JP2015170316A - Information processor, information processing method, information processing program and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information processor capable of improving the security in authentication processing.SOLUTION: The information processor includes: a display section that displays a screen including an input area for inputting a piece of authentication information used for authentication processing; a determination section that determines whether or not at least a part of the screen is covered; and an indication section that, when the determination section determines that at least a part of the screen is covered, indicates a piece of alarm information based on the determination result made by the determination section.

Description

  The present invention relates to an information processing apparatus, an information processing method, an information processing program, and a recording medium. For example, the present invention relates to an information processing apparatus used for performing settlement or commercial transactions.

  In a credit transaction using a credit card or the like, the security of the transaction is ensured by confirming whether the owner of the person performing the transaction and the credit card used for the transaction are the same person (identity confirmation). The identity verification is performed by, for example, comparing a customer's signature (signature) on a transaction slip printed with transaction details output at the time of transaction processing, and a store clerk visually checking the signature and the signature written on the credit card. Is done.

  Conventionally, in order to ensure the security of transactions, a mobile device having “tamper resistance” has been proposed (see, for example, Patent Document 1). “Tamper resistance” refers to resistance to an attack that attempts to steal information from a terminal. By providing tamper resistance, for example, customer information can be protected and transactions can be made safe. In the mobile device of Patent Document 1, a secure part (a part having tamper resistance) related to authentication information of a card used for settlement is separated from a non-secure part (general-purpose part).

US Patent Application Publication No. 2010/0145854

  In the mobile device of Patent Document 1, security is not sufficiently ensured in authentication processing such as identity verification.

  The present invention has been made in view of the above circumstances, and provides an information processing apparatus, an information processing method, an information processing program, and a recording medium that can improve security in authentication processing.

  An information processing apparatus according to the present invention includes a display unit that displays a screen including an input area for inputting authentication information used for authentication processing, and a determination unit that determines whether at least a part of the screen is covered And a presentation unit that presents warning information based on a determination result by the determination unit when the determination unit determines that at least a part of the screen is covered.

  An information processing method according to the present invention is an information processing method in an information processing apparatus, the step of displaying a screen including an input area for inputting authentication information used for authentication processing, and at least a part of the screen covering. And determining whether or not at least a part of the screen is covered, and presenting warning information based on the determination result.

  An information processing program of the present invention is an information processing program for executing each step in the information processing method.

  The recording medium of the present invention is a computer-readable recording medium on which the information processing program is recorded.

  According to the present invention, security in authentication processing can be improved.

(A) Front external view showing an example of a payment terminal device in the first embodiment, (b) Side external view showing an example of a payment terminal device in the first embodiment. The block diagram which shows the structural example of the payment terminal device in 1st Embodiment. The flowchart which shows an example of the payment processing flow by the payment terminal device in 1st Embodiment. The flowchart which shows the operation example in PIN input by the payment terminal device in 1st Embodiment. The flowchart which shows the operation example in the signature input by the payment terminal device in 1st Embodiment. The flowchart which shows the 1st operation example in the cover detection by the payment terminal device in 1st Embodiment. The flowchart which shows the 2nd operation example in the cover detection by the payment terminal device in 1st Embodiment. Front external view showing an example of a payment terminal device when the cover sensor in the first embodiment is a reflection type optical sensor; Front external view showing an example of a payment terminal device when the cover sensor in the first embodiment is a pyroelectric sensor, The front external view which shows an example of the payment terminal device in case the cover sensor in 1st Embodiment is an ultrasonic sensor, The front external view which shows an example of the payment terminal device in case the cover sensor in 1st Embodiment is a camera, Front external view showing an example of a payment terminal device according to the second embodiment The block diagram which shows the structural example of the payment terminal device in 2nd Embodiment. The flowchart which shows the operation example in PIN input by the payment terminal device in 2nd Embodiment Front external view showing an example of a payment terminal device according to the third embodiment The block diagram which shows the structural example of the payment terminal device in 3rd Embodiment. The schematic diagram which shows an example of the connection state by each switch of the switch part in 3rd Embodiment The flowchart which shows the operation example in PIN input by the payment terminal device in 2nd Embodiment

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

(Background to obtaining one embodiment of the present invention)
In the mobile device of Patent Document 1, security is secured for a secure part, but security may be insufficient for a non-secure part. For example, when an unauthorized application is installed in a non-secure part or a virus infection occurs, an input area for entering authentication information (for example, PIN, signature) for identification is illegally hidden, Another incorrect input area may be displayed. In this case, there is a possibility that the authentication information is taken by phishing or the like when the user of the mobile device inputs the authentication information in an unauthorized input area. Therefore, it is desirable that the user can perform authentication processing, settlement processing, etc. with peace of mind even when the mobile device has a non-secure portion.

  Hereinafter, an information processing apparatus, an information processing method, an information processing program, and a recording medium that can improve security in authentication processing will be described.

  In the following embodiments, a payment terminal device is exemplified as the information processing device. An information processing device other than the payment terminal device may be used, and widely includes information processing devices that perform authentication processing using authentication information.

(First embodiment)
FIG. 1A is a front external view showing a configuration example of the settlement terminal device 1 in the first embodiment. FIG. 1B is a side external view showing an example of the payment terminal device 1.

  The settlement terminal device 1 is portable and includes a non-secure area 2 and a secure area 3. “Secure” means having tamper resistance. “Non-secure” means that tamper resistance is not provided. “Tamper resistance” refers to resistance to an attack that attempts to steal information from a terminal. By having tamper resistance, for example, customer information can be protected in a settlement process, and transactions can be performed safely.

  The settlement terminal device 1 includes a slit 5 on the upper side surface 6 of the non-secure area 2. The upper side surface 6 of the non-secure region 2 is a surface on the end side on the Y axis negative side of the non-secure region 2 in FIG. The slit 5 serves as a path for reading the magnetic stripe of the magnetic card by sliding the magnetic card. The slit 5 may not be provided in the non-secure area 2 but may be provided in the secure area 3.

  The settlement terminal device 1 includes two touch input detection units and a display unit, that is, two touch panels. Specifically, the first touch panel 10 is provided on the front surface 9 (Z-axis negative side surface) of the non-secure area 2, and the front surface 11 (Z-axis negative side surface) of the secure area 3 is provided with the first touch panel 10. Two touch panels 12 are provided.

  The settlement terminal device 1 exemplifies that the non-secure area 2 and the secure area 3 are provided in the same casing, but the non-secure area 2 and the secure area 3 are provided in separate casings. The housing may be configured to be connectable.

  FIG. 2 is a block diagram illustrating a configuration example of the payment terminal device 1.

  The settlement terminal device 1 includes a non-secure area 2 and a secure area 3. In the non-secure area 2, a first CPU (Central Processing Unit) 21, a local wireless communication unit 22, a wide area wireless communication unit 24, a first display unit 29, and a first touch input detection unit 30 are provided. The non-secure area 2 includes a first flash ROM (Read Only Memory) 32, a first RAM (Random Access Memory) 33, a key input unit 34, a magnetic card reader unit 35, and a first IF (Interface). ) Part 40 is provided.

  In the non-secure area 2, various components are connected to the first CPU 21. The first CPU 21 supervises the entire components in the non-secure area 2. For example, the first CPU 21 performs various controls, processes, settings, determinations, and the like by executing a program stored in the first flash ROM 32.

  The local wireless communication unit 22 is connected to the local wireless communication antenna 23 and has a function of performing, for example, wireless LAN communication using a local wireless communication path (not shown). The local wireless communication unit 22 may perform communication other than wireless LAN communication (for example, Bluetooth (registered trademark) communication).

  The wide area wireless communication unit 24 is connected to the wide area wireless communication antenna 25 and has a function of communicating via a wide area wireless communication path (not shown) (for example, a WAN (Wide Area Network)). Communication in a wide area wireless communication path is performed using, for example, a wireless telephone line (mobile telephone line such as FOMA (Freedom Of Mobile multimedia Access), CDMA (Code Division Multiple Access) 2000, LTE (Long Term Evolution). Also good.

