JP2019144720A - Information processing system and information processor - Google Patents

Abstract

To provide an information processing system and an information processor that can suppress an increase of a maintenance cost without causing a temporary delay in business.SOLUTION: An information processing system comprises a headquarter terminal and a management terminal. A headquarter terminal has a first one-time account generation part generating first one-time account information and an output part outputting the generated first one-time account information. The management terminal has a second one-time account generation part, a comparator, and an authentication part. The second one-time account generation part generates second one-time account information. A comparator compares the inputted first one-time account information with the generated second one-time account information. The authentication part authenticates a prescribed authority for a master administrator who entered the first one-time account information when the inputted first one-time account information coincides with the second one-time account information.SELECTED DRAWING: Figure 6

Description

  The present invention relates to an information processing system and an information processing apparatus.

  For example, at a branch office such as a financial institution or a store such as a supermarket, a cash machine is set up at a counter in order to settle the cash with the customer, and the person in charge (employee) at the counter is the customer It is possible to perform settlement by operating the change machine while corresponding to the above. The change machine stores change to be paid out to the customer. The change is withdrawn from a cash management machine (cash management device) installed in a backyard of a branch or the like by an employee (person in charge) who is in charge of operating the change machine at the start of the business of the person in charge. Stored in the machine. Further, at the end of the work of the person in charge, the person in charge collects the change remaining in the change machine together with the sales paid from the change machine by the customer and deposits it into the cash management machine. In this way, cash such as sales and change is strictly managed.

  In addition, in order to manage the cash management machine, a management terminal is installed in a branch office or the like. For each employee who operates the management terminal or the cash management machine, the management terminal has a different type that can perform only the processing related to the determined business for each type of business that each employee is engaged in. You can set up an account and manage the set up account. By restricting the operations that can be performed on the management terminal and cash management machine by the employee operating the management terminal and cash management machine to the division of duties of the employee, fraud is caused by the operation of the management terminal and cash management machine. This is to prevent this from being performed.

  Specifically, an account corresponding to the tightening authority of the cash management machine should be given to the person in charge of closing the cash management machine (aggregating the cash processed by the cash management machine and confirming the result). Is given. In addition, an account corresponding to the person in charge registration authority for registering the person in charge is given to the person in charge registering person who registers the person in charge who uses the cash management machine. Furthermore, the administrator who performs the above-mentioned tightening and registration of the person in charge is given an account corresponding to the management task authority, and further, the master administrator who registers the administrator who has the management task authority has An account corresponding to the authority is given.

  Further, such different types of accounts have identification information (Identification; ID) for identifying employees (administrators, etc.) and a personal identification number (password) in order to manage different granted authorities. It is tied. Therefore, for example, the employee can perform processing using the management terminal within a range of authorized authority by inputting an ID and a password into the management terminal and logging in.

  For example, as an information processing apparatus that manages such an account, an information processing apparatus disclosed in Patent Document 1 that can change the contents that can be processed corresponding to each account can be cited.

JP 2017-151701 A

  However, since the master administrator as described above does not frequently log in to the management terminal, the master administrator often forgets the ID or personal identification number associated with his / her account. If the master administrator forgets the ID or personal identification number in this way, it is impossible to register an administrator who has administrative authority, which may hinder business at a branch office or the like. Become.

  In such a case, in order for the master administrator to be able to perform operations on the management terminal, the maintenance staff visits the branch where the management terminal is installed, and the management terminal is restored. Will be performed. Therefore, the master administrator cannot register an administrator having the administrative task authority until the maintenance work as described above is completed, causing a temporary stagnation in the task. Furthermore, since maintenance personnel are dispatched, it is difficult to suppress an increase in maintenance costs.

  Therefore, the present invention has been made in view of the above problems, and the object of the present invention is to prevent temporary stagnation in business and to suppress an increase in maintenance costs. An object of the present invention is to provide a new and improved information processing system and information processing apparatus.

  In order to solve the above problem, according to an aspect of the present invention, a first terminal includes a first terminal and a second terminal, and the first terminal generates first one-time account information. A one-time account generation unit, and an output unit that outputs the generated first one-time account information. The second terminal generates a second one-time account information. A time account generation unit; a comparison unit that compares the input first one-time account information with the generated second one-time account information; and the comparison makes the first one-time account information An authentication unit that authenticates a predetermined authority to a user who has input the first one-time account information when the second one-time account information matches. Stem is provided.

  The first terminal and the second terminal may be separated in a state in which information cannot be communicated with each other.

  The first one-time account generation unit and the second one-time account generation unit generate the first one-time account information and the second one-time account information using the same algorithm. May be.

  The first one-time account generation unit and the second one-time account generation unit use the same encryption program to convert the first one-time account information and the second one-time account information. It may be generated.

  The first one-time account generating unit generates the first one-time account information using the input identification information related to the user and time information related to the first one-time account. May be.

  The second one-time account generating unit generates the second one-time account information by using identification information related to the user acquired in advance and time information related to the second one-time account. May be.

  The identification information associated with the user may be terminal specific information associated with the second terminal used by the user.

  The predetermined authority is an authority capable of using a management terminal that manages a cash management apparatus, and the second terminal may be the management terminal.

In order to solve the above problem, according to another aspect of the present invention, a first unit includes a second unit, and the first unit generates first one-time account information. A first one-time account generating unit that outputs, and an output unit that outputs the generated first one-time account information, wherein the second unit generates second one-time account information. Two one-time account generation units, a comparison unit that compares the input first one-time account information with the generated second one-time account information;
If the comparison shows that the first one-time account information matches the second one-time account information, authentication for authenticating a predetermined authority to the user who has input the first one-time account information And an information processing apparatus having a unit.

  As described above, according to the present invention, it is possible to suppress an increase in maintenance costs without causing a temporary stagnation in business.

It is explanatory drawing explaining the structural example of the cash management system 1 which concerns on embodiment of this invention. It is a block diagram of the cash management machine 100 which concerns on embodiment of this invention. It is a block diagram of the sales information management server 400 which concerns on embodiment of this invention. It is a block diagram of the management terminal 500 which concerns on embodiment of this invention. It is a block diagram of the head office terminal 800 which concerns on embodiment of this invention. It is a sequence diagram of the operation | movement which concerns on embodiment of this invention. It is explanatory drawing for demonstrating an example of the one-time account issue screen 900 which concerns on embodiment of this invention. It is explanatory drawing for demonstrating an example of the one-time account issue screen 906 which concerns on embodiment of this invention. It is a flowchart at the time of login using the one-time account which concerns on embodiment of this invention. It is explanatory drawing for demonstrating an example of the one-time account input screen 914 which concerns on embodiment of this invention. It is explanatory drawing for demonstrating an example of the menu screen 926 which concerns on embodiment of this invention. It is explanatory drawing for demonstrating an example of the one-time account input screen 940 which concerns on embodiment of this invention.

