JP2006293454A - Personal identification method and system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a personal identification method and system for suppressing the use of any stolen card or altered card without making it necessary to sharply change an existing system, and for enhancing the safety of the financial transaction of a user. <P>SOLUTION: The personal identification method comprises an information input step for entering information constituted of digits or characters by an information input means 13, an information discrimination step for discriminating whether or not input information input by the information input step is matched with registration information preliminarily registered in a registration information database 3 and a predetermined processing step for performing predetermined processing according to the result of the information discrimination step. Principal specific information being information showing that a user is the user himself(herself) and pseudo information being information showing that the user is not the user himself(herself) exist in the registration information. In the predetermined processing step, various different pieces of processing are executed according to such a case that the input information is the principal specific information, such a case that the input information is the pseudo information and such a case that the input information is neither the principal specific information or the pseudo information. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a personal authentication method and a personal authentication system, and more particularly to a personal authentication method and a personal authentication system for authenticating a user from input of information using numbers or characters.

  2. Description of the Related Art Conventionally, a lot of money transactions such as deposits, deposits, and financial settlements have been performed using cash cards and credit cards (hereinafter referred to as “financial cards”) such as banks. However, in recent years, crimes such as theft of financial cards or counterfeiting of financial cards to illegally acquire money or perform financial settlement have frequently occurred.

  One of the causes of these crimes is that most of the financial cards authenticate users by entering a 4-digit password, and the date of birth or phone number is included in the password of the card. It is mentioned that there are many cases where specific information related to the user is used.

  As these countermeasures, methods for improving the accuracy of user authentication using physical features such as a user's fingerprint, palm vein, and face have been proposed and implemented. However, the method of using these physical features cannot be used by the existing system, it is necessary to introduce a new automatic teller machine (ATM), and there is a drawback that a large cost is involved in constructing the system. There is.

In addition, as shown in Patent Document 1, a plurality of pre-registered image data and a plurality of other image data similar to the image data are mixed and displayed instead of the password, and the displayed image data A method of authenticating a user by a method of selecting registered image data from among them has also been proposed. In such a new method, since the information to be used is diversified, the possibility of being stolen by another person is reduced, but on the other hand, the user himself / herself is troublesome to store the identification information of the person, and the system is complicated, There were problems such as increased cost burden.
JP 2002-189967 A

  The problem to be solved by the present invention is an individual who solves the above-mentioned problems, suppresses the use of theft cards and counterfeit cards without significantly changing the existing system, and increases the safety of the user's financial transaction. An authentication method and a personal authentication system are provided.

  In order to solve the above problems, in the invention according to claim 1, in the personal authentication method for authenticating the user, an information input step of inputting information by numbers or characters by the information input means, and the information input step An information determination step for comparing the input information input with the registration information registered in advance in the registration information database and determining whether the input information matches the registration information; and A predetermined processing step for performing a predetermined process according to the result, and the registration information includes identification information that is information indicating the identity of the user and pseudo information that is information indicating that the user is not the identity of the user. In the predetermined processing step, the input information is the person identification information, the input information is the pseudo information, and the input information is the person identification information or Separately if not one of the pseudo-information, characterized in that perform different processing.

In the invention according to claim 2, in the personal authentication method according to claim 1, before the information input step, a financial card in which an identification code given to each user is recorded, and the identification code of the card And an identification code reading means for reading the identification code of the card.
The “financial card” in the present invention is not limited to a cash card or a credit card, but includes various cards issued for specifying a user, such as a department store or a supermarket, in particular, for specifying a user on the card. If identification information for identifying the person such as a personal identification number or the like is input, it is included in the technical scope of the present invention.

  According to a third aspect of the present invention, in the personal authentication method according to the second aspect, the identification code reading means is combined with a card collecting means for collecting the card, and the input information in the predetermined processing step is the pseudo information. The process in the case of information is a process for operating the card collecting means.

  According to a fourth aspect of the present invention, in the personal authentication method according to any one of the first to third aspects of the present invention, the personal authentication method further comprises a photographing unit that photographs the user beside the information input unit, and the input in the predetermined processing step The process when the information is the pseudo information is a process for operating the photographing unit.

  According to a fifth aspect of the present invention, in the personal authentication method according to any one of the first to fourth aspects, the processing when the input information in the predetermined processing step is the pseudo information is performed by a pre-registered institution or It is characterized in that a notification process is performed on a contact registered in the registration information database.

