JP2006243978A - Server and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To allow easy taking in any ATM, and to prevent the illegal use of a cash card at extremely low cost. <P>SOLUTION: In this bank server 10, an authentication service server 11 automatically generates an identifying password at an use of ATM terminal 15 in reference to an authenticating customer database 12, and transmits the generated password to a cellphone 31 of a customer via a cellphone network 20. Even if the cash card 40 is lost or stolen, it becomes impossible to perform the illegal use such as the skimming or analogy of the password on the basis of the personal information of the customer to drastically improve security. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a server and a program in a bank or the like with improved security when performing identity verification necessary for transactions with financial institutions and the like.

  In recent years, an electronic money card represented by a smart card has been used as a medium for shopping using electronic money instead of banknotes and coins. Such an electronic money card has an MPU and a memory on an IC chip mounted on the card. By installing electronic money software as an application, an electronic money can be obtained from a bank account using a bank ATM or the like. And paying for shopping, etc., can be made with electronic money on the card (see, for example, Patent Document 1).

  Further, Patent Document 2 discloses an electronic settlement system that performs transaction settlement at a general store or a vending machine using the electronic mail function of a mobile terminal device based on settlement information and transfer destination account information. Yes.

  Furthermore, various contracts and procedures with financial institutions via a communication network such as the Internet, for example, in the case of a bank, a system for opening an account, applying for telephone banking or Internet banking, changing an address, etc. have been put into practical use. For example, Internet banking is one of the Internet connection services provided by a mobile phone network. Banks that enable Internet banking services that perform the above contracts and procedures from mobile phones provide the services by building websites for mobile phone networks.

The above-mentioned systems such as contracts and procedures via the communication network usually incorporate an authentication system including identity verification, and it is necessary to input a password and ID number given in advance, and in many cases, an address, name, Enter customer data for authentication such as phone number. In addition, in the case of targeting new customers such as opening an account, in order to prevent money laundering, etc., at the reception desk, you will be asked to present your ID card etc. face-to-face and verify your identity, and the customer data for authentication will be written It is common practice to complete the procedure.
JP 2000-31382 A JP 2002-259857 A

  However, in recent years, fraudulent use such as forgery of cards by organized criminal organizations and theft of personal identification numbers called skimming has been expanding. The National Banking Association has compiled measures that focus on strengthening security measures for PINs, using cash cards as IC cards to prevent counterfeiting, preventing damage expansion, and helping victims. It is also becoming practical to introduce a biometric authentication method using palm veins or irises into an automated teller machine (ATM) instead of or in combination with a personal identification number.

  However, counterfeiting is difficult due to the use of an IC card as a cash card, but it is not perfect, and there is a high possibility that the power of a criminal organization will go up sooner or later by using only an IC card. In addition, strengthening of security measures for passwords is currently limited to calling for easy-to-understand passwords such as date of birth. If measures are taken to incorporate biometric authentication into ATMs, the security level can be raised, but mutual use of ATMs with banks taking other safety measures becomes impossible.

  In view of the above problems, an object of the present invention is to provide a server and a program that can be easily adopted in any ATM or the like and can prevent unauthorized use of a cash card at an extremely low cost. .

  The server of the present invention includes an authentication customer database for registering a customer and a communication device possessed by the customer in association with each other, and a password generation means for generating a password for identifying the customer registered in the authentication customer database And notifying means for transmitting the password generated by the password generating means with reference to the authentication customer database to the communication device associated with the customer.

  The password generation means generates a password having a validity period, and the communication means transmits the validity period together with the password, so that the password can be used only for a predetermined period, and safety is ensured. Increase more.

  The notification means transmits the password previously transmitted together with the new password, so that the customer can confirm that the notification of the password is authentic.

  The notifying means transmits the password in response to reception of a password issuance request, thereby avoiding frequent notification of unnecessary passwords to customers with few opportunities to use passwords.

  The present invention relates to an authentication customer database for registering a computer in association with a customer and a communication device possessed by the customer, and password generation for generating a customer identification password registered in the authentication customer database. And a notification means for transmitting the password generated by the password generation means with reference to the authentication customer database to the communication device associated with the customer. It is a program.