  Exemplary embodiments of the present invention will be described below in detail with reference to the accompanying drawings. In addition, in this specification and drawing, about the component which has the substantially same function structure, duplication description is abbreviate | omitted by attaching | subjecting the same code | symbol.

  In the present specification and drawings, a plurality of constituent elements having substantially the same or similar functional configuration may be distinguished by adding different numerals after the same reference numerals. However, when it is not necessary to particularly distinguish each of a plurality of constituent elements having substantially the same or similar functional configuration, only the same reference numerals are given. In addition, similar components in different embodiments may be distinguished by attaching different alphabets after the same reference numerals. However, if it is not necessary to distinguish each similar component, only the same reference numerals are given.

  In addition, the cash management system according to the embodiment of the present invention described below is not limited to being used in a main branch of a financial institution or a store such as a supermarket, etc. Can be applied to management.

<< Background to the Embodiment of the Present Invention >>
First, prior to the description of the embodiments of the present invention, the background of how the present inventor has made the embodiments of the present invention will be described.

  The above-described cash management machine is a device that performs change and withdrawal of change and storage of sales to a person in charge who handles customers. Specifically, a cash management machine is a device used by a person in charge of a counter at a branch office or a cashier in charge of a store, etc., and withdrawing transactions for making changes to each person in charge and returning the change And deposit transactions to store sales.

  For cash management machines, identification information such as the employee number of the person in charge who can use the cash management machine, authority that defines the processing details that can be performed on the cash management machine, etc. are registered in advance as employee information. This registration makes it possible for each person in charge to make a deposit / withdrawal transaction at the cash management machine for the first time. Such registration is performed in a management terminal that manages a cash management machine installed in a branch office or the like as described above. Similarly, with respect to the management terminal, since the employee information of the administrator who can use the management terminal is registered in advance in the management terminal, each administrator can register each person in charge at the management terminal for the first time. Business can be performed.

  In other words, in a cash management system including a cash management machine and a management terminal, each type of business engaged in each employee has a different type of account corresponding to the authority to perform only the processing related to the determined business. It is given as an account for login of each device on the system. This is because, as explained above, by restricting the operations that can be performed on each device on the cash management system to the division of duties of each employee, fraud is performed by operations on each device on the cash management system. It is for preventing.

  Specifically, the various accounts include, for example, a closing manager account corresponding to the authority to tighten the cash management machine, and a person registration manager account for registering the person using the cash management machine. , An account corresponding to the management task authority for an administrator who performs tightening and registration of a person in charge, an account for a master administrator who registers the administrator who has the management task authority, and the like.

  For example, there are multiple tightening managers who have been granted an account with the authority to tighten cash management machines (tightening authority), and there are several in the branch, etc., once a week or several times a day, It is possible to log in to the cash management machine by using the ID and personal identification number associated with the account assigned to itself, and perform tightening, status confirmation, and form printing.

  In addition, there are multiple managers in charge at the branch office who have been given an account (person registration authority) for registering the person in charge of using the cash management machine. Log in to the management terminal using the ID and personal identification number associated with the account assigned to, and perform tasks such as registering or deleting the person in charge using the cash management machine, initializing the personal identification number, and printing forms It can be carried out.

  In addition, there are multiple managers who have been given accounts (management authority) for closing and registering the person in charge, and they are linked to the account assigned to them regularly or irregularly. Log in to the cash management machine or management terminal using the attached ID and password, and perform tightening, status confirmation, form printing, registration or deletion of the person in charge using the cash management machine, Operations such as initialization and form printing can be performed.

  Furthermore, a master administrator who has been given an account (master authority) (predetermined authority) that can use the management terminal to register the above administrator who has administrative duties authority has been granted to himself Log in to the cash management machine or management terminal using the ID and PIN linked to the account, and include all the authority, such as the above-mentioned tightening authority, person in charge registration authority, administrative work authority, etc., and master authority All types of accounts can be managed (registration, change (including change of PIN), deletion, reference, etc.). In general, there are two primary and secondary master managers at branches and the like. For example, the branch manager or general manager of each branch is often the master manager.

  Specifically, the master administrator as described above logs in to the management terminal at a frequency of once or twice a year, and registers or deletes an administrator with administrative duties authority associated with personnel changes, In many cases, the authority is changed due to the change of business contents, the password is initialized by forgetting the password.

  However, the master administrator often forgets the ID and personal identification number associated with the account given to him because the frequency of logging in to the management terminal is low. Considering such a situation, even if there are two primary and secondary master administrators at each branch, etc., both master administrators forget the ID and password given to them. Sometimes it ends up.

  In such a case, the master administrator cannot register an administrator who has the administrative task authority, and this impedes the task at the branch or the like.

  Therefore, in the case described above, in order to enable the master administrator to perform operations and processing on the management terminal, a maintenance staff visits the branch where the management terminal is installed, Recovery work will be performed. Therefore, the master administrator cannot register an administrator having the administrative task authority until the maintenance work as described above is completed, causing a temporary stagnation in the task. Furthermore, since maintenance personnel are dispatched, it is difficult to suppress an increase in maintenance costs.

  Then, in view of such a situation, the inventor has created a cash management system (information processing system) according to an embodiment of the present invention. In the embodiment of the present invention, in a cash management system that collects cash management machines that manage change and sales proceeds installed in branches and the like and performs employee registration, it is linked to an account for operating a management terminal. If you forget your ID and PIN, issue a temporary one-time account using the head office terminal installed at the head office. According to such an embodiment of the present invention, an increase in maintenance costs can be suppressed without causing a temporary stagnation in business. Hereinafter, such embodiments of the present invention will be sequentially described in detail.

<Configuration of cash management system 1>
First, the structure of the cash management system (information processing system / information processing apparatus) 1 according to the first embodiment of the present invention will be described with reference to FIG. FIG. 1 is an explanatory diagram illustrating a configuration example of a cash management system 1 according to the present embodiment. As shown in FIG. 1, the cash management system 1 according to the present embodiment includes a cash management machine (cash management apparatus) 100, a window terminal 200, a change machine 300, a sales information management server 400, and a management terminal (No. 1). 2 terminal / second unit) 500, portable terminal 600, and head office terminal (first terminal / first unit) 800. In FIG. 1, the cash management machine 100, the counter terminal 200, the change machine 300, the management terminal 500, and the mobile terminal 600 are illustrated one by one, but in the present embodiment, these are limited to one. A plurality of units may be included.

