JP2019159522A - Authentication system - Google Patents

Abstract

To provide an authentication system which allows a client who wishes a transaction requiring identity verification to apply for the transaction in a teller machine coordinating with a transaction server of, e.g., a financial institution that conducts the transaction.SOLUTION: A teller machine comprises: an inquiry request transmission unit which transmits to a transaction server a temporary application inquiry request including a temporary application code and, in response, receives an inquiry result; a card reading unit which reads card information from a card; a verification request unit which transmits to an authentication server an electronic certificate included in the card information and, in response, receives a certificate confirmation result; and a main application transmission unit which, if the inquiry result indicates success of the inquiry, transmits to the transaction server a main application request including the certificate confirmation result and the temporary application code.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an authentication system.

  The Crime Revenue Prevention Law (hereinafter referred to as the “Crime Collection Law”) stipulates that financial institutions must perform identity verification procedures for certain transactions such as opening an account.

  In the Criminal Acquisition Act, as one of the methods of non-face-to-face identity verification, you receive the actual certificate or a copy of a public certificate such as a driver's license or various health insurance cards. A method of sending a document such as a bankbook related to the transaction by registered mail or a method of using an electronic certificate to the address of the customer described.

  The personal number card (hereinafter referred to as “My Number Card”) used for the public personal authentication service, which was issued in October 2016, stores an electronic certificate for signature that can be used as an electronic certificate. Therefore, a private business operator can use the My Number Card as an electronic signature by inquiring the validity of the electronic certificate to a public certification authority (for example, Patent Document 1).

Japanese Patent No. 619459

  In the case of non-face-to-face identity verification, the burden of customers going to the store of financial institutions, etc. (meaning a specific business operator stipulated in the Crime Law) is eliminated, and the burden of counter operations at the stores is reduced. On the other hand, when sending a document relating to a transaction to the address described in the sent public certificate, the financial institution is charged with a procedure for sending the document, and the customer is responsible for receiving this document.

  When using an electronic certificate for non-face-to-face identity verification, a device that reads My Number Card is required. For example, when an IC card reader is used as a reading device, it is not convenient because the customer needs to purchase it by himself, and the security of the computer to which the IC card reader is connected depends on the administrator of the computer. Security is not guaranteed. Similarly, when a smartphone is used as a reading device, security is not ensured because the security depends on the administrator of the smartphone. When using a multifunction device as a reading device, convenience is ensured by installing a multifunction device equipped with a reading function in a public place, but it is not considered to peek at the input / output screen etc. Security is not guaranteed.

  Therefore, the present invention provides an authentication system that enables a customer who desires a transaction requiring identity verification to apply for the transaction in a deposit / withdrawal device that cooperates with a transaction server such as a financial institution executing the transaction. For the purpose.

  A deposit / withdrawal apparatus according to an aspect of the present invention includes a reference request transmission unit that transmits a temporary application inquiry request including a temporary application code to a transaction server and receives an inquiry result as a response, and a card reading unit that reads card information from a card And a verification request unit that sends the electronic certificate included in the card information to the authentication server and receives the certificate confirmation result as a response, and the temporary application code and certificate if the inquiry result indicates that the inquiry was successful. A main application transmission unit that transmits the main application request including the confirmation result to the transaction server.

  According to this aspect, a customer who wants a transaction that requires identity verification completes the application for the transaction specified by the provisional application code by causing the card storing the electronic certificate to be read by the deposit / withdrawal device. Can do.

  In the deposit / withdrawal apparatus, the inquiry result may include the applicant information, and the verification request unit may verify whether the applicant information matches the corresponding information in the card information. According to this aspect, the deposit / withdrawal apparatus can verify whether or not the card of the customer who made the provisional application has been read.

  In the deposit / withdrawal apparatus, the verification request unit determines whether the person specified by the image information acquired by the imaging unit of the deposit / withdrawal apparatus matches the person specified by the face photo information included in the card information. It may be verified. According to this aspect, the deposit / withdrawal apparatus can verify that the person himself / herself specified by the card is operating with the deposit / withdrawal apparatus.

  In the deposit / withdrawal apparatus, the application request may further include additional information indicating a result verified by the verification request unit. According to this aspect, in the transaction server, it is confirmed that the card of the customer who made the provisional application has been read by the deposit / withdrawal device and / or that the person identified by the card is operating with the deposit / withdrawal device. Can be confirmed.

  According to another aspect of the present invention, a computer-implemented method includes a step of transmitting a provisional application inquiry request including a provisional application code to a transaction server and receiving an inquiry result as a response, and a step of reading card information from a card. , Send the electronic certificate included in the card information to the authentication server, receive the certificate confirmation result as a response, and if the inquiry result indicates that the inquiry was successful, the temporary application code and certificate confirmation result And a step of transmitting the application request including the transaction request to the transaction server.

  A program according to another aspect of the present invention includes a process for transmitting a provisional application inquiry request including a provisional application code to a transaction server and receiving an inquiry result as a response, a process for reading card information from a card, and card information. Process to receive the certificate confirmation result as a response, and if the inquiry result indicates that the inquiry was successful, this application request including the temporary application code and certificate confirmation result Processing to be transmitted to the transaction server.