  The first display unit 29 has a function of controlling the display of the first touch panel 10 (see FIG. 1A). The first touch input detection unit 30 has a function of detecting a touch input to the first touch panel 10.

  The first flash ROM 32 has a function of storing various data. The stored data may be business-related data or a program for controlling the settlement terminal device 1 (for example, the non-secure area 2). Therefore, the first flash ROM 32 is an example of a recording medium for recording the information processing program.

  For example, the first RAM 33 temporarily stores processing data generated in the middle of the arithmetic processing in the arithmetic processing accompanying the operation of the payment terminal device 1 (for example, a component in the non-secure area 2). This is the memory used.

  For example, the key input unit 34 has a function of accepting an input from the input key 13 arranged in the non-secure area (not shown in FIG. 1A). The magnetic card reader unit 35 is disposed inside the slit 5 in FIG. 1B and has a function of reading the magnetic stripe of the magnetic card.

  The non-secure area 2 and the secure area 3 are connected to each other via the first IF section 40 and the second IF section 41 provided in the secure area 3, and various data and commands are exchanged. The first IF unit 40 and the second IF unit 41 can be coupled to each other.

  The secure area 3 includes a second IF unit 41, a second CPU 42, a tamper detection unit 43, a cover detection unit 44, a second display unit 45, a second touch input detection unit 46, a second flash ROM 47, A second RAM 48 and a power supply unit 50 are provided.

  In the secure area 3, various components are connected to the second CPU 42. The second CPU 42 supervises all the components in the secure area 3. For example, the second CPU 42 executes a program stored in the second flash ROM 47 to perform various controls, processes, settings, determinations, determinations, confirmations, authentications, verifications (for example, verification of PINs and signatures). I do.

  For example, the second CPU 42 has a function as a determination unit that determines whether at least a part of the second touch panel 12 is covered based on the detection result by the cover detection unit 44.

  The tamper detection unit 43 monitors the secure area 3 and detects, for example, decomposition, destruction, or opening in the secure area 3. That is, the tamper detection unit 43 detects whether there is an abnormality in the secure area 3. When the above event is detected by the tamper detection unit 43, the second CPU 42 stops the settlement process. Then, the second CPU 42 erases, for example, information relating to payment (such as card information and its PIN number, information relating to the connection destination) stored in the second flash ROM 47 and temporarily stored in the second RAM 48. To do. At that time, the second CPU 42 may notify that there is an abnormality in the secure area 3 by using the second display unit 45 or the like.

  The cover detection unit 44 includes a cover sensor 44s, and is near the screen of the second touch panel 12 (for example, on the screen of the second touch panel 12 or at a predetermined height from the screen (the height on the Z-axis negative side)). Detect an object. A specific example of the cover detection unit 44 will be described later. The state (sensor information) detected by the cover detection unit 44 is sent to the first CPU 21. The first CPU 21 determines whether a part or all of the second touch panel 12 is covered with a cover (shielding object) according to the detection result by the cover detection unit 44. If the first CPU 21 determines that part or all of the second touch panel 12 is covered, the first CPU 21 may stop the settlement process. The cover detection unit 44 is an example of an object detection unit.

  The “cover” includes, for example, a physical cover for hiding the front surface (Z-axis negative side surface) of the second touch panel 12, and a malicious third party's hand or finger. A malicious third party is a person who attempts to take authentication information from a customer. For example, a malicious third party covers the front surface of the second touch panel 12 with a hand and uses the unauthorized input screen on the first touch panel 10 arranged in the non-secure area 2 to capture the authentication information. Even in this case, the cover detection unit 44 and the second CPU 42 can recognize the hands or fingers of a malicious third party. Similarly, the cover detection unit 44 and the second CPU 42 can recognize a cover that is illegally provided on the second touch panel 12. Therefore, it is possible to prevent the authentication information from being taken and improve security.

  The second display unit 45 has a function of controlling the display of the second touch panel 12 (see FIG. 1A). For example, the second display unit 45 displays a screen including an input area for inputting authentication information on the second touch panel 12. For example, the 2nd display part 45 has a function as a presentation part which presents a predetermined warning message. The warning message is an example of warning information based on a determination result of whether or not at least a part of the screen is covered. Instead of the second display unit 45, the presentation unit may be, for example, an audio output unit that generates a warning sound or a vibration unit that generates vibration.

  The second touch input detection unit 46 has a function of detecting a touch input to the second touch panel 12. For example, the second touch input detection unit 46 may detect an input to a pin pad (PINPAD) including a physical key or a soft key for inputting a PIN. The second touch input detection unit 46 may detect an input of a signature using, for example, a finger or a stylus pen. The second touch input detection unit 46 may detect the handwritten input of the PIN using, for example, a finger or a stylus pen. The second touch input detection unit 46 is an example of an input detection unit.

  The second flash ROM 47 has a function of storing various data. The stored data may be business-related data or a program for controlling the settlement terminal device 1 (for example, a component in the secure area 3). Therefore, the second flash ROM 47 is an example of a recording medium for recording the information processing program.

  The second RAM 48 is, for example, a memory used for temporarily storing processing data generated in the middle of the arithmetic processing during arithmetic processing accompanying the operation of the payment terminal device 1 (for example, the secure area 3). It is.

  The power supply unit 50 is a power source for the non-secure area 2 and the secure area 3, and receives power supply from the battery 51 to the non-secure area 2 and the secure area 3 (for example, the first CPU 21 and the second CPU 42). Supply power. The second CPU 42 can control the power supply unit 50 to supply power and stop power supply to some or all of the circuits arranged in the non-secure area 2 or the secure area 3.

  As described above, the payment terminal device 1 includes the non-secure area 2 and the secure area 3. Input and display of authentication information of a card used for settlement is performed on the second touch panel 12 in the secure area 3. Therefore, the payment terminal device 1 can input and display authentication information of a card used for payment, and can secure “tamper resistance”. A “secure” portion that requires “tamper resistance” is localized in the secure area 3. The authentication information includes, for example, a signature, PIN information, PIN handwritten information, fingerprint information, and other authentication information.

  On the other hand, in the non-secure area 2, for example, a general-purpose OS (operating system) included in information terminals (for example, smartphones and tablet terminals) distributed in large numbers for consumer use may be adopted as a software platform.

  Reuse of development software for application software for payment (hereinafter “payment application”) and application software (hereinafter “business application”) used for other business by adopting general-purpose OS in non-secure area 2 And diversion becomes easy. Further, the payment application and other business applications operate flexibly without stress by being processed by the first CPU 21 in the non-secure area 2 having a high arithmetic processing capability, for example.

  In addition, it is possible to suppress an increase in development cost and price of the payment terminal device 1 with various payment schemes.

  Next, an operation example of the payment terminal device 1 will be described.

  FIG. 3 is a flowchart showing an example of a payment processing flow by the payment terminal device 1. In the present embodiment, the settlement process refers to the entire process of the settlement process in FIG. 3 in a broad sense, and refers to the process in step S108 described below in a narrow sense. The broad settlement process includes an authentication process (steps S104 to S107, S110, and S111 described later) for confirming the validity of the card user (for example, a customer).

  The first CPU 21 starts a settlement procedure by executing a settlement application (not shown) installed in the non-secure area 2 (see FIG. 2). In the non-secure region 2, the first CPU 21 receives information related to payment (for example, amount information, payment method, card brand information used for payment) by inputting to the payment application or from the outside of the payment terminal device 1. Receive (step S101).

  When the first CPU 21 receives information related to payment, for example, as shown in FIG. 1A, the first CPU 21 performs processing and display for prompting a reading operation of a card used for payment in the non-secure area 2 (step S102). .

  Processing and display for prompting a reading operation of a card used for settlement is performed until it is confirmed that a card (for example, a magnetic card) has been read in the non-secure area 2 (“No” in step S103). . When it is confirmed that the card has been read (“Yes” in step S103), the first CPU 21 enters a card authentication procedure.

  The card authentication method is, for example, between the type of card used for payment, the card information, or a member store (credit card member store that handles credit card transactions) using the payment terminal device 1 and the payment center. Determined based on the contracts that are signed.