  The cash management system 1 according to the present embodiment provides change information such as the amount of change withdrawn from the cash management machine 100 for each person in charge of the customer, date and time of sale, product name, product unit price, and quantity. This is a system that manages sales information such as the total amount and tightens (aggregates) the sales amount. Specifically, the person in charge stores the change information and the sales information in the sales information management server 400 by operating the window terminal 200 connected to the change machine 300. The sales information management server 400 generates sales information by confirming the sales amount of the corresponding accounting day by performing tightening at the window terminal 200 by the corresponding person in charge. Furthermore, the sales information management server 400 can also transmit change information and sales information of the person in charge to the cash management machine 100 and the management terminal 500. Below, the outline | summary of each apparatus of the cash management system 1 which concerns on this embodiment is demonstrated.

(Cash management machine 100)
The cash management machine 100 is a device that operates the window terminal 200 and the change machine 300 to perform change of deposit and withdrawal and storage of sales to a person who receives cash from a customer. Specifically, the cash management machine 100 collects money from the change machine 300 with a withdrawal transaction for withdrawing change (banknotes and coins) to be stored in each change machine 300 described later with the person in charge. Deposit transactions to deposit the proceeds (banknotes and coins) and change. In the withdrawal transaction, the cash management machine 100 withdraws the preset amount, the number of money types or the amount to be specified, and the number of money types. In the deposit transaction, the cash management machine 100 deposits cash related to the total amount of change and sales according to the change withdrawal information and sales information for each person in charge acquired from the sales information management server 400. . The detailed configuration of the cash management machine 100 will be described later.

(Window terminal 200)
The window terminal 200 is realized by a computer or a personal computer (PC) for a person in charge or the like to perform work or the like at a window at a branch office or the like, and is connected to each change machine 300 described later. Manage and perform tightening processing by the person in charge in cooperation with the sales information management server 400. In addition, the window terminal 200 mainly includes an input unit 202 and a display unit 204 as shown in FIG. Specifically, the window terminal 200 accepts an operation on the input unit 202 by a person in charge, and controls the change machine 300 according to the accepted operation. Furthermore, the window terminal 200 can display the deposit / withdrawal status of the change machine 300 on the display unit 204, and can transmit the deposit / withdrawal information of the change machine 300 to the sales information management server 400. As shown in FIG. 1, the window terminal 200 is connected to a printer 210, and by controlling the printer 210, information such as deposit / withdrawal status can be printed on paper and output.

(Change machine 300)
The change machine 300 is a device that deposits sales received from a customer and withdraws change to the customer. Specifically, the change machine 300 stores banknotes and coins received by the person in charge from the customer, and pays out banknotes and coins to be paid to the customer as change according to the control of the window terminal 200. The change machine 300 may be a hand-held safe (not shown) or a drawer (not shown).

(Sales information management server 400)
The sales information management server 400 is a computer that manages the amount of cash and the transfer of cash in each branch or a plurality of branches, sales information of each person in charge, etc., from the cash management machine 100, the window terminal 200, etc. Obtain information and manage sales and cash value. Specifically, the sales information management server 400 stores information such as transaction results sent from the cash management machine 100 or the window terminal 200 as a history, and further sends it from the cash management machine 100 or the window terminal 200 or the like. Based on information such as the amount of sales and the amount of money received, the number of withdrawals and the number of deposits for each denomination, change and sales are tabulated and managed. The detailed configuration of the sales information management server 400 will be described later.

(Management terminal 500)
The management terminal 500 is a device that is installed in a branch or the like and is used by an administrator to manage information stored in the cash management machine 100 and employee information. For example, a personal computer (PC) for the administrator to perform work or the like. ) Etc. For example, the management terminal 500 can register or change employee information in accordance with an input operation by an administrator or the like. The detailed configuration of the management terminal 500 will be described later.

(Mobile terminal 600)
The mobile terminal 600 is realized by a tablet terminal or a mobile terminal such as a smartphone used by a person in charge of visiting the customer's home or the customer's workplace, etc., and manages the sales and change of goods related to product sales. To do. As illustrated in FIG. 1, the mobile terminal 600 mainly includes an input unit 602 and a display unit 604. Specifically, the person in charge stores the product price received from the customer on the go in a change bag (not shown) that is carried as sales money, takes out the cash from the change bag, and pays it to the customer as change. . Further, as shown in FIG. 1, the portable terminal 600 is connected to, for example, a portable printer 610, and controls the printer 610 to print and output information such as deposit / withdrawal status on paper. be able to.

(Head office terminal 800)
The head office terminal 800 is an apparatus for managing a master administrator who is installed in the head office and uses the management terminal 500 in a branch office. For example, the master administrator (registering an administrator having administrative duties authority, etc.) A one-time account can be created. The detailed configuration of the head office terminal 800 will be described later.

(Communication network 700)
The communication network 700 is a network used for transmission / reception of information inside or outside one or more main branches. The communication network 700 can be wired or wireless, for example, a public line network such as a telephone line or a satellite communication network, various types of LAN (Local Area Network) including the Internet, a dedicated line, and Ethernet (registered trademark) or It is comprised from arbitrary communication networks, such as WAN (Wide Area Network). Furthermore, the dedicated line may be configured by an IP-VPN (Internet Protocol-Virtual Private Network) or the like. In addition, some security means (for example, Secure Sockets Layer (SSL)) may be applied to the dedicated line.

  In FIG. 1, the management terminal 500 and the head office terminal 800 are illustrated as being communicably connected via the communication network 700. However, the present embodiment is not limited to this. Alternatively, the management terminal 500 and the head office terminal 800 may be separated in a state where they are not communicably connected, that is, in a state where information cannot be communicated with each other.

<Detailed configuration of cash management machine 100>
The configuration of the cash management system 1 according to this embodiment has been described above. Next, with reference to FIG. 2, the detailed structure of the cash management machine 100 which concerns on this embodiment is demonstrated. FIG. 2 is a block diagram of the cash management machine 100 according to the present embodiment. As shown in FIG. 2, the cash management machine 100 mainly includes an input unit 102, a display unit 104, a banknote deposit / withdrawal unit 106, a coin deposit / withdrawal unit 108, a printer unit 110, a communication unit 114, and a control unit 120. Below, each function part of the cash management machine 100 is demonstrated.

(Input unit 102)
The input unit 102 is a functional unit that receives an input operation of a person in charge of operating the cash management machine 100, and is realized by various buttons, a numeric keypad, a keyboard, and the like, for example.

(Display unit 104)
The display unit 104 is a functional unit that displays an operation screen and transaction (processing) contents to a person in charge. For example, a CRT (Cathode Ray Tube) display device, a liquid crystal display (LCD) device, an OLED (Organic Light Emitting). (Diode) device or the like. Note that the above-described input unit 102 may be realized by a touch panel that is provided so as to overlap the display device that constitutes the display unit 104.