  The transaction server according to another aspect of the present invention generates a provisional application code in response to receiving provisional application information, and registers a provisional application record based on the provisional application information and the provisional application code. Temporary application acceptance section that receives provisional application inquiry requests including provisional application codes from web provisional application acceptance sections that send provisional application codes to customer contacts and deposit / withdrawal devices. The provisional application inquiry section that determines whether or not there is a provisional application record specified by the provisional application code and sends the inquiry result to the deposit / withdrawal device, and includes the provisional application code and certificate confirmation result from the deposit / withdrawal device An ATM main application reception unit that receives the main application request and links the certificate confirmation result to the data of the temporary application record specified by the temporary application code. Read from Indicating whether successful validation of electronic certificates in the taken card information, and a ATM present application receiving section.

  According to this aspect, a customer who wants a transaction that requires identity verification makes a provisional application for the transaction by sending provisional application information, and the transaction specified by the provisional application code generated according to the provisional application. The application can be completed by having the card storing the electronic certificate read by the deposit / withdrawal device.

  A deposit / withdrawal apparatus according to another aspect of the present invention includes a card reading unit that reads card information from a card, and a verification that transmits an electronic certificate included in the card information to an authentication server and receives a certificate confirmation result as a response. Based on request information, provisional application request including certificate confirmation result to transaction server, and provisional application transmission unit that receives provisional application code as response, provisional application code and link information to transaction server website And a two-dimensional code generation unit for generating a two-dimensional code.

  According to this aspect, a customer who desires a transaction requiring identity verification makes a provisional application for the transaction by causing the card storing the electronic certificate to be read by the deposit / withdrawal device, and completes the application. Link information to the website can be obtained from the deposit / withdrawal device.

  In the deposit / withdrawal apparatus, the verification request unit determines whether the person specified by the image information acquired by the imaging unit of the deposit / withdrawal apparatus matches the person specified by the face photo information included in the card information. It may be verified. According to this aspect, the deposit / withdrawal apparatus can verify that the person himself / herself specified by the My Number card is operating with the deposit / withdrawal apparatus.

  The transaction server according to another aspect of the present invention generates a provisional application code in response to receiving the provisional application request including the certificate confirmation result from the deposit / withdrawal device, and generates the certificate confirmation result and the provisional application. ATM provisional application acceptance unit that registers a provisional application record based on the code, and transmits the provisional application code to the deposit / withdrawal device, and responds to receiving the provisional application code and the present application information And a web main application reception unit that links the application information to the certificate confirmation result of the temporary application record specified by the temporary application code.

  According to this aspect, a customer who desires a transaction requiring identity verification makes a provisional application for the transaction by sending a certificate confirmation result from the deposit / withdrawal device, and the provisional application code generated in response to the provisional application is used. The application can be completed by sending this application information for the identified transaction.

  A deposit / withdrawal device according to another aspect of the present invention transmits a card application inquiry request including a card reading unit, a card code read from the first card by the card reading unit, and a first PIN, and makes an inquiry as a response. A card inquiry request transmission unit that receives the result, and a verification request unit that transmits the electronic certificate included in the card information read from the second card by the card reading unit to the authentication server and receives the certificate confirmation result as a response And an activation request transmission unit that transmits an activation request including a card code, a second PIN, and a certificate confirmation result to the transaction server and receives the activation result as a response when the inquiry result indicates that the inquiry is successful; When the activation result indicating successful activation is sent from the transaction server, the second PIN is written to the first card. And an over-de-writing part.

  According to this aspect, a customer who desires a transaction requiring identity verification, deposits / withdraws the second card in which the electronic certificate is stored for the transaction specified by the card code of the first card and the first PIN. The application can be completed by reading it with the device, and the PIN of the first card can be updated to the second PIN.

  In the deposit / withdrawal apparatus, the inquiry result may include the applicant information, and the verification request unit may verify whether the applicant information matches the corresponding information in the card information. According to this aspect, the deposit / withdrawal apparatus can verify whether or not the card of the customer who made the provisional application has been read.

  In the deposit / withdrawal apparatus, the verification request unit determines whether the person specified by the image information acquired by the imaging unit of the deposit / withdrawal apparatus matches the person specified by the face photo information included in the card information. You may verify. According to this aspect, the deposit / withdrawal apparatus can verify that the person himself / herself specified by the My Number card is operating with the deposit / withdrawal apparatus.

  In response to receiving the card application information, the transaction server according to another aspect of the present invention generates a temporary PIN of the card to be issued and registers a card record based on the card application information and the temporary PIN. Receiving a card application inquiry request including the card code and the first PIN from the card application acceptance unit and the deposit / withdrawal device, and determining whether or not a card record specified by the card application inquiry request exists; The card application inquiry section that transmits the inquiry result to the deposit / withdrawal device, the activation request including the card code, the second PIN and the certificate confirmation result from the deposit / withdrawal device, and the card record specified by the card code An activation request accepting unit that associates the second PIN and the certificate confirmation result with the data, and the certificate confirmation result is stored in the card at the deposit / withdrawal device Indicating whether successful validation of electronic certificates in the al read card information, and a activation request receiving unit.