  If the authentication method is PIN (“PIN” in step S104), the second CPU 42 causes the second touch panel 12 to display the PIN input screen in the secure area 3 (step S105), and uses the card. Waiting for completion of PIN input by the person (customer) ("No" in step S106). The PIN input screen is a screen on which a PIN can be input. For example, the PIN input screen is displayed until it is confirmed that the input of the PIN is completed.

  When it is confirmed that the input of the PIN is completed (“Yes” in step S106), information on the input of the PIN is sent from the non-secure area 2 to the secure area 3. In the non-secure area 2, the first CPU 21 obtains a verification result as to whether or not the input PIN matches the PIN registered in the card used for payment or the PIN registered in the payment center. ("No" in step S107).

  If the collation result that these two PINs match is obtained (“Yes” in step S107), the first CPU 21 executes a settlement process in the non-secure area 2 (step S108). The settlement process includes, for example, communication with a settlement center. If a collation result indicating that these two PINs do not match is obtained (“No” in step S107), the settlement process is stopped (step S109).

  The PIN verification is performed at a settlement center, for example. The first CPU 21 of the payment terminal device 1 encrypts the PIN input in step S106, and transmits the encrypted PIN together with the card information to the payment center.

  The settlement center decrypts the PIN received from the settlement terminal device 1 and collates the decrypted PIN with the PIN managed in the settlement center. If these two PINs match and it is confirmed that there is no problem in dealing with the card having the card information transmitted together with the PIN (for example, not on the black list) (YES in step S107), the settlement center Credit is provided to the terminal device 1.

  The first CPU 21 of the payment terminal device 1 receives the credit from the payment center, performs sales processing as the subsequent payment processing (step S108), and ends the communication with the payment center. The first CPU 21 of the settlement terminal device 1 may transmit the sales process data to the settlement center after the completion of the sales process until the end of the communication with the settlement center. It may be performed later together with the sales processing data of the settlement.

  If the two PINs do not match (NO in step S107), the settlement center notifies the settlement terminal device 1 that the credit cannot be made. The first CPU 21 of the payment terminal device 1 receives the notification from the payment center, does not perform sales processing, and the payment is stopped (step S109).

  When the authentication method is PIN, the PIN verification may be performed between the first CPU 21 of the payment terminal device 1 and a credit card (not shown) read by the payment terminal device 1. The first CPU 21 of the settlement terminal device 1 indicates that the collation result that the PIN input in step S106 matches the PIN recorded in advance in a chip (not shown) in the credit card is in the credit card. If it is obtained from the chip (YES in step S107), the sales process as the subsequent settlement process is performed (step S108).

  The first CPU 21 of the settlement terminal device 1 may transmit the sales processing data to the settlement center immediately after the completion of the sales processing and before the communication with the settlement center is completed, It may be performed later together with the sales processing data. If a collation result indicating that the two PINs do not match is obtained (NO in step S107), the sales process by the first CPU 21 of the payment terminal device 1 is stopped and the payment is stopped (step S109).

  When the authentication method is based on a signature (“signature” in step S103), the second CPU 42 causes the second touch panel 12 to display a signature input screen in the secure area 3 (step S110), and The user waits for completion of signature input (“No” in step S111). The signature input screen is a screen on which a signature can be input. The signature input screen is displayed, for example, until it is confirmed that the signature input is completed. When it is confirmed that the input of the signature is completed (“Yes” in step S111), the first CPU 21 executes a settlement process in the non-secure area 2 (step S108).

  When the credit card authentication method is based on a signature in step S103 (step S103, signature), the first CPU 21 of the settlement terminal device 1 first performs a credit inquiry for payment, and notifies that the credit inquiry is successful ( In the case of receiving (credit), a screen on which a signature can be input may be displayed after sales processing is performed.

  The operation example shown in FIG. 3 is performed in cooperation with each component unit arranged in the non-secure area 2 and the secure area 3 in the payment terminal device 1. In FIG. 3, the payment application operates in the non-secure area 2. Display of information related to payment (for example, amount information, payment method, card brand information used for payment) or display prompting a card reading operation used for payment is performed in either the non-secure area 2 or the secure area 3. May be performed.

  On the other hand, the PIN input screen or the signature input screen is displayed by the second touch panel 12 arranged in the secure area 3. The PIN input screen or signature input screen is displayed by prompting the card reading operation for payment, and after the card used is read, the PIN or signature of the card user is displayed. This is done until input is complete.

  As described above, the payment terminal device 1 can input and display authentication information (for example, signature or PIN) of a card used for payment by a customer, and can also ensure “tamper resistance”. The application software for payment can operate flexibly without stress.

  FIG. 4 is a flowchart showing an operation example in PIN input by the payment terminal device 1.

  When it is time to enter a PIN in the settlement process, the second CPU 42 sets the cover detection valid flag to ON (step S201). The timing for performing the PIN input is, for example, when the PIN input is possible and immediately after the authentication method is determined in step S104 in FIG. The operation of the cover detection unit 44 is started by the process of S201.

  The cover detection valid flag is a flag indicating whether or not to operate the cover detection unit 44. When the cover detection flag is ON, it indicates that it is a timing for operating the cover detection unit 44, and when it is OFF, it indicates that it is a timing when the cover detection unit 44 is not operated. The cover detection flag is held in the second RAM 48, for example.

  Subsequently, the second CPU 42 instructs the second display unit 45 to display a PIN input prompt message on the second touch panel 12 (step S202). As the PIN input prompt message, for example, a message “Please enter your PIN” (see FIG. 10) is displayed.

  Subsequently, the second touch input detection unit 46 detects a PIN input to the second touch panel 12 (step S203). In the step S203, the second touch input detection unit 46 detects the input of the PIN, but this detection information is not notified to the second CPU 42.

  The second CPU 42 determines whether or not a PIN input of all digits is detected by the second touch input detection unit 46 (step S204). That is, the second CPU 42 determines whether or not the PIN input is completed. If the PIN input for all digits has not been completed (No in step S204), the process proceeds to step S203.

  When the PIN input for all digits is completed, the second CPU 42 sets the cover detection valid flag to OFF (step S205). As a result, the operation of the cover detection unit 44 is stopped.

  The second CPU 42 acquires information of the PIN detected by the input from the second touch input detection unit 46 (step S206). As will be described later, when the cover detection unit 44 detects that the second touch panel 12 is covered while the cover detection valid flag is ON, the process of step S206 is not performed, and the process of FIG. Ends.

  Upon acquiring the PIN information from the second touch input detection unit 46, the second CPU 42 may encrypt the PIN information (step S207). The PIN information is sent to, for example, a settlement center, and PIN verification processing is performed by the settlement sensor. By encrypting the PIN information, the PIN content can be concealed in the communication path with the settlement center, and the security can be improved.

  According to the operation example of FIG. 4, the cover detection unit 44 can detect the shielding object during the period when the PIN input is performed. When the shielding object is detected, for example, the second CPU 42 stops the settlement process, stops accepting the PIN input by the second touch panel 12, or deletes the input PIN, thereby authenticating the authentication information. Can be illegally taken away.

  FIG. 5 is a flowchart showing an operation example in signature input by the payment terminal device 1.

  When it is time to input a signature, the second CPU 42 sets the cover detection valid flag to ON (step S301). The timing for inputting the signature is, for example, when the signature can be input, and is the state immediately after the determination of the authentication method in step S104 in FIG. By the processing of S301, the operation of the cover detection unit 44 is started.

  Subsequently, the second CPU 42 instructs the second display unit 45 to display a signature input prompt message on the second touch panel 12 (step S302). As the signature input prompt message, for example, a message “Please enter a signature” is displayed.

  Subsequently, the second touch input detection unit 46 detects a signature input to the second touch panel 12 (step S303). In the step S303, the second touch input detection unit 46 detects the input of the signature, but this detection information is not notified to the second CPU 42.