  In the invention which concerns on Claim 6, the information input means which inputs the information by a number or a character, the registration information database which accumulate | stored the registration information registered beforehand, the input information input from this information input means, and this registration information In the personal authentication system having the information processing device that compares the information, the registration information includes identification information that is information indicating the identity of the user and pseudo information that is information that is not the identity of the user. In the information processing apparatus, the input information is the identification information, the input information is the pseudo information, and the input information is either the identification information or the pseudo information. It is characterized in that different processing is performed for each case.

  The invention according to claim 7 is the personal authentication system according to claim 6, further comprising an identification code reading means for reading the identification code of the financial card on which the identification code given to each user is recorded. To do.

  The invention according to claim 8 is the personal authentication system according to claim 7, characterized in that the identification code reading means is combined with a card collecting means for collecting the card.

  The invention according to claim 9 is characterized in that the personal authentication system according to any one of claims 6 to 8 is provided with photographing means for photographing a user beside the information input means.

  According to a tenth aspect of the present invention, in the personal authentication system according to any one of the sixth to ninth aspects, the information processing apparatus reports to a pre-registered institution or a contact address registered in the registered information database. Means is provided for performing processing.

According to the first aspect of the present invention, in the personal authentication method for authenticating a user, an information input step of inputting information by numbers or characters by an information input means, input information input by the information input step, An information determination step for comparing registration information registered in advance in the registration information database to determine whether or not the input information matches the registration information, and performing predetermined processing based on the result of the information determination step The registration information includes identity specifying information that is information indicating the identity of the user and pseudo information that is information that is not the identity of the user. In the processing step, the input information is the identification information, the input information is the pseudo information, and the input information is either the identification information or the pseudo information. In order to perform different processing for each case, it is possible to determine the user who has input the pseudo information as an unauthorized user just by registering the pseudo information in addition to the user identification information in advance, and to deal with the unauthorized user. It is possible to perform appropriate processing.
Moreover, such pseudo information can be incorporated into the existing system in the same manner as the person identification information, and it is not necessary to significantly change the existing system.

According to the invention of claim 2, before the information input step, the financial card in which the identification code given to each user is recorded, and the identification code reading means for reading the identification code of the card, Since the identification code reading step for reading the identification code is provided, the user of the financial card can be easily identified by the identification code, and it is possible to easily determine whether the user is a legitimate user by the subsequent information input step. It becomes.
In addition, since a financial card is used to identify the person, an unauthorized user who uses a stolen card or counterfeit card related to a cash card, etc., is illegal if the financial card is combined with pseudo information. Use is restrained, and it is possible to increase the safety of financial transactions of legitimate users.

  According to the invention of claim 3, the processing when the identification code reading means is combined with the card collecting means for collecting the financial card, and the input information in the predetermined processing step is pseudo information, operates the card collecting means. Since this processing is performed, when the fraudulent user of the financial card inputs pseudo information, the card is collected by the card collecting means provided together with the identification code reading means. Use can be prevented.

  According to a fourth aspect of the present invention, there is provided a photographing means for photographing a user beside the information input means, and the processing when the input information in the predetermined processing step is pseudo information is processing for operating the photographing means. For this reason, it is possible to take an image of an unauthorized user who has input pseudo information, and to easily find an unauthorized user in the police or the like.

  According to the fifth aspect of the present invention, the process in the case where the input information in the predetermined processing step is pseudo information is performed by performing notification processing to a pre-registered institution or contact information registered in the registration information database. Phone, fax, e-mail, etc. to related institutions such as banks and police, or to the phone of authorized users of financial cards registered in the registration information database. It becomes possible to report the situation promptly.

According to the invention of claim 6, information input means for inputting information by numbers or characters, a registration information database storing registration information registered in advance, input information input from the information input means, and the registration information In the personal authentication system having the information processing device that compares the information, the registration information includes identification information that is information indicating the identity of the user and pseudo information that is information that is not the identity of the user. In the information processing apparatus, the input information is the identification information, the input information is the pseudo information, and the input information is either the identification information or the pseudo information. In order to perform different processing for each case, the user who entered the pseudo-information is regarded as an unauthorized user just by registering the pseudo-information in addition to the personal identification information in advance, as in claim 1. Can be determined, it becomes possible to perform appropriate processing corresponding to said non positive user.
Moreover, such pseudo information can be incorporated into the existing system in the same manner as the person identification information, and it is not necessary to significantly change the existing system.