(Bill deposit / withdrawal unit 106)
The banknote deposit / withdrawal unit 106 is a functional unit that deposits / withdraws banknotes, specifically, accepts banknotes according to the request of the person in charge, discriminates the types of banknotes, and counts and stores them for each type. To do. Furthermore, the banknote depositing / withdrawing part 106 withdraws the banknote stored according to the request of the person in charge.

(Coin Deposit / Withdrawal Department 108)
The coin deposit / withdrawal unit 108 is a functional unit that deposits / withdraws coins, specifically, accepts coin deposits according to the request of the person in charge, discriminates the types of coins, and counts and stores them for each type. To do. Further, the coin deposit / withdrawal unit 108 dispenses the coins stored according to the request of the person in charge.

(Printer 110)
The printer unit 110 has a printing function such as a receipt, and can print a transaction result and issue it to a person in charge.

(Communication unit 114)
For example, the communication unit 114 transmits cash deposit / withdrawal information to the management terminal 500 and the sales information management server 400 via the communication network 700, and receives sales information from the sales information management server 400. can do.

(Control unit 120)
For example, the control unit 120 is configured around a CPU (Central Processing Unit) and the like, and controls each functional unit of the cash management machine 100 to execute various transactions. Specifically, as shown in FIG. 2, the control unit 120 includes blocks such as a cash management processing unit 124 and a storage unit 130. Below, the detail of each block of the control part 120 is demonstrated.

-Cash management processing part 124-
The cash management processing unit 124 controls the banknote depositing / withdrawing unit 106, the coin depositing / withdrawing unit 108, and the like so as to execute transactions (for example, deposit transactions, withdrawal transactions, etc.) performed by the cash management machine 100.

-Storage unit 130-
The storage unit 130 is realized by a ROM (Read Only Memory), a RAM (Random Access Memory), and the like included in the control unit 120, and a control program for controlling the operation of the cash management machine 100, Input data, display screens, etc. at the time of transactions are stored.

<Detailed Configuration of Sales Information Management Server 400>
The detailed configuration of the cash management machine 100 according to the present embodiment has been described above. Next, a detailed configuration of the sales information management server 400 according to the present embodiment will be described with reference to FIG. FIG. 3 is a block diagram of the sales information management server 400 according to the present embodiment. As shown in FIG. 3, the sales information management server 400 mainly includes a communication unit 414 and a control unit 420. Below, each function part of the sales information management server 400 is demonstrated.

(Communication unit 414)
The communication unit 414 can receive information from the cash management machine 100, the management terminal 500, and the like via, for example, the communication network 700, and can transmit information to the management terminal 500 and the like.

(Control unit 420)
For example, the control unit 420 is configured around a CPU or the like, acquires information from the cash management machine 100 or the like, and stores the information in a storage unit 430 described later. In addition, the control unit 420 can output the information stored in the storage unit 430 to the management terminal 500. Specifically, the control unit 420 includes a storage unit 430 as illustrated in FIG. Below, the memory | storage part 430 which the control part 420 has is demonstrated.

-Storage unit 430-
The storage unit 430 is realized by a ROM, a RAM, an HDD (Hard Disk Drive), or the like that the control unit 420 has, and stores information on cash etc. in the main branch.

<Detailed Configuration of Management Terminal 500>
The detailed configuration of the sales information management server 400 according to the present embodiment has been described above. Next, a detailed configuration of the management terminal 500 according to the present embodiment will be described with reference to FIG. FIG. 4 is a block diagram of the management terminal 500 according to the present embodiment. The management terminal 500 is installed in a branch or the like, and when an administrator logs in, the ID and personal identification number used for the login are between the registered account information (ID, personal identification number, authority details, etc.). Verify (authentication) with. Furthermore, the management terminal 500 manages the administrator within the range according to the authority given to the administrator when the ID and password used for login coincide with the registered account information. The operation and processing of the terminal 500 are permitted. In addition, the management terminal 500 also has a function of generating a one-time account (second account) for the master administrator, and performs verification (authentication) using the account information of the generated one-time account. It can also be done.

  Specifically, as illustrated in FIG. 4, the management terminal 500 mainly includes an input unit 502, a display unit 504, a communication unit 514, and a control unit 520. Below, each function part of the management terminal 500 is demonstrated.

(Input unit 502)
The input unit 502 is a functional unit that receives an input operation of an administrator who operates the management terminal 500, and is realized by, for example, a numeric keypad or a keyboard.

(Display unit 504)
The display unit 504 is a functional unit that displays an operation screen or the like to the administrator, and is realized by, for example, a CRT display device, an LCD device, an OLED device, or the like. Note that the above-described input unit 502 may be realized by a touch panel that is provided so as to overlap the display device that constitutes the display unit 504.

(Communication unit 514)
For example, the communication unit 514 can receive various types of information from the cash management machine 100 or the like via the communication network 700 or the like, and can transmit employee information or the like to the cash management machine 100.

(Control unit 520)
For example, the control unit 520 is configured mainly by a CPU or the like, controls each functional unit of the management terminal 500, manages and displays a transaction status for each person in charge, and cooperates with the cash management machine 100. The date can be closed, and changes in employee information settings can be reflected in the cash management machine 100. The control unit 520 can also collate (authenticate) the ID and password used for login with the registered account information (ID, password, authority content, etc.). In addition, the control unit 520 also has a function of generating a one-time account (second account) for the master administrator, and performs verification (authentication) using the account information of the generated one-time account. It can also be done.

  Specifically, as illustrated in FIG. 4, the control unit 520 includes functional blocks of a one-time account generation unit (second one-time account generation unit) 522, a comparison unit 524, an authentication unit 526, and a storage unit 530. . Below, the detail of each functional block of the control part 520 is demonstrated.

-One-time account generation unit 522
The one-time account generation unit 522 uses the same algorithm (for example, the same encryption program) as the one-time account generation unit 822 of the head office terminal 800 to be described later, for example, one-time account information (second (One-time account information) (ID, personal identification number, authority content, etc.). More specifically, the one-time account generation unit 522, for example, terminal-specific information associated with the management terminal 500 and information regarding the date and time when the one-time account is to be generated (time related to the second one-time account) Information) can be used to generate the one-time account information.

-Comparator 524
The comparison unit 524 compares the account information (ID and personal identification number) input to the input unit 502 by the administrator with the administrator's account information (ID and personal identification number) registered in advance. Information on whether or not is output to the authentication unit 526 described later.

  Further, the comparison unit 524 generates the one-time account information (first one-time account information) (ID and personal identification number) input to the input unit 502 by the master administrator and the one-time account generation unit 522 described above. The one-time account information (second one-time account) (ID and personal identification number) is compared, and information indicating whether or not they match is output to the authentication unit 526 described later.