  The second CPU 42 determines whether or not the signature is confirmed by the second touch input detection unit 46, for example, whether or not pressing of a “confirm” button (not shown) is detected on the signature input screen (step S304). That is, the second CPU 42 determines whether or not the signature input is completed. If the confirm button is not pressed (No in step S304), the process proceeds to step S303.

  When the confirmation button is pressed, the second CPU 42 sets the cover detection valid flag to OFF (step S305). As a result, the operation of the cover detection unit 44 is stopped.

  The second CPU 42 acquires information on the signature detected by the input from the second touch input detection unit 46 (step S306). As will be described later, when the cover detection unit 44 detects that the second touch panel 12 is covered during the period when the cover detection valid flag is ON, the process of step S306 is not performed, and the process of FIG. Ends.

  Upon acquiring the signature information from the second touch input detection unit 46, the second CPU 42 may encrypt the signature information (step S307). The signature information is sent to, for example, a settlement center, and signature verification processing is performed by the settlement sensor. By encrypting the signature information, the contents of the signature can be concealed in the communication path transmitted to the settlement center, and the security can be improved.

  According to the operation example of FIG. 5, the cover detection unit 44 can detect the cover by covering during the period when the signature is input. When the shielding object is detected, for example, the second CPU 42 stops the settlement process and restricts the input of the signature or restricts the transfer of the signature, thereby preventing the authentication information from being illegally taken. .

  FIG. 6 is a flowchart illustrating a first operation example in cover detection by the payment terminal device 1. The process of FIG. 6 is started when the cover detection valid flag is set to ON in FIG. 4 or FIG. In FIG. 6, it is assumed that the cover detection unit 44 detects whether or not the entire second touch panel 12 or most of the second touch panel 12 is covered with, for example, a malicious third party's hand, finger, or cover. To do.

  First, the second CPU 42 determines whether or not the cover detection valid flag is OFF (step S401). If the cover detection valid flag is OFF, for example, the authentication information input operation has ended, and it is not necessary to perform cover detection, so the processing in FIG. 6 ends.

  When the cover detection valid flag is ON, the cover detection unit 44 operates to start sensing (sensor input) for detecting an object (step S402). The details of the object detection method here will be described later, but differ depending on the type of the cover sensor 44s.

  The second CPU 42 acquires the detection information detected by the cover detection unit 44 from the cover detection unit 44, and the entire second touch panel 12 or most of the second touch panel 12 is covered with a shielding object based on the detection information. It is determined whether or not (step S403). The shield includes, for example, a cover, a human hand or a finger. When it is not covered by the shielding object (No in step S403), the process proceeds to step S401.

  When the second touch panel 12 is covered with a shield (Yes in step S403), the second CPU 42 instructs the second display unit 45 to display a warning message on the second touch panel 12. (Step S404). As the warning message, for example, a message “The input field of the personal identification number may be displayed illegally” is displayed. The warning message may be a warning sound emitted from a voice output unit or a vibration emitted from a vibration unit (not shown).

  After the process of step S404, for example, the payment terminal apparatus 1 may stop the payment process, or may abnormally end the process of FIG. 3 or the process of FIG. Thereby, it can suppress that authentication information is acquired illegally by a malicious third party.

  According to the operation example of FIG. 6, when the entire second touch panel 12 arranged in the secure area 3 or most of the second touch panel 12 is covered with a shielding object, it is difficult to input authentication information using the second touch panel 12. The second CPU 42 notifies the cardholder of the warning information. Therefore, for example, even when a cover is installed on the front surface of the second touch panel 12 that is difficult to visually recognize, the cardholder can recognize the occurrence of fraud and can refrain from inputting authentication information. Thereby, it is possible to prevent the authentication information from being taken by phishing or the like, and to improve the security in the authentication process.

  FIG. 7 is a flowchart showing a second operation example in the cover detection by the settlement terminal device 1. The process of FIG. 7 is started when the cover detection valid flag is set to ON in FIG. 4 or FIG. In FIG. 7, for example, it is assumed that the cover detection unit 44 detects a finger at the time of input by a card user. In FIG. 7, the same steps as those shown in FIG. 6 are denoted by the same step numbers, and description thereof is omitted or simplified.

  First, the settlement terminal device 1 performs the processes of steps S401 and S402. The second CPU 42 acquires information detected by the cover detection unit 44 from the cover detection unit 44 and determines whether or not a part of the second touch panel 12 is covered (step S501).

  In other words, the second CPU 42 of the payment terminal device 1 determines whether or not a human finger (card user's finger), a stylus pen, or the like exists somewhere near the second touch panel 12. At the time of this detection, the second CPU 42 of the payment terminal device 1 keeps an object (such as a human finger or a stylus pen) covering a part of the second touch panel 12 in the same area for a preset time or more. You may also determine whether it has not stayed. Furthermore, at the time of this detection, the second CPU 42 of the settlement terminal device 1 determines whether or not an object (for example, a human finger) covering a part of the second touch panel 12 matches the display position of the input information. This may be determined together.

  By performing the determination described above at the time of detection by the covering detection unit 44, the movement of the finger at the time of input is added as a material for determination. Therefore, the second CPU 42 of the payment terminal device 1 allows the card user to enter a secure area. It is possible to more accurately determine whether or not a personal identification number or the like is input at a certain legal position.

  When it is confirmed that part of the second touch panel 12 is covered and does not remain in the same area for a preset time or longer (No in step S501), the process proceeds to step S401. Otherwise, for example, when an object covering a part of the second touch panel 12 remains in the same area for a preset time or longer or is not detected (Yes in step S501), the payment terminal device 1 The second CPU 42 executes the process of step S404.

  After the process of step S404, for example, the payment terminal apparatus 1 may stop the payment process, or may abnormally end the process of FIG. 3 or the process of FIG. Thereby, it can suppress that authentication information is acquired illegally by a malicious third party.

  According to the operation example of FIG. 7, the settlement terminal device 1 determines that the authentication information is normally input when the second touch panel 12 arranged in the secure area 3 is covered with the finger of the card user, Warning information is not broadcast. On the other hand, if the card user's finger is not detected even when the cover detection valid flag is turned ON and the authentication information is input, the card use is displayed on the input screen that is illegally displayed on the first touch panel 10, for example. It can be determined that the user intends to input authentication information. In this case, the payment terminal device 1 notifies the card holder of the warning information. Therefore, the cardholder can recognize the occurrence of fraud and can refrain from inputting authentication information. Thereby, it is possible to prevent the authentication information from being taken by phishing or the like, and to improve the security in the authentication process.

  In addition to the above, the settlement terminal device 1 detects whether or not the entire second touch panel 12 described in FIG. 6 or most of the second touch panel 12 is covered, and the user's finger of the card described in FIG. The cover detection may be performed in combination with the input detection by. Thereby, the payment terminal device 1 can determine more accurately whether or not the card user has entered a password or the like at a valid position in the secure area.

  Next, a specific example of the cover sensor 44s in the cover detection unit 44 will be described.

  FIG. 1 illustrates the case where the cover sensor 44s is a beam sensor. As shown in FIG. 1A, the beam sensor includes one or more light projecting units 44a and one or more light receiving units 44b. Each light projecting unit 44 a and each light receiving unit 44 b are arranged to face each other with the second touch panel 12 interposed therebetween.

  Each light projecting unit 44a is fixed in the vicinity of the second touch panel 12 along one end of the second touch panel 12 (the end on the X-axis positive side and the Y-axis positive side in FIG. 1A). Arranged at an arbitrary interval. Each light receiving unit 44b is fixed in the vicinity of the second touch panel 12 along the other end of the second touch panel 12 (the end on the X-axis negative side and the Y-axis negative side in FIG. 1A). Arranged at an arbitrary interval.

  The beam sensor may detect a shield or an object to be detected (such as a human finger or a stylus pen) using a known technique. For example, the light projected by the light projecting unit 44a travels along the screen of the second touch panel 12 and is received by the light receiving unit 44b. The light receiving unit 44b has information on the light projected by the light projecting unit 44a. The light receiving unit 44b compares the received light with the light projected by the light projecting unit 44a, and detects a change in light due to light reflection, transmission, absorption, refraction, etc. on the front surface of the second touch panel 12. When the light changes, a detection signal is sent to the second CPU 42. When the second CPU 42 acquires the detection signal from the beam sensor, the second CPU 42 determines that the shielding object or the object to be detected is on the front surface of the second touch panel 12.