Since the invention according to claim 7 is provided with the identification code reading means for reading the identification code of the financial card in which the identification code given to each user is recorded, the use of using the financial card as in claim 2 The user can be easily identified by the identification code, and it is possible to easily determine whether or not the user is an authorized user through the subsequent information input step.
In addition, since a financial card is used to identify the person, an unauthorized user who uses a stolen card or counterfeit card related to a cash card, etc., is illegal if the financial card is combined with pseudo information. Use is restrained, and it is possible to increase the safety of financial transactions of legitimate users.

  According to the invention of claim 8, since the identification code reading means is combined with the card collecting means for collecting the financial card, as in the case of claim 3, when an unauthorized user of the financial card inputs pseudo information Since the card is collected by the card collecting means provided together with the identification code reading means, the unauthorized use of the card thereafter can be prevented.

  According to the invention according to claim 9, since the photographing means for photographing the user is provided beside the information input means, the unauthorized user who inputted the pseudo information is photographed and illegal use in the police etc. as in the case of claim 4. Can be easily discovered.

  According to the invention of claim 10, since the information processing apparatus includes a means for performing a notification process on a pre-registered institution or a contact information registered in the registration information database, If there is an illegal act of entering information, call / fax / e-mail to the bank, police and other related organizations, and the telephone of a legitimate user of the financial card registered in the registration information database. It becomes possible to report the situation promptly.

The personal authentication method and personal authentication system according to the present invention will be described in detail below. In the following, a system using a bank cash card will be mainly described. However, the present invention is not limited to this, and it is needless to say that the present invention can be widely applied to systems that require personal authentication.
FIG. 1 is a schematic diagram of a personal authentication system according to the present invention.
The personal authentication system includes an input / output terminal 1 operated by a user, an information processing apparatus 2 that operates the entire system, and a registration information database 3 that stores personal information.

  The input / output terminal 1, the information processing device 2, and the registration information database 3 are configured as separate devices and are connected to each other by an electric communication line. Further, if necessary, the input / output terminal 1 and the information processing apparatus 2 or the information processing apparatus 2 and the registration information database 3 can be integrated into one apparatus.

  The input / output terminal 1 has a card reader (identification code reading means) 11 for reading an identification code recorded on a financial card such as a cash card such as a bank ATM. In the present invention, the identification code is code data for specifying a user assigned to each user. As in the past, a magnetic card or IC chip may be incorporated into a business card size card and the identification code may be recorded. However, the present invention is not limited to such a card, and for example, the identification code is recorded on a mobile phone. It is also possible to perform a two-way communication between the mobile phone and the input / output terminal 1 and read the identification code. Furthermore, it is also possible to use a bar code printed on the paper and input it as an identification code. Moreover, it can also comprise so that a user may input an identification code directly as needed.

Further, the input / output terminal 1 is provided with information input means 13 for inputting information by numbers or characters (alphabet, katakana, etc.). The information input means is not limited to a key input means such as a numeric keypad or alphabet keys, but a multifunctional input means such as a touch-type display panel can also be employed.
In the present invention, the information input means 13 need only have a function of inputting personal identification information such as a personal identification number for determining whether or not the user is a legitimate user, and other functions are arbitrarily added. Is possible. As the personal identification number, which is the personal identification information according to the present invention, even a four-digit numeric array used in the current bank ATMs functions sufficiently without problems. Rather, it is most effective to use a four-digit number to minimize changes from the current system.

  In addition, the input / output terminal 1 preferably includes various means for coping with unauthorized use of the financial card. Specifically, the card collection means 12 for collecting a fraudulently used financial card, the photographing means 10 such as a camera for photographing a fraudulent user, and a device for generating alarms and sounds such as alarms (not shown) ), An emergency contact telephone (not shown), etc. can be provided integrally with the input / output terminal 1.

Next, the information processing apparatus 2 will be described.
The information processing apparatus 2 incorporates a computer that operates in accordance with a processing flow to be described later. Based on information stored in the registration information database, an identification code received from the input / output terminal 1 and information input by the user (password) Number, etc.), various processes are performed.