-Authentication unit 526
The authentication unit 526 compares the account information (ID and personal identification number) input by the administrator into the input unit 502 and the administrator account information (ID and personal identification number) registered in advance by the comparison by the comparison unit 524 described above. If they match, the administrator is permitted (authenticated) to log in and use the management terminal 500 within a range corresponding to the authority given to the administrator.

  Further, the authentication unit 526 compares the above-described comparison unit 524 with the one-time account information (first one-time account information) (ID and personal identification number) input to the input unit 502 by the master administrator, and the above-described comparison. If the one-time account information (second one-time account information) (ID and personal identification number) generated by the one-time account generation unit 522 matches, the master administrator logs in to the management terminal 500. , Allow (authenticate) login with master authority.

-Storage unit 530-
The storage unit 530 is realized by a ROM, RAM, HDD, or the like included in the control unit 520, and stores employee information and the like. For example, the storage unit 530 stores the above-described administrator account information (ID, password, authority, etc.). Furthermore, the storage unit 530 can also store terminal-specific information associated with the management terminal 500, and can store an encryption program and the like used when generating one-time account information.

  Further, the control unit 520 may incorporate a clock mechanism (not shown) for grasping accurate time and date.

<Detailed configuration of head office terminal 800>
The detailed configuration of the management terminal 500 according to the present embodiment has been described above. Next, a detailed configuration of the head office terminal 800 according to the present embodiment will be described with reference to FIG. FIG. 5 is a block diagram of the head office terminal 800 according to the present embodiment. For example, the head office terminal 800 is installed in the head office and has a function of generating a one-time account (first account) for a master administrator of a branch. As illustrated in FIG. 5, the head office terminal 800 mainly includes an input unit 802, a display unit (output unit) 804, a communication unit 814, and a control unit 820. Below, each function part of the management terminal 500 is demonstrated.

(Input unit 802)
The input unit 802 is a functional unit that receives an input operation of a head office authority (head office administrator) who operates the head office terminal 800, and is realized by, for example, a numeric keypad, a keyboard, or the like.

(Display unit 804)
The display unit 804 is a functional unit that displays an operation screen or the like to the head office authority (head office manager), and is realized by, for example, a CRT display device, an LCD device, an OLED device, or the like. Note that the above-described input unit 802 may be realized by a touch panel that is provided so as to overlap the display device included in the display unit 804. More specifically, the display unit 804 can output one-time account information (ID and personal identification number) generated by a one-time account generation unit 822 to be described later.

(Communication unit 814)
The communication unit 814 can receive employee information from the management terminal 500 or the like via the communication network 700 or the like, and can transmit employee information to the management terminal 500 or the like. In the present embodiment, the head office terminal 800 does not have to include the communication unit 814 described above.

(Control unit 820)
The control unit 820 is configured mainly by a CPU or the like, for example, and can control and register each employee information by controlling each functional unit of the head office terminal 800. Furthermore, the control unit 820 can generate a one-time account for the master administrator of the branch. Specifically, the control unit 820 includes a block of a one-time account generation unit (first one-time account generation unit) 822 and a storage unit 830, as shown in FIG. Below, the detail of each block of the control part 820 is demonstrated.

-One-time account generation unit 822
The one-time account generation unit 822 uses the same algorithm (for example, the same encryption program) as the one-time account generation unit 522 of the management terminal 500 described above, and thus the one-time account information (first one-time account information). (ID, password, authority content, etc.) are generated. More specifically, the one-time account generation unit 822, for example, the input device-specific information of the management terminal 500 and information on the date and time when the one-time account is to be generated (time information related to the first one-time account) ) Can be used to generate the one-time account information.

-Storage unit 830-
The storage unit 830 is realized by a ROM, RAM, HDD, or the like included in the control unit 820, and stores an encryption program used when generating employee information and one-time account information.

  Further, the control unit 820 may incorporate a clock mechanism (not shown) for grasping accurate time and date.

<Operation>
The detailed configuration of the head office terminal 800 according to the present embodiment has been described above. Next, operation | movement of the cash management system 1 which concerns on this embodiment is demonstrated with reference to FIGS. FIG. 6 is a sequence diagram of operations according to the present embodiment. 7 and 8 are explanatory diagrams for explaining an example of the one-time account issue screen. FIG. 9 shows a flowchart at the time of login using the one-time account according to the present embodiment. 10 and 12 are explanatory diagrams for explaining examples of the one-time account input screens 914 and 940 according to the present embodiment. FIG. 11 is an explanatory diagram for explaining an example of the menu screen 926 according to the present embodiment.

  First, the main flow of the operation according to the present embodiment will be described with reference to FIG.

  When a master administrator (user) belonging to a branch office forgets the ID and / or password associated with his / her account, he / she first has the authority to set the account of the master administrator at the head office. Contact the headquarters authority (headquarters administrator) by telephone and request the issuance of a one-time account.

  At this time, the master administrator transmits a branch code (terminal specific information) that is identification information for identifying the branch to which the master administrator belongs to the head office authority.

  Note that the branch code information is associated with the management terminal 500 installed at the branch and stored in the storage unit 530 of the management terminal 500, and can be said to be terminal-specific information unique to the management terminal 500. . In the present embodiment, the information transmitted from the master administrator to the headquarters authority is not limited to such a branch code. For example, a sequential number uniquely assigned to the management terminal 500 is used. It may be configured terminal-specific information, may be identification information associated with each master administrator, and is not particularly limited as long as it is identification information related to the master administrator.

  Then, the head office authority confirms the identity of the master administrator who made the call. In the present embodiment, the specific method of identity verification is not particularly limited. In the present embodiment, for example, the head office authority makes a return call to the master administrator, or inputs predetermined information (for example, a personal identification number) via a device in the cash management system 1, It can be implemented by performing biometric authentication.

  Next, when the identity is confirmed, the head office authority uses the head office terminal 800 to generate a one-time account (first one-time account) to be given to the master administrator. Note that the one-time account according to the present embodiment is installed in the corresponding branch only on the day when the master administrator who has been given the one-time account generates the one-time account using the one-time account. Only the corresponding management terminal 500 is an account that is permitted to log in. In the present embodiment, the restriction on the use of the one-time account is not limited to restricting the day as described above. For example, the use time zone and the number of times may be restricted. Good.

  Specifically, the head office authority displays the branch code transmitted by the master administrator over the telephone on the one-time account issuance screen 900 displayed on the display unit 804 of the head office terminal 800 as shown in FIG. input. Specifically, the head office authority inputs a branch code in the input field 902 of the one-time account issuance screen 900 and depresses the issuance button 904. In the present embodiment, the information to be input when generating the one-time account is not limited to the above branch code, and is composed of, for example, a sequential number uniquely assigned to the management terminal 500. It may be terminal-specific information, may be identification information associated with each master administrator, and is not particularly limited as long as it is identification information related to the master administrator. In the present embodiment, the one-time account issue screen 900 is not limited to the form shown in FIG. 7, and may include other operation buttons, for example.