  Note that the second CPU 42 may estimate the position of the shielding object or the object to be detected on the second touch panel 12 together with the presence or absence of the shielding object or the object to be detected. For example, the second CPU 42 may determine that the entire second touch panel 12 is covered with a shielding object or an object to be detected when the detection signals are acquired from all the light receiving units 44b. For example, when a detection signal is acquired from a part of the light receiving units 44b, the position of the shielding object or the object to be detected may be determined according to the position of the light receiving unit 44b. For example, in FIG. 1A, when the light receiving units 44b1 and 44b2 receive the signal, it may be determined that there is a shielding object or an object to be detected in the vicinity of the region α.

  At the time of this detection, the second CPU 42 of the payment terminal device 1 keeps an object (such as a human finger or a stylus pen) covering a part of the second touch panel 12 in the same area for a preset time or more. You may also determine whether it has not stayed. Furthermore, at the time of this detection, the second CPU 42 of the settlement terminal device 1 determines whether or not an object (for example, a human finger) covering a part of the second touch panel 12 matches the display position of the input information. This may be determined together.

  As a result, it is possible to recognize a position on the second touch panel 12 that is likely to be fraudulent.

  FIG. 8 illustrates a case where the cover sensor 44s is a reflection type optical sensor. As shown in FIG. 8, one or more reflective optical sensors 44c are provided. The reflective optical sensor 44c is disposed, for example, in the vicinity of the second touch panel 12 along the end of the second touch panel 12 with a constant or arbitrary interval. Each reflective optical sensor 44c includes a light projecting unit 44d and a light receiving unit 44e, and the light projecting unit 44d and the light receiving unit 44e are juxtaposed.

  The reflective optical sensor 44c may detect a shield using a known technique. For example, the light projected by the light projecting unit 44d travels along the screen of the second touch panel 12 and is received by the light receiving unit 44e. The light receiving unit 44e receives the light projected by the light projecting unit 44d. The reflection type optical sensor 44c reflects the detection signal when the light projected by the light projecting unit 44d is reflected and the light based on the light projected by the light projecting unit 44d is received by the light receiving unit 44e. To the CPU 42. When the second CPU 42 acquires the detection signal from the reflective optical sensor 44 c, the second CPU 42 determines that the shielding object or the object to be detected is on the front surface of the second touch panel 12.

  Similar to the beam sensor shown in FIG. 1, the position of the shielding object or the object to be detected on the second touch panel 12 may be estimated using the reflective optical sensor 44 c.

  FIG. 9 illustrates a case where the cover sensor 44s is a pyroelectric sensor. As shown in FIG. 9, one or more pyroelectric sensors 44f are provided. Each pyroelectric sensor 44f is arranged, for example, in the vicinity of the second touch panel 12 along the end of the second touch panel 12 with a constant or arbitrary interval.

  The pyroelectric sensor 44f may detect a shield or an object to be detected using a known technique. For example, the pyroelectric sensor 44f detects light including infrared rays using the pyroelectric effect. The pyroelectric sensor 44f includes a light receiving unit that detects light including infrared rays (infrared light). When the light receiving unit detects infrared light, the pyroelectric sensor 44f sends a detection signal to the second CPU. When the second CPU 42 acquires the detection signal from the pyroelectric sensor 44f, the second CPU 42 determines that the shielding object or the object to be detected is on the front surface of the second touch panel 12.

  Similar to the beam sensor shown in FIG. 1, the position of the shielding object or the object to be detected on the second touch panel 12 may be estimated using the pyroelectric sensor 44 f.

  FIG. 10 illustrates the case where the cover sensor 44s is an ultrasonic sensor. The ultrasonic sensor includes one or more wave transmission units 44h and one or more wave reception units 44i. The wave transmitting unit 44h and the wave receiving unit 44i are disposed to face each other with the second touch panel 12 interposed therebetween.

  The wave transmission unit 44h is disposed in the vicinity of the second touch panel 12 at one end of the second touch panel 12 (the end on the X-axis positive side in FIG. 10). The wave receiving portion 44 i is disposed in the vicinity of the second touch panel 12 at the other end portion of the second touch panel 12 (the end portion on the X axis negative side in FIG. 10).

  The ultrasonic sensor may detect a shield or an object to be detected using a known technique. For example, the ultrasonic wave transmitted by the wave transmitting unit 44h travels along the screen of the second touch panel 12, and is received by the wave receiving unit 44i when there is no shielding object or object to be detected. The wave receiving unit 44i sends a detection signal to the second CPU 42 when the ultrasonic wave from the wave sending unit 44h is not received due to reflection of the ultrasonic wave or the like. When the second CPU 42 acquires the detection signal from the ultrasonic sensor, the second CPU 42 determines that the shielding object or the object to be detected is on the front surface of the second touch panel 12.

  FIG. 11 illustrates a case where the cover sensor 44s is a camera (imaging sensor). The captured image captured by the camera 44j includes the front side of the second touch panel 12. In FIG. 11, the camera 44j is provided on the upper side (Y-axis negative side) of the settlement terminal device 1, and images the lower direction (Y-axis positive direction). Accordingly, the camera 44j images the vicinity of the screen of the second touch panel 12. Note that the arrangement position and the imaging direction of the camera 44j in the settlement terminal device 1 are not limited to this.

  The camera 44j captures an image near the second touch panel 12 during the period when the cover detection valid flag is ON. When the second CPU 42 acquires a captured image from the camera 44j, for example, the second CPU 42 recognizes the captured image, and the captured image is a predetermined shielding object (for example, a cover, a malicious third party's hand or finger) or Analyzes whether or not an object to be detected (such as an input person's finger or stylus pen) is included. When the second CPU 42 recognizes that the captured image includes a predetermined shielding object or an object to be detected, the second CPU 42 determines that the shielding object or the object to be detected is in front of the second touch panel 12.

  Note that the second CPU 42 may estimate the position of the shielding object or the object to be detected on the second touch panel 12 based on the position of the shielding object in the captured image.

  According to the settlement terminal device 1, it is possible to easily detect the presence or absence of a shielding object or an object to be detected on the front surface of the second touch panel 12 using the cover detection unit 44. For example, when the cover detection unit 44 detects a shielding object, at least a part of the second touch panel 12 is covered, and the card user may be prompted to input authentication information on an unauthorized input screen. There is. Even in this case, since the warning information is displayed, the card user can recognize that the authentication information may be illegally taken. Therefore, leakage of authentication information can be suppressed by interrupting authentication information input and settlement processing.

(Second Embodiment)
FIG. 12 is a front external view showing an example of a settlement terminal device 1B according to the second embodiment. Note that a side external view of an example of the settlement terminal device 1B is the same as the side external view shown in FIG.

  As shown in FIG. 12, the settlement terminal device 1 </ b> B does not include the cover detection unit 44. On the second touch panel 12, guide marks 62 for guiding the positions of the four corners of the authentication information input column (here, PINPAD 61) are displayed. The second touch panel 12 displays, for example, guidance information indicating that the PIN is entered after the guide marks 62 are sequentially input. Further, the guide information may simply be character information for guiding the display position of the guide mark.

  FIG. 12 illustrates a case where the guide marks 62 are attached to the four corners of the authentication information input field. Note that the guide mark 62 may be attached to two corners located at substantially diagonal positions among the four corners. The guide mark 62 is an example of guide information indicating the position of the end of the input area.

  In addition, it is only necessary to determine whether or not there is an obstacle on the second touch panel 12, and one or more guide marks 62 may be provided at a predetermined position on the second touch panel 12. Further, the shape of the guide mark 62 is not limited to the shape (triangular shape) illustrated in FIG. 12, and may be other shapes.

  FIG. 13 is a block diagram illustrating a configuration example of the settlement terminal device 1B.