  According to this aspect, a customer who desires a transaction that requires identity verification makes a provisional application for the transaction by transmitting card application information, and is specified by the card code and provisional PIN of the card issued in response to the provisional application. The application can be completed by having the card storing the electronic certificate read by the depositing / withdrawing device.

  According to the present invention, there is provided an authentication system that enables a customer who desires a transaction requiring identity verification to apply for the transaction in a deposit / withdrawal device linked with a transaction server such as a financial institution executing the transaction. be able to.

It is a figure which shows the structural example of the authentication system which concerns on one Embodiment of this invention. It is a block diagram of the company server which concerns on 1st Embodiment of this invention. It is a block diagram of the customer terminal which concerns on 1st Embodiment of this invention. It is a block diagram of ATM which concerns on 1st Embodiment of this invention. It is a figure which illustrates the contents of temporary application DB concerning one embodiment of the present invention. It is a flowchart which shows an example of the authentication process which concerns on 1st Embodiment of this invention. It is a flowchart which shows an example of the authentication process which concerns on 1st Embodiment of this invention. It is a block diagram of the enterprise server which concerns on 2nd Embodiment of this invention. It is a block diagram of the customer terminal which concerns on 2nd Embodiment of this invention. It is a block diagram of ATM which concerns on 2nd Embodiment of this invention. It is a flowchart which shows an example of the authentication process which concerns on 2nd Embodiment of this invention. It is a flowchart which shows an example of the authentication process which concerns on 2nd Embodiment of this invention. It is a block diagram of the enterprise server which concerns on 3rd Embodiment of this invention. It is a block diagram of ATM which concerns on 3rd Embodiment of this invention. It is a flowchart which shows an example of the authentication process which concerns on 3rd Embodiment of this invention. It is a flowchart which shows an example of the authentication process which concerns on 3rd Embodiment of this invention.

  Embodiments of the present invention will be described with reference to the accompanying drawings. In addition, the following embodiment is for making an understanding of this invention easy, and is not for limiting and interpreting this invention. The present invention can be variously modified without departing from the gist thereof. Furthermore, those skilled in the art can employ embodiments in which the elements described below are replaced with equivalent ones, and such embodiments are also included in the scope of the present invention.

(First embodiment)
(System configuration)
Although details will be described later, the outline is as follows. FIG. 1 shows a configuration example of an authentication system according to an embodiment of the present invention. The authentication system 1 includes one or more company servers 10 (10a, 10b,... 10n), a customer terminal 20, an automatic teller machine (hereinafter referred to as ATM) 30, and a public personal authentication server 40. One company may have one company server 10, or one company may have a plurality of company servers 10 when a plurality of transaction services are provided by one company. Good. In cooperation with the ATM 30 and the public personal authentication server 40, one or a plurality of companies that accept applications for transactions from customers using the customer terminals 20 have the company server 10. The enterprise server 10 is configured to communicate with the customer terminal 20 via the network N. The enterprise server 10 is configured to communicate with the ATM 30 via the dedicated line PN. It should be noted that the customer terminal 20 includes a case of a shared terminal that is owned by a company and temporarily licensed to the customer.

  A customer can access a transaction service site provided by the company server 10 using, for example, a customer terminal 20 different from the ATM 30 and make a provisional application for a transaction. Here, the provisional application in the present specification is an application procedure for the transaction that is performed together with a part of information necessary for completing the application for the transaction. In addition, the present application is a procedure for completing a transaction application by supplementing information not included in the provisional application. By introducing the provisional application and the main application, information related to identification and other information necessary to complete the application for the transaction that requires the verification of the identity, and each terminal corresponding to the characteristics of these information And can be transmitted to the enterprise server 10. Specifically, ATM 30 that has an IC card reading function and ensures security can be used to transmit information relating to identity verification. On the other hand, for the transmission of other information, the customer terminal 20 that is easier for the customer to operate and is less susceptible to the waiting time that may occur at the ATM 30 can be used.

  The company server 10 that has received the provisional application transmits provisional application inquiry data including the company code and the provisional application code to the customer terminal 20. The company code is information for uniquely identifying each company that manages each company server 10. The temporary application code is information used to uniquely identify a temporary application from a customer. Note that the code in this specification is information including one or more of kanji, hiragana, katakana, alphanumeric characters, symbols, and the like. The customer operates the ATM 30 to input the company code and provisional application code included in the provisional application inquiry data, reads the my number card, and provides the electronic certificate for signing. Can be completed.

  The company server 10 provides a website on the network N for providing transaction services. On the website, customers can make provisional applications for transactions. When the company server 10 receives a provisional application from the customer terminal 20, the company server 10 generates a provisional application code and registers the provisional application data together with information about the received provisional application. In addition, as a response to the provisional application from the customer terminal 20, provisional application inquiry data including the company code and the provisional application code is transmitted to the customer terminal 20.

