is terminated.

  As described above, in the present embodiment, the same effect as that of the first embodiment can be obtained. Specifically, it is possible to suppress damage caused by unauthorized use by suppressing unauthorized rewriting of money amount information stored in an IC card without impairing convenience for users and administrators. Even if an error-down state occurs, the card deposit machine 21 can successfully authenticate, thereby eliminating the error-down state and allowing information to be written to the IC card again.

  Further, since it is not necessary to perform a communication operation with the settlement server 26, it is not necessary to connect the card depositing machine 21 and the settlement server 26 through a communication line, and the card depositing apparatus 21 can be operated independently, and the freedom to install the card depositing machine 21 Can expand the degree. Further, since the communication process is not performed as compared with the first embodiment, the authentication act can be performed in a short time.

  In addition, it can be assumed that an unauthorized user does not have an IC card for authentication, and the refusal state of writing information to the IC card in the card deposit machine 21 cannot be resolved, and unauthorized use continues permanently. Can be surely prevented. Note that the identification information of the IC card is stored in a non-rewritable ROM in the memory provided in the IC card and is not rewritten, so that the security can be improved. Further, by registering the identification information as authentication information in advance, a general-purpose IC card similar to the IC card possessed by the user can be used as the authentication IC card, which can be realized at low cost.

  In the second embodiment, the authentication is performed by using the authentication IC card. However, the administrator inputs the password stored in advance from the numeric keypad provided on the remote controller as the operation means. Authentication may be successful. Furthermore, the form which merged both 1st Embodiment and 2nd Embodiment is also contained in this invention. That is, the card depositing machine 21 capable of both the authentication act using the settlement server 26 as the authentication act and the authentication act by the administrator may be used.

  Moreover, each embodiment of this invention mentioned above is only the illustration of this invention, and you may change a structure within the scope of the invention. For example, information representing the amount of money is stored in the IC card, but information representing added value other than the amount of money, for example, point information may be stored. In this case, the same effect as described above can be obtained by reading and writing the added value information representing the added value in place of the money amount information to the card transaction apparatus corresponding to the card depositing machine 21. That is, the present invention can be used for all systems in which transactions are performed by exchanging electronic information representing added value.

  Although the card depositing machine 21 has been described as a card transaction apparatus, a card transaction apparatus in which at least one of the functions of the card settlement machine 22 and the card settlement machine 23 is combined with the card depositing machine 21 also belongs to the present invention. Further, the card deposit machine 21, the card settlement machine 22, and the card settlement machine 23 may be provided in a use facility other than the exemplified use facility. In addition, the electronic money system is not limited with respect to traded goods and services. Further, although the non-contact type IC card is used as the storage medium for storing the money amount information, it may be a contact type IC card or a magnetic card.

  In the present embodiment, when the power is turned on, it is assumed that a change caused by unauthorized use (predetermined state change described in claims) occurs, and a security state is set. In the present invention, the present invention is not limited to this, and another change amount that changes in accordance with an unauthorized use by the user may be a predetermined state change. For example, the security state may be determined by determining whether the door covering the operation panel for the manager is opened, the card depositing machine 21 is moved, or abnormal information is written to the IC card.

  Further, when changes due to a plurality of unauthorized use occur simultaneously, the security state may be set. For example, as in the first embodiment, when a first condition for which an activation command is given and a second condition for which authentication at that time has failed are satisfied, a security state is determined by determining a change caused by unauthorized use. It may be. Note that the security state may be established when one of the two conditions is satisfied.

  Further, the authentication action determines whether or not the card depositing machine 21 is under the management of the manager. If the card depositing machine 21 is under management, it is determined that the authentication has succeeded, and if it is not under management, it is determined that the authentication has failed. For example, the connection state between the settlement server 26 and the card deposit machine 21 may be determined, and if it is in the connection state, it may be determined that the authentication has been successful. In this case, the management apparatus may transmit the authentication information to the card depositing machine 21 according to the instruction of the card depositing machine 21 or may transmit the authentication information to the card depositing machine 21 at a predetermined transmission timing. Further, it may be determined that the authentication is successful by the administrator performing a predetermined operation on the card depositing machine 21. Further, the transaction stop condition may be determined based on a predetermined state that changes after entering the security state.

It is a block diagram which shows the system configuration | structure of the electronic money system 20 which is the 1st Embodiment of this invention. 2 is a perspective view showing an external appearance of a card depositing machine 21. FIG. It is a flowchart for demonstrating operation | movement of the card deposit machine 21 in 1st Embodiment. It is a timing chart for demonstrating normal transaction of the card deposit machine 21. FIG. It is a timing chart for demonstrating the transaction stop conditions of this embodiment. It is a figure which shows an example of the display mode of the display means. It is a flowchart for demonstrating operation | movement of the card deposit machine 21 in 2nd Embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 20 Electronic money system 21 Card deposit machine 22 Card payment machine 23 Card settlement machine 26 Payment server 38 Banknote processing means 39 IC card reader / writer 54 Main control means 55 Storage means

Claims (10)

In a card transaction device that performs transactions with the card by reading and writing information stored in the card possessed by the user,
Read / write means for reading and writing information stored in the card;
An authentication means for performing a predetermined authentication act;
Security control means for controlling writing of information to the card by the read / write means,
The security control means detects a predetermined state change and becomes a security state for monitoring whether or not a predetermined transaction stop condition is satisfied when the authentication act is not performed or the authentication act fails. Until the transaction stop condition is satisfied, the information is written into the card by the read / write means, and the card transaction device is enabled.   The said security control means prohibits writing of the information to the said card | curd by the said read / write means when the said transaction stop condition is satisfy | filled, The transaction by the said card | curd is made impossible. Card transaction equipment.   The card transaction apparatus according to claim 1, wherein the security control unit causes the authentication action to be performed again when the transaction stop condition is satisfied. Further comprising storage means for storing transaction accumulation information obtained by accumulating information relating to transactions with the card,
The card transaction apparatus according to any one of claims 1 to 3, wherein the transaction stop condition is based on total transaction information stored in the storage unit. The information stored in the card is monetary value information,
The transaction total information is a cumulative amount of monetary value information written on the card by the read / write means,
The card transaction apparatus according to claim 4, wherein the transaction stop condition is whether or not the accumulated amount reaches a predetermined transaction limit amount. The transaction total information is the total number of times information is written to the card by the read / write means,
The card transaction apparatus according to claim 4, wherein the transaction stop condition is whether or not the cumulative number reaches a predetermined transaction limit number.   The card transaction apparatus according to any one of claims 1 to 3, wherein the transaction stop condition is whether or not a predetermined period has elapsed since becoming the security state.   8. The card transaction apparatus according to claim 1, wherein the authentication means performs the authentication act with a management apparatus provided separately from the card transaction apparatus.   The card transaction apparatus according to claim 1, wherein the authentication unit performs the authentication action with a card that stores authentication information in advance. It further includes an operation means for inputting authentication information,
The card transaction device according to claim 1, wherein the authentication unit performs the authentication act based on authentication information input by the operation unit.

Images