  The settlement terminal device 1B does not include the cover detection unit 44 and includes a second CPU 42B instead of the second CPU 42, as compared with the settlement terminal device 1 in the first embodiment. In the payment terminal apparatus 1B, the same components as those in the payment terminal apparatus 1 are denoted by the same reference numerals, and description thereof is omitted or simplified.

  When the second CPU 42B detects an input to the guide mark 62, the second CPU 42B determines that the second touch panel 12 is not covered with a shielding object. This is based on the fact that when the guide mark 62 is concealed by the shielding object, the input to the guide mark 62 is not performed and the input to the guide mark 62 is not detected.

Next, an operation example of the settlement terminal device 1B will be described.
The payment processing flow by the payment terminal device 1B is the same as that in FIG.

  FIG. 14 is a flowchart illustrating an operation example in PIN input by the settlement terminal device 1B.

  When it is time to perform the PIN input, the second CPU 42B displays a guide mark 62 on the second touch panel 12 and prompts the second display unit 45 to display a prompt prompting the user to touch the guide mark 62. An instruction is given (step S601).

  In addition, the second CPU 42B instructs the second display unit 45 to display the PINPAD 61 including the numeric keys for PIN input on the second touch panel 12 (step S602).

  For example, when the card user touches the guide mark 62, the second touch input detection unit 46 detects an input to the second touch panel 12. The second CPU 42B acquires information on coordinates (positions) of which input is detected from the second touch input detection unit 46 (step S603).

  The second CPU 42B determines whether the guide mark 62 has been input, that is, whether the guide mark 62 has been touched according to the coordinate information from the second touch input detection unit 46 (step S604). In this case, for example, the second CPU 42B determines whether the coordinate (position) information from the second touch input detection unit 46 matches the coordinates (position) where the guide mark 62 is displayed on the second touch panel 12. Determine whether or not.

  When the guide mark 62 is touched, it can be determined that the PINPAD 61 is not covered by the shielding object and that the authentication information can be input using the PINPAD 61. In this case, the second CPU 42B permits the input of authentication information by the PINPAD 61 (step S605).

  When the card user inputs the PIN using the PINPAD 61, the second touch input detection unit 46 detects the input PIN information. The second CPU 42B acquires the input PIN information from the second touch input detection unit 46 (step S606).

  On the other hand, if the guide mark 62 is not touched, the PINPAD 61 is covered with a shield, and authentication information may not be input using the PINPAD 61. In this case, the second CPU 42B instructs the second display unit 45 to display the warning information (step S607). As the warning information, for example, a message indicating that there is a possibility that an illegal cover exists without being correctly input in response to a touch by the card user is displayed. The warning message may be a warning sound emitted from a voice output unit or a vibration emitted from a vibration unit (not shown).

  According to the operation example of FIG. 14, it is possible to detect the presence or absence of an obstacle that covers the second touch panel 12 based on a touch on the guide mark 62 displayed on the second touch panel 12. When there is a shielding object, it is possible to suppress leakage of authentication information by notifying warning information, and to improve security in authentication processing.

  Although FIG. 14 illustrates the case of using PIN input, the present invention can also be applied to input of signature input, PIN handwritten input, and other authentication information (for example, fingerprint information).

  According to the settlement terminal device 1B, even when the cover detection unit is not used, the presence or absence of the shielding object can be easily detected by using the guide mark 62. For example, when the guide mark 62 is not correctly touched, at least a part of the second touch panel 12 is already covered with a shield, and the card user is prompted to input authentication information on an unauthorized input screen. There is a possibility. Even in this case, when the touch on the guide mark 62 is not detected, the warning information is displayed, so that the card user can recognize that the authentication information may be illegally taken. Therefore, leakage of authentication information can be suppressed by interrupting authentication information input and settlement processing.

(Third embodiment)
The third embodiment is a modification of the second embodiment. In the second embodiment, the authentication information input field is displayed on the second touch panel 12, and the authentication information is input using the second touch panel 12. In the third embodiment, it is assumed that an authentication information input field is displayed on the first touch panel 10 and the authentication information is input using the first touch panel 10.

  FIG. 15 is a front external view illustrating a configuration example of the settlement terminal device 1 </ b> C according to the third embodiment. Note that a side external view of an example of the settlement terminal device 1C is the same as the side external view shown in FIG.

  As shown in FIG. 15, the settlement terminal device 1 </ b> C does not include the cover detection unit 44. The first touch panel 10 also displays guide marks 62c that guide the positions of the four corners of the authentication information input field (here, PINPAD 61c). Further, for example, information indicating that the PIN is input after the guide marks 62c are sequentially input is displayed on the first touch panel 10.

  FIG. 15 illustrates a case where the guide mark 62c is attached to the four corners of the authentication information input field. In addition, the guide mark 62c may be attached to two corners at a substantially diagonal position among the four corners. Further, it is only necessary to be able to determine the presence or absence of a shield on the first touch panel 10, and one or more guide marks 62 c may be provided at predetermined positions on the first touch panel 10.

  FIG. 16 is a block diagram illustrating a configuration example of the settlement terminal device 1C.

  As compared with the settlement terminal device 1 in the first embodiment, the settlement terminal device 1C does not include the cover detection unit 44, includes the switching unit 49 in the secure area 3, and replaces the second CPU 42 with the second CPU 42C. Prepare. In the settlement terminal device 1C, the same components as those in the settlement terminal devices 1 and 1B are denoted by the same reference numerals, and description thereof is omitted or simplified.

  The switching unit 49 includes a first switch 49a and a second switch 49b. The first switch 49 a electrically connects the first touch input detection unit 30 and the first CPU 21, or electrically connects the first touch input detection unit 30 and the second CPU 42. The second switch 49b electrically connects the first display unit 29 and the first CPU 21 or electrically connects the first display unit 29 and the second CPU 42.

  FIG. 17 is a schematic diagram illustrating an example of a connection state by each switch of the switching unit 49. For example, when the settlement terminal device 1C executes a process that does not require high security, the first switch 49a and the second switch 49b are electrically connected to the first CPU 21. The process that does not require high security is, for example, a process (for example, a payment application process or a business application process) executed in the non-secure area 2 in the first embodiment.

  Further, for example, when the settlement terminal device 1 </ b> C executes a process requiring high security, the first switch 49 a and the second switch 49 b are electrically connected to the second CPU 42. The process requiring high security is, for example, a process (for example, PIN input process) executed in the secure area 3 in the first embodiment.

  The second CPU 42 </ b> C controls switching of each switch in the switching unit 49. The second CPU 42C instructs the first display unit 29 to display the guide mark 62c, for example, when authentication information is input. The second CPU 42C determines that the first touch panel 10 is not covered with the shielding object when the detection information of the input of the guide mark 62c is acquired from the first touch input detection unit 30. This is based on the fact that when the guide mark 62c is concealed by a shield, no input is made to the guide mark 62c and no input is detected to the guide mark 62c.

Next, an operation example of the settlement terminal device 1C will be described.
Since the payment processing flow by the payment terminal device 1C is the same as that in FIG. 3, the description thereof is omitted.

  FIG. 18 is a flowchart showing an operation example in PIN input by the settlement terminal device 1C. In FIG. 18, it is assumed that a PIN is input via the first touch panel 10. In this case, for example, PIN input via the second touch panel 12 is difficult.

  When it is time to perform the PIN input, the first CPU 21 or the second CPU 42C controls the switching unit 49 to perform the display operation and the input detection operation using the first touch panel 10 under the control of the second CPU 42. Switch to execute (step S701). Thereby, the first switch 49a electrically connects the first touch input detection unit 30 and the second CPU 42C. The second switch 49b electrically connects the first display unit 29 and the second CPU 42C.

  Subsequently, the second CPU 42C instructs the first display unit 29 to display the guide mark 62c on the first touch panel 10 and to display a prompt for prompting the user to touch the guide mark 62c (step S702). ).

  In addition, the second CPU 42C instructs the first display unit 29 to display a PIN input number key (number key in PINPAD 61c) on the first touch panel 10 (step S703).