  The customer who has received the provisional application inquiry data at the customer terminal 20 operates the ATM 30 and inputs a provisional application code, a company code, and the like. In response to the input, the ATM 30 transmits a temporary application inquiry request including the input temporary application code to the company server 10 specified by the input company code. When receiving the inquiry result indicating that the application inquiry is successful from the company server 10, the ATM 30 requests the customer to present the my number card, and transmits the read electronic certificate for signature to the public personal authentication server 40. Upon receiving the certificate confirmation result indicating that the validity of the digital certificate for signature has been successfully confirmed from the public personal authentication server 40, the ATM 30 obtains the personal identification result including the temporary application code, the certificate confirmation result, and the My Number. The application request including this is transmitted to the company server 10.

  The company server 10 that has received the present application request from the ATM 30 can complete the present application by associating the personal identification result and my number with the temporary application data specified by the temporary application code. The customer can complete the application without visiting the counter or receiving mail at home. In addition, when a company is required by law to collect my number, it is possible to complete number collection by associating my number at the same time.

(Corporate server configuration)
FIG. 2 shows the configuration of the enterprise server 10 according to the first embodiment of the present invention. In FIG. 2, only a necessary functional configuration is shown assuming a single corporate server 10, but the corporate server 10 may be configured as a part of a multi-functional distributed system using a plurality of computer systems. it can.

  The enterprise server 10 is a server device having a function of communicating with the customer terminal 20 via the network N and communicating with the ATM 30 via the dedicated line PN. As shown in FIG. 2, the enterprise server 10 includes an input unit 11, a control unit 12, a storage unit 13, and a communication unit 14.

  The input unit 11 receives various inputs to the company server 10.

  The control unit 12 includes an arithmetic processing unit 121 such as a CPU or MPU and a memory 122 such as a RAM. The arithmetic processing unit 121 operates various functional units by executing a program stored in the storage unit 13 based on various inputs. This program may be stored in a recording medium such as a CD-ROM, or distributed via the network N and installed in a computer. The memory 122 is used for temporarily storing various data necessary for calculation and the like during execution of processing in the company server program.

  The storage unit 13 is configured by a storage device such as a hard disk, and records various programs necessary for executing processing in the control unit 12, data necessary for executing the various programs, and the like. In the present embodiment, the storage unit 13 preferably includes a provisional application database (DB) 131, a customer DB 132, and an account DB 133.

  The provisional application DB 131 stores information related to provisional applications for transactions. In one embodiment, as shown in FIG. 5, the provisional application DB 131 includes a provisional application code, application details, name, date of birth, gender, address, identity verification result, my number, customer contact information, registration date and time, etc. Is preferably registered.

  The temporary application code is information used to uniquely identify a temporary application from a customer. In one embodiment, in response to acceptance of a provisional application from the customer terminal 20, the company server 10 generates a provisional application code.

  The application content is information related to a transaction for making a temporary application, and corresponding information included in the temporary application information transmitted from the customer terminal 20 is stored. For example, when a customer makes a provisional application for opening an account, the application content includes a branch number desired to open an account, an account type, and the like.

  The name, date of birth, gender, address, and customer contact information are information regarding the customer who makes the provisional application, and corresponding information included in the provisional application information transmitted from the customer terminal 20 is stored. The customer contact information is information used for transmitting provisional application inquiry data to the customer terminal 20, such as an e-mail address and a mobile terminal phone number.

  The identity verification result is information relating to the identity verification verified using the My Number card. In the present embodiment, the identity confirmation result includes at least the certificate confirmation result obtained from the public personal authentication server 40 in which the ATM 30 is the verifier of the signature electronic certificate. In one embodiment, the identity verification result may further include additional information indicating whether or not the information read from the my number card matches the information specifying the applicant. For example, in one embodiment, the additional information may be information indicating whether the date of birth read from the My Number card matches the date of birth included in the provisional application information. In another embodiment, the additional information is information indicating whether or not the person specified by the facial photograph information read from the My Number card matches the person specified by the image information acquired by the ATM 30. Also good.

  The date and time when the record was registered is set as the registration date and can be used to manage the expiration date of the provisional application.

  The customer DB 132 stores information about customers. In one embodiment, it is desirable that a customer code, name, date of birth, sex, address, my number, customer contact information, etc. are registered in the customer DB 132. The customer code is information used to uniquely identify a customer. In the present embodiment, when the main application of the transaction provisionally applied by the customer is completed, a customer record is registered in the customer DB 132 based on the temporary application record in the temporary application DB 131.

  The account DB 133 stores information related to customer accounts. In one embodiment, it is desirable that a branch number, an account number, an account type, a customer code, a PIN, and the like are registered in the account DB 133. In one embodiment, when the main application of the transaction provisionally applied by the customer is completed, an account record is registered in the account DB 133 based on the temporary application record in the temporary application DB 131. The PIN is information used for authenticating the customer, and is information including, for example, a 4-digit number.

  The communication unit 14 has a communication interface for connecting the enterprise server 10 to the dedicated line PN and the network N. For example, the communication unit 14 can be realized by a LAN card, an analog modem, an ISDN modem, and the like, and an interface for connecting them to the processing unit via a transmission line such as a system bus.

  Further, as shown in FIG. 2, the arithmetic processing unit 121 includes a website providing unit 123, a web provisional application receiving unit 124, a provisional application inquiry unit 125, and an ATM main application receiving unit 126 as functional units.