  The head office terminal 800 generates a one-time account according to the present embodiment based on the input branch code and the date on which the branch code is input. At this time, the head office terminal 800 generates, for example, three one-time accounts. The details of the one-time account generation method in the head office terminal 800 will be described later.

  Specifically, the three one-time accounts (one-time account ID and password) generated by the head office terminal 800 are the one-time accounts shown on the display unit 804 of the head office terminal 800 as shown in FIG. The ID number display field 908 and the personal identification number display field 910 in the issue screen 906 are displayed. Note that the ID number and password shown on the one-time account issuance screen 906 in FIG. 8 are examples, and the ID number and password according to the present embodiment are numbers, alphabets (uppercase letters and lowercase letters) in order to increase security. And a character string having a plurality of digits in which symbols and symbols are mixed. In addition, in the ID number and the PIN code according to the present embodiment, the use of both or one of the easily misidentified characters, for example, the characters “1 (number 1)” and “l (lower case el)” is used. It is preferable to avoid it. Furthermore, in the present embodiment, the one-time account issue screen 906 is not limited to the form shown in FIG. 8, and may include other operation buttons, for example.

  The head office authority manages the one-time account information (ID and PIN) ("Account 1" in FIG. 8) displayed first among the three one-time accounts via the telephone or the like. Communicate to the person. The head office authority can end the display of the generated one-time account by depressing the end button 912 on the one-time account issuance screen 906.

  Next, the master administrator who has received the first one-time account information (ID and password) generated by the head office authority uses the one-time account information (ID and password) to manage the management terminal. Attempt login to 500.

  When the master administrator is able to log in to the management terminal 500, the master administrator initializes the forgotten ID and personal identification number, that is, the ID and personal identification number associated with his / her own account, Processing of a range of authority granted to the user, such as registration of an administrator who has administrative task authority, will proceed. Details of authentication using the one-time account information in the management terminal 500 will be described later.

  In this embodiment, when the ID associated with the one-time account input to the management terminal 500 by the master administrator overlaps with the ID associated with the account already registered in the management terminal 500. , Login to the management terminal 500 is not permitted.

  Therefore, in such a case, the master administrator informs the headquarters authority that the login has failed, and the headquarters authority displays the second one-time account information (ID) of the three one-time accounts. And the personal identification number ("account 2" in FIG. 8) are transmitted to the master administrator via a telephone or the like.

  Further, the master administrator who has received the second one-time account information (ID and personal identification number) generated by the head office authority uses the second one-time account (ID and personal identification number) to manage the terminal. Will attempt to log in to 500.

<One-time account generation method>
The main flow of the operation according to the present embodiment has been described above. Next, details of generation of a one-time account in the one-time account generation unit 822 of the head office terminal 800 and generation of a one-time account in the one-time account generation unit 522 of the management terminal 500 will be described.

  In the present embodiment, as described above, the head office terminal 800 and the management terminal 500 may not be connected to be communicable. Therefore, the information about the one-time account is not directly communicated between the head office terminal 800 and the management terminal 500, and thus the security of the one-time account can be improved.

  Accordingly, in the present embodiment, information about the one-time account is not directly communicated between the head office terminal 800 and the management terminal 500. Instead, the head office terminal 800 and the management terminal 500 Create the same one-time account using the same algorithm. By doing in this way, in this embodiment, authentication in the management terminal 500 can be performed using the one-time account generated in the head office terminal 800.

  In the following description, generation of a one-time account in the one-time account generation unit 822 of the head office terminal 800 will be described, but generation of a one-time account in the one-time account generation unit 522 of the management terminal 500 is also described below. This is performed in the same manner as the terminal 800.

  In the present embodiment, the one-time account generation unit 822 includes identification information (branch code) (terminal-specific information) of the branch where the management terminal 500 is installed, information on the date and time when the one-time account is to be generated, Using the same algorithm (for example, the same encryption program) as the one-time account generation unit 522 of the terminal 500, a plurality of uniquely determined one-time account information (ID and password) can be generated. In the following description, a method for generating a one-time account in which the one-time account information (ID and personal identification number) is uniquely determined mathematically will be described. In this embodiment, the cash management system 1 is operated. In addition, if no problem occurs, it is not always necessary to use a one-time account generation method that is strictly determined mathematically and uniquely.

  In the following description, as described above, the one-time account according to the present embodiment is used by the master administrator who is given the one-time account. It is assumed that the account is permitted to log in only to the corresponding management terminal 500 installed in the corresponding branch on the day when the password is generated. However, in the present embodiment, the limitation on the use of the one-time account is not limited to limiting the day as described above. Good.

  Specifically, the branch code used when generating the one-time account according to the present embodiment is stored in the storage unit 530 of the management terminal 500 installed in the branch (associated with the management terminal 500). A numeric string assigned as a sequential numeric string to each branch, and is information that can be confirmed by employees belonging to the corresponding branch. In the present embodiment, the information used when generating the one-time account is not limited to the above branch code, and is composed of, for example, a sequential number uniquely assigned to the management terminal 500. It may be terminal specific information, may be identification information associated with each master administrator, and is not particularly limited as long as it is identification information related to the master administrator.

  Furthermore, the information regarding the date and time used when generating the one-time account according to the present embodiment (time information regarding the one-time account) is specifically the date of the day on which the one-time account is to be generated (for example, , Year, month and day) information, and any date and time information that is uniquely determined is not particularly limited. Specifically, the one-time account generation unit 822 according to the present embodiment can use, for example, an 8-digit number string indicating the year, month, and day corresponding to the date on which the one-time account is generated. For example, when the date on which the one-time account is generated is July 4, 2017, the one-time account generation unit 822 uses the numeric string “20170704” as information related to the date and time used for generation. can do.

  Further, in the present embodiment, the one-time account generation unit 822 uses the encryption program that records the conversion key having a predetermined length stored in the storage unit 830 of the head office terminal 800 to generate a one-time account. Generate. In the present embodiment, the one-time account generation unit 522 of the management terminal 500 also generates a one-time account using the same encryption program as the encryption program.

  Hereinafter, an outline of generation of a one-time account by the one-time account generation unit 822 will be described. First, the one-time account generation unit 822 encrypts the branch code (branch code transmitted to the head office authority by the master administrator) input by the head office authority and the year, month, and year in which the one-time account is to be generated. Create a statement. Further, the one-time account generation unit 822 uses a part of the created ciphertext bitstream to convert it into n lines of numbers and m lines of alphanumeric characters. Then, the one-time account generation unit 822 generates a plurality of one-time account information (ID and personal identification number) using n rows of numbers obtained by conversion and m rows of alphanumeric characters. Note that the above-described numbers and alphanumeric n rows and m rows mean the numbers of numbers and alphanumerics arranged in the horizontal direction, and may be natural numbers appropriately selected.