  For example, when the card user touches the guide mark 62 c, the first touch input detection unit 30 detects an input to the first touch panel 10. The second CPU 42C acquires information on coordinates (positions) of which input has been detected from the first touch input detection unit 30 (step S704).

  The second CPU 42 determines whether the guide mark 62c has been input, that is, whether the guide mark 62c has been touched according to the coordinate information from the first touch input detection unit 30 (step S705). In this case, for example, the second CPU 42 determines whether the coordinates (position) information from the first touch input detection unit 30 matches the coordinates (position) where the guide mark 62c on the first touch panel 10 is displayed. Determine whether or not.

  When the guide mark 62c is touched, it can be determined that the PINPAD 61c in the first touch panel 10 is not covered by the shielding object and that the authentication information can be input using the PINPAD 61c. In this case, the second CPU 42 permits the input of authentication information using the PINPAD 61c (step S706).

  When the card user inputs a PIN using the PINPAD 61c, the first touch input detection unit 30 detects the input PIN information. The second CPU 42 acquires the input PIN information from the first touch input detection unit 30 (step S707).

  When the PIN input is completed, the first CPU 21 or the second CPU 42C controls the switching unit 49 to perform the display operation and the input detection operation using the first touch panel 10 with the original CPU (for example, the first CPU 21). (Step S708). Thus, the first switch 49a electrically connects the first touch input detection unit 30 and the first CPU 21. The second switch 49b electrically connects the first display unit 29 and the first CPU 21.

  On the other hand, when the guide mark 62c is not touched, the PINPAD 61c on the first touch panel 10 is covered with a shield, and authentication information may not be input using the PINPAD 61c. In this case, the second CPU 42C instructs the first display unit 29 to display warning information (step S709). As the warning information, for example, a message indicating that there is a possibility that an illegal cover exists without being correctly input in response to a touch by the card user is displayed. The warning message may be a warning sound emitted from a voice output unit or a vibration emitted from a vibration unit (not shown).

  According to the operation example of FIG. 18, it is possible to detect the presence or absence of an obstacle that covers the first touch panel 10 based on a touch on the guide mark 62 c displayed on the first touch panel 10. When there is a shielding object, the second CPU 42C notifies the warning information, so that leakage of the authentication information can be suppressed, and security in the authentication process can be improved. Although the first touch panel 10 is arranged in the non-secure area, the display and input detection of the first touch panel 10 are controlled by the second CPU 42C arranged in the secure area 3, thus ensuring security. Authentication information.

  In FIG. 18, it is assumed that authentication information is input using the first touch panel 10, but authentication information may be input using both the first touch panel 10 and the second touch panel 12. For example, a PIN may be input using the first touch panel 10 and a signature may be input using the second touch panel 12. Even in this case, since the display and input of the first touch panel 10 and the second touch panel 12 are both controlled by the second CPU 42, the PIN or signature can be input or displayed while ensuring security.

  Although FIG. 18 illustrates the case where PIN input is used, the present invention can also be applied to input of signature input, PIN handwritten input, and other authentication information (for example, fingerprint information).

  According to the settlement terminal device 1C, even when the cover detection unit is not used, it is possible to easily detect the presence or absence of an obstacle or an object to be detected by using the guide mark 62c. For example, if the guide mark 62c is not correctly touched, at least a part of the first touch panel 10 is already covered with a shield, and the card user is prompted to input authentication information on an unauthorized input screen. There is a possibility. Even in this case, when the touch on the guide mark 62c is not detected, the warning information is displayed, so that the card user can recognize that the authentication information may be illegally taken. Therefore, leakage of authentication information can be suppressed by interrupting authentication information input and settlement processing.

  The present invention is not limited to the configuration of the above-described embodiment, and any configuration can be used as long as the functions shown in the claims or the functions of the configuration of the present embodiment can be achieved. Is also applicable.

  For example, the settlement terminal device 1 may perform cover detection by appropriately combining the cover detection configurations and methods described in the above embodiments. Thereby, the payment terminal device 1 can determine more accurately whether or not the card user has entered a password or the like at a valid position in the secure area.

(Overview of one embodiment of the present invention)
An information processing apparatus according to one embodiment of the present invention determines a display unit that displays a screen including an input area for inputting authentication information used for authentication processing, and whether or not at least a part of the screen is covered. And a presentation unit that presents warning information indicating that at least a part of the screen is covered when the determination unit determines that at least a part of the screen is covered. The determination unit is disposed in a secure area having tamper resistance.

  According to this configuration, even if the input area of the original authentication information is hidden and an illegal input area is generated in the non-secure portion, the user of the information processing apparatus (for example, a store clerk or a card user) It is possible to receive a warning that at least a part of the screen including it is covered. Alternatively, the information processing apparatus accurately determines whether or not a user (for example, a card user) of the information processing apparatus has input authentication information (such as a password) at a valid position in the secure area. be able to. Accordingly, it is possible to suppress unauthorized acquisition of authentication information due to phishing or the like, and security in authentication processing can be improved.

  The information processing apparatus according to one embodiment of the present invention includes an object detection unit that detects an object that is disposed in the secure area and covers at least a part of the screen, and the determination unit is configured to detect the object by the object detection unit. Is detected, it is determined that at least a part of the screen is covered with the object.

  According to this configuration, an object covering the screen including the input area can be detected and a warning can be received, so that security in the authentication process can be improved.

  The information processing apparatus according to an aspect of the present invention includes a tamper detection unit that detects whether or not the object detection unit is abnormal, and the object detection is performed when the presentation unit detects an abnormality by the tamper detection unit. Present that an abnormality has occurred in the department.

  According to this configuration, for example, it can be detected that the information processing apparatus has been destroyed and the object detection unit has been illegally removed. Therefore, the authentication information can be safely input by confirming that the tamper detection unit has not detected the tamper detection unit.

  Further, in the information processing apparatus according to one aspect of the present invention, the object detection unit includes a light projecting unit that projects light along the screen, and a light receiving unit that receives the projected light, The object is detected according to a light reception result by the light receiving unit.

  According to this configuration, the object can be detected using the optical sensor. In addition, the optical sensor is relatively easy to install, and can detect an object at a desired position while suppressing the spread of light.

  In the information processing device of one embodiment of the present invention, the object detection unit includes a light receiving unit that receives infrared light along the screen, and detects the object according to a light reception result of the light receiving unit. To do.

  According to this configuration, an object can be detected using the pyroelectric sensor, and the power of the object detection unit can be saved.

  In the information processing apparatus of one embodiment of the present invention, the object detection unit receives a ultrasonic wave transmitted by the wave transmission unit and a wave transmission unit that transmits the ultrasonic wave along the screen. A wave receiving unit, and detecting the object according to a wave reception result by the wave receiving unit.

  According to this configuration, an object can be detected using an ultrasonic sensor. Moreover, it can suppress that the display light in a display part influences the detection result by an object detection part by using an ultrasonic wave.

  In the information processing apparatus of one embodiment of the present invention, the object detection unit includes an imaging sensor that captures the vicinity of the screen, and the determination unit analyzes a captured image captured by the imaging sensor, When the captured image includes the object, it is determined that at least a part of the screen is covered with the object.

  According to this configuration, an object can be detected by an image sensor and image analysis. In addition, by performing feature extraction or the like from the captured image, it is possible to determine what object the screen is covered with.

  The information processing apparatus according to one aspect of the present invention includes an input detection unit that detects an input to the screen, and the determination unit detects an input to a predetermined area on the screen by the input detection unit. It is determined that the screen is not covered.

  According to this configuration, for example, when a user of the information processing apparatus recognizes a predetermined area in advance and performs an input operation on the area, it can be determined that there is no object that shields the predetermined area. You can enter information. Then, the information processing apparatus accurately determines whether or not the user of the information processing apparatus (for example, a card user) has entered authentication information (such as a password) at a valid position in the secure area. Can do.

  In the information processing apparatus of one embodiment of the present invention, the display unit displays guidance information for guiding the position of the predetermined area on the screen.

  According to this configuration, the user of the information processing apparatus can recognize the position of the guidance information and can perform an input operation on a predetermined area.