  The website providing unit 123 provides a website on the network N for providing services. On this website, customers can make provisional applications for transactions or make final applications. The website providing unit 123 transmits a web page described in HTML (HyperText Markup Language) or the like to the customer terminal 20 used by the customer, and receives user input and the like from the customer terminal 20.

  The website providing unit 123 creates a corresponding web page in response to an input from the customer and transmits it to the customer terminal 20. Specifically, for example, the website providing unit 123 transmits various web pages related to the provisional application screen of the transaction, the main application screen of the provisionally applied transaction, and the like to the browser of the customer terminal 20.

  In response to the provision of provisional application information from the customer terminal 20 by the website providing unit 123, the web provisional application receiving unit 124 generates a provisional application code and registers a provisional application record in the provisional application DB 131. In one embodiment, provisional application information includes application details, name, date of birth, gender, address, customer contact information, and the like. The web provisional application reception unit 124 registers a provisional application record based on the provisional application information and the generated provisional application code. The date and time when the provisional application record is registered is stored in the registration date and time.

  The web provisional application reception unit 124 transmits provisional application inquiry data including the company code and the provisional application code to the customer contact information of the customer. The company code is information for uniquely identifying each company that manages each company server 10. In one embodiment, the web provisional application receiving unit 124 transmits the company code and the generated provisional application code to a customer contact included in the provisional application information. In one embodiment, the web provisional application receiving unit 124 may include the expiration date of the provisional application record in the provisional application inquiry data. The expiration date may be calculated based on the registration date and time of the provisional application record.

  The provisional application inquiry unit 125 receives a provisional application inquiry request from the ATM 30 and inquires of the provisional application. In one embodiment, the provisional application inquiry request includes a provisional application code. The provisional application inquiry unit 125 determines whether or not a provisional application record specified by the provisional application inquiry request exists in the provisional application DB 131 and transmits the inquiry result to the ATM 30. The inquiry result includes information (success, failure) indicating whether or not the inquiry is successful.

  In one embodiment, the provisional application inquiry unit 125 includes, in the inquiry result, at least one of basic four information (name, date of birth, sex, and address) that can be read from the my number card among the information of the provisional application record. May be. By including information from the provisional application record in the inquiry result, it is possible to verify whether or not the My Number card of the customer who made the provisional application has been read in the ATM 30, as will be described later.

  The ATM main application receiving unit 126 receives a main application request including the temporary application code and the personal identification result from the ATM 30, and associates the personal identification result with the data of the temporary application record specified by the temporary application code. In one embodiment, when the personal identification result indicates that the personal identification is successful, the ATM main application receiving unit 126 registers the records in the customer DB 132 and the account DB 133 based on the provisional application record.

  Finally, the ATM main application reception unit 126 transmits a main application result indicating whether or not the main application is successful to the ATM 30. For example, if the customer has made a provisional application for opening an account, the result of this application may include the branch number, account number, account type, etc. of the opened account. The account number, the account type, etc. may be transmitted to the customer terminal 20. Moreover, you may include the text for a display for displaying on ATM30 in this application result.

(Customer terminal configuration)
FIG. 3 shows the configuration of the customer terminal 20 according to an embodiment of the present invention. The customer terminal 20 is an information processing terminal having a function of communicating with the company server 10 via the network N. Specific examples include, but are not limited to, mobile phones, smartphones, PCs, PDAs, tablets, and the like. As shown in FIG. 3, the customer terminal 20 is connected to an input unit 21 such as a touch panel that receives an operation from a user, a display unit 22 such as a display, a control unit 23 including a CPU and a memory, a storage unit 24, and a network N. Communication section 25 and the like. The control unit 23 functions as the provisional application inquiry data receiving unit 231 by reading the program stored in the storage unit 24 into the RAM and executing it by the CPU.

  The provisional application inquiry data receiving unit 231 receives provisional application inquiry data from the company server 10 and displays various types of information included in the provisional application inquiry data on the display unit 22. In the present embodiment, the provisional application inquiry data includes a company code and a provisional application code.

(ATM structure)
FIG. 4 shows the configuration of the ATM 30 according to the first embodiment of the present invention. The ATM 30 is an information processing apparatus having a function of communicating with the company server 10 and the public personal authentication server 40 via a dedicated line PN. The ATM 30 includes an input unit 31 such as a touch panel that receives input from a user, a display unit 32 such as a display, a control unit 33 including a CPU and a memory, a storage unit 34, a communication unit 35 for connecting to a dedicated line PN, and an IC card. A reader / writer 36 and an imaging unit 37 are provided.

  The control unit 33 reads the program stored in the storage unit 34 into the RAM and executes it by the CPU, whereby the flow control unit 331, the inquiry request transmission unit 332, the card reading unit 333, the verification request unit 334, and It functions as the present application transmission unit 335.

  The flow control unit 331 controls the flow of transaction application and displays a screen corresponding to the flow on the display unit 32. In response to receiving the main application start instruction from the user via the input unit 31, the flow control unit 331 generates a main application start screen for acquiring the company code and the temporary application code, and displays it on the display unit 32. indicate.