  The registration information database 3 stores various data for each user as shown in FIG. “Card No.” is data corresponding to an identification code for specifying a user, such as an account number written on a cash card. The identification code is information composed of a combination of numbers or characters. The “user name” is the name of the user to whom the identification code is assigned and is not necessarily required information in the present invention, but when managing data for each user, the data is printed. Or when displaying an image, it becomes useful information for grasping the user more accurately. Naturally, “address” information can be stored in addition to “user name” as necessary.

  The “password” is personal identification information for confirming that the user of the financial card is an authorized user, and is composed of a series of numbers consisting of numbers or letters. The personal identification number is basically one number from the viewpoint of safety, but a plurality of personal identification numbers may be provided as necessary.

  The “pseudo number” that is pseudo information is a configuration that characterizes the present invention, and is an arbitrary number such as a number that can be easily stolen or guessed by others, for example, a birth date, a telephone number, or a serial number such as 1234. It is possible to set. The pseudo number need not be a single number like a personal identification number, and providing a plurality of numbers is more effective in finding unauthorized users.

  “Telephone number” is not always necessary information, but when an unauthorized user is found, it will promptly notify the authorized user of the financial card that the card has been illegally used. In this case, the information functions effectively.

Next, a processing flow performed mainly on the information processing apparatus 2 will be described with reference to FIG.
“Card insertion” (a) and “card identification code reading” (b) correspond to “identification code reading step” according to the present invention. Of course, when the card is not used, the “insert card” (a) is omitted or replaced by another procedure.
“Card insertion” (a) is an action that is first performed by the user of the financial card in the input / output terminal 1, and when the card is inserted, the personal authentication system according to the present invention starts to operate. Of course, it is also possible to add a step for the user to select the form of transaction, as used in current ATMs, prior to card insertion.

In “Reading card identification code” (b), the identification code written on the financial card inserted in the input / output terminal 1 is read. The data of the identification code is transmitted from the input / output terminal 1 to the information processing device 2, and the information processing device 2 determines whether or not the corresponding identification code exists in the “card No.” column of the registration information database. If it exists, the next process, “password input request” (c), is made to the input / output terminal 1.
In addition, following the reading of the identification code in the input / output terminal 1, it automatically performs a “password input request” (c), and then sets the input “password” and the previous identification code, It is also possible to transmit the information to the information processing apparatus 2 so that the information processing apparatus 2 determines the presence / absence of the corresponding identification code and the match of the password.

The “password input request” (c) and “number input” (d) correspond to an “information input step” according to the present invention.
In the input / output terminal 1, after the “password input request” (c) is made, the user performs “number input” (d) using the information input means 13.
The input number is transmitted to the information processing apparatus 2 and collated with the “password” and “pseudo number” stored in the registration information database 3.

Each determination process described in e to g corresponds to an “information determination step” according to the present invention, and h to j corresponding to the determination result correspond to a “predetermined process step” according to the present invention. .
If it matches with the “password” (e), the information processing apparatus 2 determines that the current user is a legitimate user, and the input / output terminal 1 performs subsequent withdrawal and transfer of deposits, etc. It is permitted to execute the regular process (h) that can be operated with.
When the information matches the “pseudo number” (f), the information processing apparatus 2 determines that the current user of the financial card is an unauthorized user, and promptly performs processing corresponding to the unauthorized user ( i).

As processing corresponding to an unauthorized user, the card collecting means 12 provided in the input / output terminal 1 is operated, the financial card taken into the card reader 11 is transferred to the card collecting means 12 as it is, and the card is sent to the user. There is a process to prevent it from being returned.
Further, in order to make it easy for the police to find an unauthorized user, it is possible to execute a process of photographing the user by the photographing means 10. The captured image data is transmitted to the information processing apparatus 2, stored in another data file not shown in FIG. 1, and output as necessary.

  Further, when the information processing apparatus 2 determines that the information is illegally used, the information processing apparatus 2 automatically calls a pre-registered police or financial institution, reproduces an automatic message, It is also possible to configure the message “There is unauthorized use at (location, machine number)”. The destination to be automatically notified is not limited to the police or the like, but may be the telephone number of the user registered in the registration information database. In addition to a telephone, it is possible to transmit a message using FAX or electronic mail.