  In the information processing apparatus of one embodiment of the present invention, the display unit displays the guidance information at an end of the input area.

  According to this configuration, the user of the information processing apparatus can recognize the position of the end of the input area and can input authentication information to the input area.

  In the information processing apparatus of one embodiment of the present invention, the display unit displays the guidance information at a substantially diagonal position in the input area.

  According to this configuration, the user of the information processing apparatus can recognize the position of the end of the input area with less guidance information, and can input authentication information to the input area.

  In the information processing device of one embodiment of the present invention, the input detection unit and the display unit are arranged in a secure area.

  According to this configuration, since the authentication process can be performed in the secure area, security in the authentication process can be ensured.

  An information processing apparatus according to an aspect of the present invention includes a switching unit that switches a connection state between the input detection unit, the display unit, and the determination unit, and the input detection unit is disposed in the secure area. A first input detection unit arranged in a non-secure area that does not have tamper resistance, and the display unit is arranged in the secure area. A display unit and a second display unit arranged in the non-secure area, and when the authentication information is input to the switching unit, the first input detection unit and the determination unit The first display unit is connected.

  According to this configuration, even when the second input detection unit and the second display unit arranged in the non-secure area are used in the authentication process, the second input detection unit and the second display unit are in the secure area. Security can be ensured by connecting to the arranged determination unit.

  An information processing method according to an aspect of the present invention is an information processing method in an information processing apparatus, the step of displaying a screen including an input area for inputting authentication information used for authentication processing, Determining whether or not at least a part of the screen is covered, and presenting warning information indicating that at least a part of the screen is covered when it is determined that at least a part of the screen is covered And a step of performing.

  According to this method, even if the original authentication information input area is hidden and an illegal input area is generated in the non-secure part, the user of the information processing apparatus covers at least a part of the screen including the input area. Can receive a warning. Alternatively, in the information processing apparatus that executes this information processing method, whether or not the user of the information processing apparatus (for example, a card user) has entered authentication information (such as a password) at a valid position in a secure area. Can be accurately determined. Accordingly, it is possible to suppress unauthorized acquisition of authentication information due to phishing or the like, and security in authentication processing can be improved.

  Moreover, the information processing program of 1 aspect of this invention is an information processing program for performing each step in the said information processing method.

  According to this configuration, even if the original authentication information input area is hidden and an illegal input area is generated in the non-secure part, the user of the information processing apparatus covers at least a part of the screen including the input area. Can receive a warning. Alternatively, in the information processing apparatus that executes the information processing program, whether or not the user of the information processing apparatus (for example, a card user) has entered authentication information (such as a password) at a valid position in a secure area. Can be accurately determined. Accordingly, it is possible to suppress unauthorized acquisition of authentication information due to phishing or the like, and security in authentication processing can be improved.

  A recording medium of one embodiment of the present invention is a computer-readable recording medium on which the information processing program is recorded.

  According to this configuration, even if the original authentication information input area is hidden and an illegal input area is generated in the non-secure part, the user of the information processing apparatus covers at least a part of the screen including the input area. Can receive a warning. Alternatively, a computer that can read this storage medium accurately determines whether or not a user of the computer (for example, a card user) has entered authentication information (such as a password) at a valid location in a secure area. Can be determined. Accordingly, it is possible to suppress unauthorized acquisition of authentication information due to phishing or the like, and security in authentication processing can be improved.

  The present invention is useful for an information processing apparatus, an information processing method, an information processing program, a recording medium, and the like that can improve security in authentication processing.

1, 1b, 1c Payment terminal device 2 Non-secure area 3 Secure area 5 Slit 6 Upper side surface of non-secure area 9 Front face of non-secure area 10 First touch panel 11 Front face of secure area 12 Second touch panel 21 First CPU
22 local wireless communication unit 23 local wireless communication antenna 24 wide area wireless communication unit 25 wide area wireless communication antenna 29 first display unit 30 first touch input detection unit 32 first flash ROM
33 First RAM
34 Key input part 35 Magnetic card reader part 40 1st IF part 41 2nd IF part 42, 42b, 44c 2nd CPU
43 Tamper detection unit 44 Cover detection unit 44a, 44d Light projection unit 44b, 44b1, 44b2, 44e Light reception unit 44c Reflective light sensor 44f Pyroelectric sensor 44h Wave transmission unit 44i Wave reception unit 44j Camera 44s Cover sensor 45 Second sensor 45 Display unit 46 Second touch input detection unit 47 Second flash ROM
48 Second RAM
49 switching unit 49a first switch 49b second switch 50 second power supply unit 51 second battery 61, 61c PINPAD
62, 62c Guide mark

Claims (16)

A display unit for displaying a screen including an input area for inputting authentication information used for authentication processing;
A determination unit for determining whether or not at least a part of the screen is covered;
A presentation unit that presents warning information indicating that at least a part of the screen is covered when the determination unit determines that at least a part of the screen is covered;
With
The determination unit is an information processing apparatus arranged in a secure area having tamper resistance. The information processing apparatus according to claim 1, further comprising:
An object detection unit that is disposed in the secure area and detects an object that covers at least a part of the screen;
The determination unit is an information processing apparatus that determines that at least a part of the screen is covered with the object when the object is detected by the object detection unit. The information processing apparatus according to claim 2, further comprising:
A tamper detection unit that detects the presence or absence of an abnormality in the object detection unit,
The presenting unit is an information processing apparatus that presents that an abnormality has occurred in the object detection unit when an abnormality is detected by the tamper detection unit. The information processing apparatus according to claim 2 or 3,
The object detection unit includes a light projecting unit that projects light along the screen and a light receiving unit that receives the projected light, and detects the object according to a light reception result by the light receiving unit. Information processing apparatus. The information processing apparatus according to claim 2 or 3,
The information processing apparatus, wherein the object detection unit includes a light receiving unit that receives infrared light along the screen, and detects the object according to a light reception result by the light receiving unit. The information processing apparatus according to claim 2 or 3,
The object detection unit includes: a transmission unit that transmits ultrasonic waves along the screen; and a reception unit that receives ultrasonic waves transmitted by the transmission unit. An information processing apparatus that detects the object according to a reception result. The information processing apparatus according to claim 2, further comprising:
The object detection unit includes an image sensor that images the vicinity of the screen,
The information processing apparatus that analyzes a captured image captured by the imaging sensor and determines that at least a part of the screen is covered with the object when the captured image includes the object. The information processing apparatus according to claim 1, further comprising:
An input detection unit for detecting an input to the screen;
The information processing apparatus that determines that the screen is not covered when the input detection unit detects an input to a predetermined area on the screen. The information processing apparatus according to claim 8,
The information processing apparatus, wherein the display unit displays guidance information for guiding a position of the predetermined area on the screen. The information processing apparatus according to claim 9,
The display unit is an information processing apparatus that displays the guidance information at an end of the input area. The information processing apparatus according to claim 10,
The information processing apparatus, wherein the display unit displays the guidance information at a substantially diagonal position of the input area. The information processing apparatus according to any one of claims 8 to 11,
The input detection unit and the display unit are information processing apparatuses arranged in a secure area. The information processing apparatus according to any one of claims 8 to 11, further comprising:
A switching unit that switches a connection state between the input detection unit and the display unit and the determination unit;
The input detection unit includes a first input detection unit arranged in the secure area, and a first input detection unit arranged in a non-secure area that does not have tamper resistance,
The display unit includes a first display unit disposed in the secure area, and a second display unit disposed in the non-secure area,
The switching unit is an information processing apparatus that connects the first input detection unit and the first display unit to the determination unit when the authentication information is input. An information processing method in an information processing apparatus,
Displaying a screen including an input area for inputting authentication information used for authentication processing;
Determining whether at least a portion of the screen is covered;
Presenting warning information to the effect that at least a part of the screen is covered when it is determined that at least a part of the screen is covered;
An information processing method comprising:   An information processing program for executing each step in the information processing method according to claim 14.   The computer-readable recording medium which recorded the information processing program of Claim 15.

Images