  More specifically, the one-time account generation unit 822 creates a plaintext by combining the branch code and the year, month, and year in a predetermined method, and uses the conversion key as an encryption key for the created plaintext. A ciphertext having a predetermined length is generated by performing block encryption of the method. Further, the one-time account generation unit 822 extracts 80 bits of information from a predetermined position of the created ciphertext, converts the information of the first 40 bits of the extracted information into 12-line numbers, and extracts them. The latter 40 bits of information are converted into 8 lines of alphanumeric characters. Then, the one-time account generation unit 822 uses the 12-digit number obtained by the conversion as an ID related to the one-time account, and the 8-digit alphanumeric character obtained as a conversion serves as a personal identification number related to the one-time account (see FIG. 8).

  In addition, the one-time account generation unit 822 changes the position to extract information from the created ciphertext according to a predetermined rule, or selects one encryption key from a plurality of encryption keys stored in advance according to the predetermined rule By doing so, a plurality of one-time account information (ID and personal identification number) can be generated.

  In the present embodiment, the one-time account generation unit 822 of the head office terminal 800 and the one-time account generation unit 522 of the management terminal 500 use a common encryption program stored in advance, respectively, to a predetermined branch. A plurality of identical one-time account information (ID and personal identification number) can be generated based on the code and the year, month and date according to common rules. The one-time account generation unit 522 of the management terminal 500 can generate the one-time account information by using a branch code that is acquired in advance and stored in the management terminal 500.

  In the above description, the one-time account generation unit 822 uses the 12-line number obtained by conversion as the ID related to the one-time account, and the 8-line alphanumeric characters obtained through conversion relate to the one-time account. Although the personal identification number is used, the present embodiment is not limited to this. In the present embodiment, the number of rows of IDs and passwords can be appropriately selected based on convenience, balance of security strength, and use frequency.

  Further, in the present embodiment, the one-time account generation unit 822 and the one-time account generation unit 522 generate a plurality of one-time account information (for example, three one-time account information) (ID and password). However, in consideration of the case where the generated one-time account information overlaps with the account information (ID and personal identification number) already registered in the management terminal 500, a plurality of one-time account information is generated.

<Login>
Hereinafter, a processing method at the time of login using the one-time account information (ID and personal identification number) in the management terminal 500 according to the present embodiment will be described with reference to FIGS. Specifically, as shown in FIG. 9, the processing method according to the present embodiment can include a plurality of steps from step S101 to step S109. Below, the detail of each step of the processing method which concerns on this embodiment is demonstrated.

  In the following description, a processing method in the management terminal 500 when the master administrator logs in to the management terminal 500 using the one-time account information (ID and personal identification number) generated in the head office terminal 800 will be described.

  First, the master administrator who has received the one-time account information (ID and personal identification number) generated at the head office terminal 800 from the head office authority (head office administrator) sends the one-time account information (one-time account information) to the management terminal 500. Enter your time account ID and PIN) and try to log in.

  Specifically, the master administrator inputs the ID and password for the one-time account in the input fields 916 and 918 of the one-time account input screen 914 shown in FIG. In the present embodiment, the one-time account input screen 914 is not limited to the form shown in FIG. 10, and for example, a password change button for displaying a screen for changing the password. Other operation buttons such as 922 and a cancel button 924 for canceling login may be included.

(Step S101)
The management terminal 500 compares the input account information (ID and password) with the administrator's account information (ID and password) registered in the management terminal 500 in advance. If the input account information matches the administrator's account information registered in advance in the management terminal 500, the management terminal 500 proceeds to step S107 described later. On the other hand, if the input account information does not match the administrator's account information registered in the management terminal 500 in advance, the input account information is one-time account information (ID and personal identification number). Since there is a possibility that it will exist, it progresses to step S103 mentioned later.

(Step S103)
As described above, the management terminal 500 generates a plurality of one-time account information (ID and password) (for example, three one-time account information).

(Step S105)
The management terminal 500 compares the input account information (ID and personal identification number) with the one-time account information (ID and personal identification number) generated in step S103 described above. If the input account information matches the generated one-time account information, the management terminal 500 proceeds to step S107 described later. On the other hand, if the input account information does not match the generated one-time account information, the management terminal 500 proceeds to step S109 described later.

(Step S107)
The management terminal 500 permits (authenticates) login with master authority to the master administrator. Specifically, the management terminal 500 displays a menu screen 926 as shown in FIG. 11 for the master administrator. The menu screen 926 includes various menu buttons 928, 930, 932, 934, and 936 corresponding to tasks that can be performed with the master authority, and the master administrator sets the menu buttons 928, 930, 932, 934, and 936. By depressing, processing of each task that can be performed by a person having master authority is performed. In the menu screen 926, the display or non-display of various menu buttons 928, 930, 932, 934, and 936 may be changed according to the authority of the logged-in administrator or master administrator, or various menus may be displayed. The display form (lightness, color, etc.) of the buttons 928, 930, 932, 934, 936 may be changed. In the present embodiment, the menu screen 926 is not limited to the form shown in FIG. 11, and includes other operation buttons such as a logout button 938 for logging out, for example. Also good.

(Step S109)
The management terminal 500 displays an alert message to the master administrator, assuming that the input account information (ID and personal identification number) may be incorrect. Specifically, the management terminal 500 displays a one-time account input screen 940 as shown in FIG. 12 to the master administrator. The one-time account input screen 940 includes an alert window 942 displayed on the same display as the one-time account input screen 914 of FIG. 10 described above. The alert window 942 indicates that the input account information (ID and password) is incorrect (for example, “ID number or password is different” is displayed in FIG. 12). And a word that prompts the user to check the account information again (for example, “Please confirm your ID number and PIN” in FIG. 12). Further, the alert window 942 includes an OK button (for example, shown as an “OK” button in FIG. 12) 944 for transmitting from the user to the management terminal 500 that the words displayed in the alert window 942 have been confirmed. Including. For example, when the master administrator pushes down the OK button 944, the management terminal 500 is switched to a state of waiting for login, waiting for input of account information again. In the present embodiment, the alert window 942 is not limited to the form as shown in FIG. 12, but may be another form.

  That is, in this embodiment, even if the one-time account information (ID and password) generated at the head office terminal 800 is not registered in the management terminal 500 in advance, the management terminal 500 uses the same method as the head office terminal 800. Since the same one-time account information can be generated, the management terminal 500 can confirm (authenticate) whether or not the master administrator has logged in with the regular one-time account information.