  When receiving the inquiry result indicating that the inquiry is successful as a response to the provisional application inquiry request from the inquiry request transmission unit 332 described later, the flow control unit 331 prompts the IC card reader / writer 36 to present the my number card, A personal identification number screen for acquiring the personal identification number of the electronic certificate for signing the My Number card is generated and displayed on the display unit 32.

  Further, when receiving the present application result indicating that the present application is successful as a response to the transmission of the present application request from the present application transmission unit 335 described later, the flow control unit 331 displays the application result screen based on the present application result. Is generated and displayed on the display unit 32.

  The inquiry request transmission unit 332 transmits a provisional application inquiry request to the company server 10 and receives an inquiry result as a response. In one embodiment, as described above, the provisional application inquiry request includes a provisional application code. The provisional application inquiry request transmission unit 332 generates a provisional application inquiry request including a provisional application code based on the input received from the user via the input unit 41 and transmits the provisional application inquiry request to the company server 10 specified by the company code. .

  In one embodiment, as described above, the inquiry result includes information (success, failure) indicating whether the inquiry is successful. In one embodiment, the inquiry result further includes applicant information including at least one of name, date of birth, gender, and address among the information of the provisional application record specified in the provisional application inquiry request. If the ATM 30 does not perform additional verification as to whether the information identifying the applicant included in the provisional application information matches the information included in the My Number card information read by the card reading unit 333, the applicant information is Not necessarily required.

  The card reading unit 333 reads the my number card information from the my number card using the personal identification number of the signature digital certificate of the my number card received from the user via the input unit 41. In one embodiment, the my number card information includes a signature electronic certificate and one or more of a name, date of birth, gender, address, face photo, and my number.

  The verification request unit 334 transmits the read signature electronic certificate to the public personal authentication server 40, and receives the certificate confirmation result as a response. In one embodiment, the certificate confirmation result indicates whether or not the validity of the signature electronic certificate has been successfully confirmed. The verification request unit 334 captures the applicant information and / or the ATM 30 included in the inquiry result received by the inquiry request transmission unit 332 prior to confirming the validity of the signature electronic certificate to the public personal authentication server 40. Additional verification may be performed using the image information acquired by the unit 37 and information corresponding to the My Number card information read by the card reading unit 333.

  For example, in one embodiment, the verification request unit 334 may verify whether the date of birth read from the my number card matches the date of birth included in the provisional application information. Further, in addition to the additional verification using the temporary application information, or instead of the additional verification using the temporary application information, the verification request unit 334 may identify the person identified by the facial photo information read from the my number card and the ATM 30. It may be verified whether or not the person specified by the image information acquired by the imaging unit 37 matches. Here, the verification request unit 334 can use image information acquired at an arbitrary timing before verification.

  By performing additional verification using the provisional application information, it is possible to verify whether or not the My Number card of the customer who made the provisional application has been read in the ATM 30. In addition, by performing additional verification using the image information acquired by the imaging unit 37, it is possible to verify that the person himself / herself identified by the My Number card is applying for this application.

  The main application transmission unit 335 transmits a main application request including a provisional application code, an identification result, and the like to the company server 10 and receives the main application result as a response. As described above, in the present embodiment, the identity confirmation result includes at least the certificate confirmation result obtained from the public personal authentication server 40 in which the ATM 30 is the verifier of the signature electronic certificate. In one embodiment, the identity verification result may further include additional information indicating whether or not the information read from the my number card matches the information specifying the applicant included in the provisional application information. For example, the identity confirmation result may include additional information indicating whether the date of birth read from the my number card matches the date of birth included in the provisional application information. Moreover, this application transmission part 335 may include my number in this application request.

(Public personal authentication server configuration)
The public personal authentication server 40 is a server device having a function of communicating with the ATM 30 via a dedicated line PN, and is managed by a verifier such as an administrative organization or a certified private business operator. The public personal authentication server 40 receives the signature electronic certificate from the ATM 30 and checks the validity of the received signature electronic certificate. After the validity check, the public personal authentication server 40 transmits the certificate check result to the ATM 30 as a response. In one embodiment, the certificate confirmation result indicates whether or not the validity of the signature electronic certificate has been successfully confirmed.

(Process flow)
6 and 7 show an example of authentication processing according to the first embodiment of the present invention. In the first embodiment, an example will be described in which the customer A accesses the website of the company server 10 of the bank 1 from the customer terminal 20 and makes a provisional application, and then makes the main application at the ATM 30. First, with reference to FIG. 6, the process performed by the authentication system 1 when a customer makes a provisional application using the customer terminal 20 will be described. Next, processing executed by the authentication system 1 when a customer makes a main application at the ATM 30 will be described with reference to FIG.

(Tentative application using customer terminal 20)
When the customer A accesses the transaction service site provided by the company server 10 using the browser of the customer terminal 20 (S601, S602), the website providing unit 123 of the company server 10 displays a web page corresponding to the accessed URL. Is transmitted to the customer terminal 20 (S603). The customer terminal 20 that has received the web page displays the web page (S604).