  Furthermore, the input / output terminal 1 is equipped with a speaker, a telephone, etc., and it is possible to issue an alarm to an unauthorized user by an alarm or a telephone call. It is also possible to display a message such as “I found it” or a flashing alarm.

  Next, if the number entered in d does not match the "password" and "pseudo-number" (g), the number is entered again multiple times as is done in normal ATM. (J), for example, if it does not match the “password” even after a predetermined number of inputs such as 2 to 3 times, “judge as an unauthorized user” (i) is performed. If it matches the “password” within a predetermined number of times, “regular processing” (h) is executed.

  As described above, since the “pseudo number” to be determined as an unauthorized user is registered in advance, the unauthorized user cannot determine whether or not the number he / she obtained is a correct password. In the case of unauthorized use, since traces of unauthorized use such as card collection and user photographing are left, it is possible to suppress use of the card by unauthorized users. In addition, the system using the “pseudo number” according to the present invention can additionally register a number in the existing “password” system, and the process when the pseudo number is input is performed a predetermined number of times in the past. It is possible to construct a system easily by using an illegal process when an incorrect “password” is input over time, and it is also an extremely low-cost personal authentication system.

  As described above, according to the present invention, a personal authentication method and an individual that suppress the use of a stolen card or a forged card and improve the safety of a user's financial transaction without significantly changing an existing system. An authentication system can be provided.

1 shows a schematic diagram of a personal authentication system according to the present invention. FIG. It is a figure which shows the mode of data in the registration information database which concerns on this invention. It is a figure which shows the processing flow of the personal authentication method which concerns on this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Input / output terminal 2 Information processing apparatus 3 Registration information database 10 Image | photographing means 11 Card reader (identification code reading means)
12 Card collection means 13 Information input means

Claims (10)

In the personal authentication method for user authentication,
An information input step of inputting information by numbers or characters by an information input means;
An information determination step for comparing the input information input in the information input step with the registration information registered in advance in the registration information database and determining whether the input information matches the registration information;
A predetermined processing step for performing a predetermined processing according to a result of the information determination step,
In the registration information, there is personal identification information which is information indicating the identity of the user, and pseudo information which is information indicating that the identity is not the user.
The predetermined processing step is divided into a case where the input information is the person identification information, a case where the input information is the pseudo information, and a case where the input information is neither the person identification information nor the pseudo information. A personal authentication method characterized by performing different processes.   2. The personal authentication method according to claim 1, wherein, before the information input step, a financial card in which an identification code assigned to each user is recorded, and an identification code reading means for reading the identification code of the card. And an identification code reading step of reading the identification code of the card.   The personal authentication method according to claim 2, wherein the identification code reading means is combined with a card collecting means for collecting the card, and the input information in the predetermined processing step is the pseudo information, A personal authentication method, which is a process for operating the card collecting means.   The personal authentication method according to any one of claims 1 to 3, further comprising photographing means for photographing a user beside the information input means, wherein the input information in the predetermined processing step is the pseudo information. Is a process for operating the photographing means.   5. The personal authentication method according to claim 1, wherein the processing when the input information in the predetermined processing step is the pseudo information is registered in a pre-registered institution or the registration information database. A personal authentication method characterized in that a notification process is performed for a contact person who is present. Information input means for inputting information by numbers or characters, a registration information database storing registration information registered in advance, and an information processing apparatus for comparing the input information input from the information input means with the registration information In a personal authentication system having
The registration information includes identification information that is information indicating the identity of the user, and pseudo information that is information indicating that the identity is not the user.
In the information processing apparatus, the input information is the identification information, the input information is the pseudo information, and the input information is neither the identification information nor the pseudo information. A personal authentication system that performs different processes.   7. The personal authentication system according to claim 6, further comprising identification code reading means for reading the identification code of a financial card in which an identification code assigned to each user is recorded.   8. The personal authentication system according to claim 7, wherein the identification code reading means is combined with a card collecting means for collecting the card.   9. The personal authentication system according to claim 6, further comprising a photographing means for photographing a user beside the information input means. 10. The personal authentication system according to any one of claims 6 to 9, wherein the information processing apparatus includes means for performing a notification process on a pre-registered institution or a contact registered in the registration information database. A personal authentication system characterized by that.

Images