  In the present embodiment, when an incorrect branch code is input when generating a one-time account at the head office terminal 800, the one-time account information (ID and password) generated at the head office terminal 800 and management are performed. The one-time account information generated by the terminal 500 will not match. As a result, the master administrator cannot log in to the management terminal 500 using the one-time account information generated with an incorrect branch code. Furthermore, an attempt is made to log in to the management terminal 500 installed in a branch other than the branch related to the branch code used when the head office terminal 800 generates a one-time account using the one-time account information (ID and personal identification number). In this case, the one-time account information generated at the head office terminal 800 and the one-time account information generated at the management terminal 500 do not match, so that login is not permitted. That is, in this embodiment, the branch offices or management terminals 500 that can be used by the one-time account are limited.

  Further, in the present embodiment, the master administrator logs in to the management terminal 500 using the ID and the personal identification number associated with the one-time account on a date different from the day when the one-time account is generated at the head office terminal 800. Even when trying to do so, the one-time account information (ID and personal identification number) generated by the head office terminal 800 and the one-time account information generated by the management terminal 500 do not match, so that login is not permitted. That is, in this embodiment, the days that can be used are limited by the one-time account.

  As described above, login to the management terminal 500 using the one-time account information (ID and password) generated at the head office terminal 800 is permitted only for a specific branch or management terminal 500 and a specific day. The Rukoto. Furthermore, by granting master authority to the one-time account, the master administrator can log in to the management terminal 500 with the master authority using the one-time account information.

<< Summary >>
As described above, in the embodiment of the present invention, the head office authority (head office manager) inputs the branch code transmitted from the master manager who forgot the account information (ID and personal identification number) to the head office terminal 800. By doing so, the one-time account information to which the master authority is given can be generated. Furthermore, in this embodiment, the master administrator who has received the one-time account information generated from the head office authority uses the one-time account information to limit the master to a specific day and a specific management terminal 500. You can log in with authority. Therefore, in this embodiment, even if the master administrator forgets the account information given to himself, the master administrator does not go to the branch etc. It becomes possible to proceed with the work related to. As a result, according to the present embodiment, it is possible to suppress an increase in maintenance costs without causing a temporary stagnation in business.

  Furthermore, the one-time account according to the present embodiment is limited in the branch office or management terminal 500 that can be used and the date, so that security can be secured and unauthorized use (moral hazard) can be prevented.

  In addition, in the cash management system 1 according to the present embodiment, when the cash management machine 100 and the management terminal 500 are initially installed, the initial setting account registered in these devices is used to cope with various authorities including the master authority. After the registration is completed, the initial setting account is deleted from these devices.

<< Supplementary >>
The preferred embodiments of the present invention have been described in detail above with reference to the accompanying drawings, but the present invention is not limited to such examples. It is obvious that a person having ordinary knowledge in the technical field to which the present invention pertains can come up with various changes or modifications within the scope of the technical idea described in the claims. Of course, it is understood that these also belong to the technical scope of the present invention.

  Moreover, each step in the information processing method of the embodiment of the present invention described above does not necessarily have to be processed in the order described. For example, the steps may be processed by changing the order as appropriate. Each step may be processed in parallel or individually instead of being processed in time series. Furthermore, the processing of each step does not necessarily have to be performed according to the described method. For example, the processing may be performed by another function unit using another method.

  Furthermore, at least a part of the information processing method according to the above embodiment can be configured by software as an information processing program for causing a computer to function. When configured by software, at least one of these methods is possible. The program that realizes the storage unit may be stored in a recording medium such as a flexible disk or a CD-ROM (Compact Disc Read Only Memory), and read and executed by a PC or the like. The recording medium is not limited to a removable medium such as a magnetic disk or an optical disk, but may be a fixed recording medium such as a hard disk device or a memory. Furthermore, a program for realizing at least a part of these methods may be distributed via a communication line (including wireless communication) such as the Internet. Further, the program may be distributed in a state where the program is encrypted, modulated or compressed, and stored in a recording medium via a wired line such as the Internet or a wireless line.

DESCRIPTION OF SYMBOLS 1 Cash management system 100 Cash management machine 102,202,502,602,802 Input part 104,204,504,604,804 Display part 106 Banknote depositing / withdrawing part 108 Coin depositing / withdrawing part 110 Printer part 114,414,514,814 Communication unit 120, 420, 520, 820 Control unit 124 Cash management processing unit 130, 430, 530, 830 Storage unit 200 Window terminal 210, 610 Printer 300 Change machine 400 Sales information management server 500 Management terminal 522, 822 One-time account generation Section 524 Comparison section 526 Authentication section 600 Mobile terminal 700 Communication network 800 Head office terminal 900, 906 One-time account issue screen 902, 916, 918 Input field 904 Issue button 908 ID number display field 910 Security code display field 912 End button Tan 914, 940 One-time account input screen 920 Login button 922 Security code change button 924 Cancel button 926 Menu screen 928, 930, 932, 934, 936 Menu button 938 Logout button 942 Alert window 944 OK button

Claims (9)

Including a first terminal and a second terminal;
The first terminal is
A first one-time account generating unit that generates first one-time account information;
An output unit for outputting the generated one-time account information;
Have
The second terminal is
A second one-time account generator for generating second one-time account information;
A comparison unit that compares the input first one-time account information with the generated second one-time account information;
If the comparison shows that the first one-time account information matches the second one-time account information, authentication for authenticating a predetermined authority to the user who has input the first one-time account information And
Having
Information processing system.   The information processing system according to claim 1, wherein the first terminal and the second terminal are separated in a state in which information cannot be communicated with each other.   The first one-time account generation unit and the second one-time account generation unit generate the first one-time account information and the second one-time account information using the same algorithm. The information processing system according to claim 1 or 2.   The first one-time account generation unit and the second one-time account generation unit use the same encryption program to convert the first one-time account information and the second one-time account information. The information processing system according to claim 3 to generate. The first one-time account generation unit
Generating the first one-time account information using the input identification information related to the user and the time information related to the first one-time account;
The information processing system according to any one of claims 1 to 4. The second one-time account generation unit
Generating the second one-time account information using identification information related to the user acquired in advance and time information related to the second one-time account;
The information processing system according to any one of claims 1 to 5. The identification information related to the user is terminal-specific information associated with the second terminal used by the user.
The information processing system according to claim 5 or 6. The predetermined authority is an authority capable of using a management terminal that manages a cash management apparatus,
The second terminal is the management terminal;
The information processing system according to any one of claims 1 to 7. Including a first unit and a second unit;
The first unit is:
A first one-time account generating unit that generates first one-time account information;
An output unit for outputting the generated one-time account information;
Have
The second unit is
A second one-time account generator for generating second one-time account information;
A comparison unit that compares the input first one-time account information with the generated second one-time account information;
If the comparison shows that the first one-time account information matches the second one-time account information, authentication for authenticating a predetermined authority to the user who has input the first one-time account information And
Having
Information processing device.

Images