  When provisional application information input on the provisional application screen is transmitted from the customer terminal 20 in response to a customer operation on the browser (S605), the web provisional application reception unit 124 of the company server 10 generates a provisional application code. Then, a temporary application record is registered in the temporary application DB 131 (S607). In this embodiment, provisional application information includes application details, name, date of birth, gender, address, customer contact information, and the like. Based on the provisional application information transmitted in S605 and the provisional application code “111” generated in S606, the web provisional application reception unit 124 registers the provisional application record shown in FIG. 5A in S607. And

  Subsequently, the web provisional application reception unit 124 transmits provisional application inquiry data necessary for the main application of the transaction to the customer terminal 20 (S608). In the present embodiment, the web provisional application receiving unit 124 transmits provisional application inquiry data including the company code “001” and the provisional application code “111” of the bank 1 to the customer contact information of the customer A. The temporary application inquiry data receiving unit 231 of the customer terminal 20 that has received the temporary application inquiry data displays various types of information included in the temporary application inquiry data on the display unit 22 (S609).

(This application at ATM30)
FIG. 7 is a flowchart showing an example of processing of the authentication system 1 according to the first embodiment of the present invention. In the present embodiment, it is assumed that the customer A who has received the provisional application inquiry data at the customer terminal 20 has started the main application for the transaction by operating the ATM 30.

  When the ATM 30 receives a main application start instruction from the user, the flow control unit 331 of the ATM 30 generates a main application start screen for acquiring a company code and a provisional application code and displays it on the display unit 32 (S701). When the customer A inputs a company code and a provisional application code along the screen, the inquiry request transmission unit 332 of the ATM 30 transmits a provisional application inquiry request to the company server 10 (S702). In the present embodiment, it is assumed that the inquiry request transmission unit 332 transmits a provisional application inquiry request including the provisional application code “111” to the company server 10 of the bank 1 specified by the company code “001”.

  When the company server 10 receives the provisional application inquiry request (S703), the provisional application inquiry unit 125 of the company server 10 inquires of the provisional application. (S704). In the present embodiment, the provisional application inquiry unit 125 refers to the provisional application DB 131 and determines whether or not there is a provisional application record specified by the provisional application code of the provisional application inquiry request. Next, the provisional application inquiry unit 125 transmits the inquiry result to the ATM 30 (S705). In the present embodiment, the inquiry result includes information indicating whether the inquiry is successful (success, failure) and the date of birth of the provisional application record. Here, information indicating that the inquiry is successful and It is assumed that the inquiry result including the date of birth “January 1, 1980” is transmitted to the ATM 30.

  When the inquiry request transmission unit 332 receives the inquiry result (S706), when the inquiry result indicates that the inquiry is successful, the flow control unit 331 prompts the IC card reader / writer 36 to present the my number card, and A personal identification number screen for acquiring the personal identification number of the electronic certificate for signature is generated and displayed on the display unit 32 (S707). In the present embodiment, since the inquiry result indicates that the inquiry is successful, the above-mentioned personal identification number screen is displayed on the display unit 32, and the customer A presents the my number card to the IC card reader / writer 36, and inputs the input unit 41. It is assumed that the password is entered via

  When the ATM 30 receives the password (S708), the card reading unit 333 reads the My Number card information from the My Number card using the received password (S709). In the present embodiment, the My Number card information includes a signature electronic certificate, name, date of birth, gender, address, and My Number. In another embodiment, the my number card information further includes a face photo.

  When the applicant information is included in the inquiry result received by the inquiry request transmission unit 332 in S706, the verification request unit 334 associates the applicant information included in the inquiry result received in S706 with the My Number card information read in S709. It is verified whether or not the information to be matched matches (S710). In this embodiment, since the inquiry result including the date of birth “January 1, 1980” is received in S706, the verification request unit 334 obtains the date of birth “January 1, 1980” as the inquiry result. It is assumed that it is verified whether or not the corresponding information of the my number card information matches, and that the two information matches.

  The verification request unit 334 transmits the read signature electronic certificate to the public personal authentication server 40 (S711, S712), and receives the certificate confirmation result as a response (S713, S714). In the present embodiment, it is assumed that a certificate confirmation result indicating that the validity of the signature electronic certificate has been successfully received has been received.

  Subsequently, the main application transmission unit 335 of the ATM 30 transmits a main application request including the temporary application code, the personal identification result, and the my number to the company server 10 (S715). In the present embodiment, the main application transmission unit 335 transmits a personal identification result including additional information indicating information verified in S710 in addition to the certificate confirmation result obtained from the public personal authentication server 40 in S714. Here, the present application transmission unit 335 sends the present application request including the provisional application code “111”, the identity confirmation result “certificate confirmation result: success, additional information: date of birth coincidence”, and my number “123456789902” to the company. It is assumed that it has been transmitted to the server 10.

  When the ATM main application acceptance unit 126 of the company server 10 receives the main application request (S716), the personal identification result is linked to the data of the temporary application record specified by the temporary application code (S717). In the present embodiment, when the identity verification result indicates that the identity verification is successful, the ATM main application acceptance unit 126 registers the records in the customer DB 132 and the account DB 133 based on the provisional application record.