  According to the present invention, it is possible to realize a server such as a bank that can be easily incorporated into a general-purpose ATM or the like and can prevent unauthorized use of a cash card at low cost.

  The best mode for carrying out the present invention will be described below in detail with reference to the accompanying drawings. However, the technical scope of the present invention is not limited by the embodiments.

  FIG. 1 is a diagram showing a configuration of an authentication service system using a server according to an embodiment of the present invention. The server of this embodiment is an example applied to a bank server. In addition, as a method for notifying a customer of a password, a case of notifying a mobile phone owned by the customer by e-mail is taken as an example.

  In FIG. 1, the bank server 10 generates a password for verifying the identity of the customer, authenticates the authentication service server 11 that performs the identity authentication service using the password, and authenticates the customer and the customer's communication device in association with each other. Customer database 12 and an ID management database 13 for storing generated passwords and password issuance request IDs. Further, an ATM (Automated-Teller Machine) terminal 15 is connected to the bank server 10 via a dedicated communication network 14. The ATM terminal 15 is installed in a financial institution or a store, and performs financial transactions such as balance inquiry and account withdrawal after confirming the identity with a password.

  The authentication service server 11 is a server in charge of business procedures related to acceptance of various procedures and authentication in the bank business system performed by the bank server 10. The authentication service server 11 also has a function of managing the mobile phone network 20. As an important feature of the bank server 10, the authentication service server 11 refers to the authentication customer database 12 and automatically generates a password for verifying the identity when using the ATM terminal 15, and uses the generated password as the principal. Is to issue a password issuance operation. In this case, the password sent to the person is changed each time the password is sent.

  The bank server 10 is connected to a mobile phone network 20 including a telephone network 21, an exchange 22 and a radio station 23, and has an electronic mail function of a mobile phone 31 carried by a customer via the mobile phone network 20. Use to send a password.

  The customer owns the cash card 40 for using the ATM. Further, the customer has a portable terminal for receiving the password sent from the bank server 10. A mobile phone 31 is illustrated as a representative example of the mobile terminal. The case where a password is notified to this cellular phone 31 from the bank server 10 by e-mail is taken as an example. The mobile terminals are not only mobile phones 31 in a narrow sense, but also portable information terminals such as PHS (Personal Handyphone System) and PDA (Personal Digital Assistants), portable devices such as notebook personal computers, and stationary personal computers installed at home. It may be.

  Hereinafter, the operation of the bank server configured as described above will be described.

  FIG. 2 is a flowchart for explaining the password issuing operation of the authentication service server in this embodiment. The authentication service server 11 determines whether or not the password issuance condition is satisfied (step S11). The password issuance condition is based on the assumption that the customer is a customer of this password issuance contract with reference to the authentication customer database 12 and the ID management database 13, and (1) a predetermined contract setting time (for example, 6 hours, 12 hours, etc.), or (2) there is a valid password issuance request, it is determined that the password issuance condition is met. If it is not in the password issuance condition, the process is terminated. When the password issuance condition is satisfied, the authentication service server 11 generates a random number or the like to generate a password (step S12), and uses the generated password and its validity period information (for example, valid until 12:00, 2005.2.1) as a customer. The ID is stored in the ID management database 13 together with the ID (step S13). A mode in which a password is generated in advance prior to the password issuance instruction and stored until the issuance instruction is issued may be employed. Next, the generated password and its validity period information are sent by e-mail to the corresponding customer's mobile phone 31 via the mobile phone network 20 (step S14). In this way, a password is issued to the customer.

  The mobile phone 31 determines whether or not a mail transmitted from the bank server 10 has been received (step S15). When a transmitted mail from the bank server 10 is received, the password and validity period information attached to the mail are displayed. The data is stored in a predetermined memory area (step S16). The password and the validity period information stored in the memory area can be displayed on the display unit 33 by the user operating the key input unit 32 (see FIG. 1) of the mobile phone 31 in a predetermined procedure. FIG. 4A shows an example of the display screen 33A in which a password is received. Here, the incoming mail from the bank server 10 is more preferably a confidential mail setting. The user can open the confidential mail with a personal identification number or the like, and can prevent the password from being easily seen by others. The customer can know the password sent from the bank server 10 by looking at the display unit 33 of the mobile phone 31 that is being carried, and the transaction using the ATM terminal 15 is enabled by the cash card 40 and this password. .

  When the transmitted mail from the bank server 10 cannot be properly received, a message is displayed indicating that the password transmitted from the bank has not been received. FIG. 4B shows an example of this message. In the present embodiment, when the password cannot be received, the display shifts to a display indicating a password acquisition method according to a user instruction.

  As described above, the bank server 10 automatically generates a password setting / update that should be performed by the customer on behalf of the customer, and notifies the mobile phone 31 of the customer of the generated password. The customer himself / herself does not know the password until he / she sees the password notified to the mobile phone 31. Therefore, even if the cash card 40 is lost or stolen, an illegal use such as guessing a password or skimming based on the customer's personal information becomes impossible. Above all, even if the cash card or cash card information is stolen and the customer does not know the fact of the theft, it is not possible to withdraw the deposit from the bank account with the cash card or cash card information alone. .

  It should be noted that, as in the present embodiment, it is preferable that the password has a usable period of validity, but it may be possible to use the previous password until a new password is issued.

  FIG. 3 is a flowchart for explaining the password issuing request of the mobile phone and the password issuing operation of the bank server in the present embodiment.

  The customer receives a password automatically issued from the bank server 10 at regular intervals and uses the ATM terminal 15 from the password and the cash card 40. However, if the transmission mail from the bank server 10 cannot be received properly, it is necessary to know the password transmitted from the bank.

  The customer activates the password issue request mode of the mobile phone 31 and connects to the bank server 10. When the connection is established, the customer inputs the password issuance request ID according to the message displayed on the display unit 33 and transmits it to the bank server 10 (step S21). In the authentication service server 11, the bank server 10 refers to the transmitted password issuance request ID, the authentication customer database 12 and the ID management database 13 and authenticates that it is a customer of a password issuance contract (step S22). . The password issue request ID is previously determined as personal authentication information between the customer and the bank for such a password issue request. When it is determined that the received password issuance request ID is valid, the bank server 10 sends the currently valid password and its validity period information to the corresponding customer's mobile phone 31 via the mobile phone network 20. Transmit (step S23).

  The mobile phone 31 stores the password and the validity period information attached to the mail transmitted from the bank server 10 in a predetermined memory area and displays it on the display unit 33 (step S24). The customer can know the password sent from the bank server 10 by looking at the display unit 33 of the mobile phone 31, and a transaction using the ATM terminal 15 becomes possible with the cash card and this password.

  As described above, in the bank server 10 of the present embodiment, the authentication service server 11 refers to the authentication customer database 12 to automatically generate and generate a personal identification password when using the ATM terminal 15. Password is sent to the customer's mobile phone 31 via the mobile phone network 20, so that even if the cash card 40 is lost or stolen, the password is guessed based on the customer's personal information, or unauthorized use such as skimming Is impossible, and security can be dramatically improved. In particular, even if the cash card 40 or the information of the cash card is stolen and the customer himself / herself does not know the fact of the theft, the cash card 40 does not have a password set by the customer. Unauthorized use of cards can be effectively prevented. That is, in this authentication service system, a password irrelevant to personal information is unilaterally sent from the bank server 10 to the mobile phone 31, so that unauthorized use is prevented unless both the cash card 40 and the mobile phone 31 are available. It can't happen.

  At present, measures are taken to strengthen password security measures such as avoiding easy-to-understand passwords such as date of birth, and changing the password from time to time by the user. It is premised on awareness and self-help efforts. In contrast, in this authentication service system, the bank server 10 sends a password unrelated to the customer's personal information to the customer, so that the user is not burdened with re-registration of the password. Changing the password by the user eventually leads to memorizing the new password, and in fact it is never easy. That is why users tend to set passwords that are easy to understand, such as date of birth. In this authentication service system, since the bank server 10 issues a password on behalf of the user, it is possible to improve security and prevent unauthorized use without burden on the user.

  Furthermore, this authentication service system has a remarkable effect that it can be implemented without changing existing hardware equipment such as an ATM terminal. Since there is no change in the existing hardware equipment, in addition to being able to be implemented at a very low cost, there is an effect that can be implemented immediately. In addition, the effect is great in that the application target such as the type of bank / store and the type of ATM terminal is not selected. The above-mentioned low cost, easy introduction, and versatility can all lead to prompt implementation, and effective illegal use prevention can be achieved.

  In addition, the server of this invention is not limited to the above-mentioned embodiment, Of course, various changes can be added within the range which does not deviate from the summary of this invention. For example, although it is a bank server, it is not limited to a bank server as long as it is a server that issues a password. Further, although the mobile terminal is a mobile phone, the present invention is not limited to a mobile phone, and can be applied to an apparatus having an information device function or a combination thereof.

  In the present embodiment, an example in which a password is transmitted by e-mail has been described. However, any means may be used as a notification means for sending the generated password to the person. For example, the password may be transmitted from the bank server by voice. In this case, it is preferable to combine the answering function. Furthermore, the method is not limited to the mobile phone network 20 and may be a method of providing a password to other notification means, for example, a mobile terminal connected via the Internet. Further, the type of password and the timing of sending it out may be anything.

  In addition, the types of processing units and the like, the types and formats of databases, and the like constituting the server and the mobile phone are not limited to the above-described embodiments.

  In the present embodiment, the name bank server is used, but a server, a server system, an authentication method, or the like may be used. Similarly, the server may be a server such as a credit company other than a bank. The ATM terminal may be any general terminal that uses a password, such as a store terminal for a debit card and a cash lending machine of a loan company.

  The server of the present invention is also realized by a program for causing a computer to function as the server. This program may be stored in a computer-readable recording medium.

  The recording medium on which this program is recorded may be the ROM itself of the bank server 10 shown in FIG. 1, or a program reading device such as a CD-ROM drive is provided as an external storage device. It may be a CD-ROM or the like that can be read by inserting.

  The recording medium may be a magnetic tape, a cassette tape, a flexible disk, a hard disk, an MO / MD / DVD, or a semiconductor memory.

  The present invention can be used as an authentication technique for a bank server. It is also suitable for application to an authentication management server system such as a financial institution.

It is a figure which shows the structure of the authentication service system using the server by one embodiment of this invention. It is a flowchart explaining the password issuing operation | movement of the authentication service server in this Embodiment. It is a flowchart explaining the password issuing request | requirement of the mobile telephone in this Embodiment, and the password issuing operation | movement of a bank server. It is a figure which shows the display screen of the mobile telephone in embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Bank server 11 Authentication service server 12 Authentication customer database 13 ID management database 14 Dedicated communication network 15 ATM terminal 20 Mobile phone network 21 Telephone network 22 Switching office 23 Radio station 31 Mobile phone (mobile terminal)
32 Input unit 33 Display unit 33A Display screen

Claims (5)

A customer database for authentication in which a customer is registered in association with a communication device possessed by the customer;
Password generating means for generating a password for verifying the identity of the customer registered in the customer database for authentication;
A server comprising: a notification unit configured to transmit a password generated by the password generation unit with reference to the authentication customer database to the communication device associated with the customer.   The server according to claim 1, wherein the password generation unit generates a password having a validity period, and the communication unit transmits the validity period together with the password.   3. The server according to claim 1, wherein the notifying unit also transmits a previously transmitted password together with a new password.   The server according to claim 1, wherein the notification unit transmits the password in response to reception of a password issuance request. Computer
A customer database for authentication in which a customer and a communication device possessed by the customer are associated and registered; password generation means for generating a password for identifying the customer registered in the customer database for authentication; and the customer for authentication A program for functioning as a server, comprising: a notification unit that refers to a database and transmits a password generated by the password generation unit to the communication device associated with the customer.

Images