  Here, since the personal identification result indicates that the personal identification has succeeded, the ATM main application receiving unit 126 stores the customer code “1234”, the name “customer A”, my number in the customer DB 132 based on the provisional application record. A customer record including “123456789012” or the like is generated, and an account record including a branch number “000”, an account number “1234567”, an account type “ordinary”, a customer code “1234”, a PIN “XXXX” and the like is stored in the account DB 133. It shall be generated. The PIN may be generated by the company server 10 or may be input by the customer on the provisional application screen.

  Finally, the ATM main application receiving unit 126 transmits a main application result indicating whether or not the main application is successful to the ATM 30 (S718). In the present embodiment, the ATM book application reception unit 126 includes the display text “This application has been completed. The account number of the opened account will be sent to the customer's contact information”. It is assumed that the present application result indicating success has been transmitted to the ATM 30.

  When the ATM 30 receives the application result from the enterprise server 10 (S719), the flow control unit 331 generates an application result screen based on the application result and displays it on the display unit 32 (S720). In the present embodiment, the flow control unit 331 generates an application result screen based on the display text included in the application result and displays the application result screen on the display unit 32. Thereafter, the company server 10 transmits information related to the present application to the customer terminal 20. Here, the company server 10 transmits the account number of the account to the customer contact information of the customer A.

  In the present embodiment, the example in which the ATM 30 transmits the My Number to the company server 10 in response to the successful identity verification has been described. However, in an alternative embodiment, the ATM 30 can provisionally apply without transmitting the My Number. The application request including the code and the identification result may be transmitted to the company server 10.

  As described above, according to this embodiment, a customer who wants to open an account, which is a transaction that requires identity verification, is based on a provisional application requested using the customer terminal 20 to the company server 10 of the bank 1 that manages the desired account. Thus, the present application can be completed in the ATM 30 linked with the company server 10.

(Second Embodiment)
In 1st Embodiment, the customer A who performed provisional application of the transaction using the customer terminal 20 demonstrated the example which performs this application in ATM30. In the second embodiment, an example will be described in which a customer B who has made a provisional application for a transaction at the ATM 30 makes an application using the customer terminal 20. In the second embodiment, description of matters common to the first embodiment is omitted, and only different points will be described.

(Corporate server configuration)
In the second embodiment, as shown in FIG. 8, the arithmetic processing unit 121 of the company server 10 includes a website providing unit 123, an ATM provisional application receiving unit 127, and a web main application receiving unit 128 as functional units. . Since the website providing unit 123 is the same as that of the first embodiment, the description thereof is omitted here.

  When the ATM provisional application receiving unit 127 receives a provisional application request including an identification result from the ATM 30, it generates a provisional application code and registers a provisional application record in the provisional application DB 131. In one embodiment, the ATM provisional application receiving unit 127 registers a provisional application record based on the received identity verification result and the generated provisional application code. In addition, the ATM temporary application reception unit 127 transmits the generated temporary application code to the ATM 30.

  When the temporary application code and the main application information are transmitted from the customer terminal 20, the web main application reception unit 128 associates the main application information with the identity confirmation result of the temporary application record specified by the temporary application code. In one embodiment, the web main application reception unit 128 registers records in the customer DB 132 and the account DB 133, respectively, based on the temporary application record and the main application information.

  Next, the web main application receiving unit 128 passes the main application result indicating whether or not the main application has been successful to the website providing unit 123. In one embodiment, the web main application accepting unit 128 passes the present application result including the branch number, account number, account type, and the like of the opened account to the website providing unit 123, so that a web corresponding to the present application result is obtained. The page can be presented on the customer terminal 20.

(Customer terminal configuration)
In the second embodiment, as shown in FIG. 9, the control unit 23 of the customer terminal 20 reads the program stored in the storage unit 24 into the RAM and executes it by the CPU, thereby reading the two-dimensional code. It functions as the unit 232. Further, the customer terminal 20 includes an imaging unit 26 that acquires an image of a two-dimensional code.

  The two-dimensional code reading unit 232 reads two-dimensional code information from the two-dimensional code image acquired by the imaging unit 26. In one embodiment, the two-dimensional code information includes name, date of birth, gender, address, provisional application code, and link information to the website of the company server 10, and the two-dimensional code reading unit 232 includes link information. To access the website of the enterprise server 10. At the time of access, the two-dimensional code reading unit 232 transmits the name, date of birth, sex, address, and provisional application code included in the two-dimensional code information to the company server 10.

(ATM structure)
In the second embodiment, as shown in FIG. 10, the control unit 33 of the ATM 30 includes, as function units, a flow control unit 331, a card reading unit 333, a verification request unit 334, a provisional application transmission unit 336, and a two-dimensional code generation unit. 337.

  As in the first embodiment, the flow control unit 331 controls the transaction application flow and displays a screen corresponding to the flow on the display unit 32. In the second embodiment, the flow control unit 331 generates a provisional application start screen for selecting the application company in response to receiving a provisional application start instruction from the user via the input unit 31. Displayed on the display unit 32.

  When receiving the selection of the application company on the provisional application start screen, the flow control unit 331 prompts the user to present the my number card to the IC card reader / writer 36 and acquires the personal identification number of the electronic certificate for signing the my number card. Is generated and displayed on the display unit 32.

  Furthermore, when a two-dimensional code generation unit 337 described later generates a two-dimensional code, the flow control unit 331 generates a main application transition screen including the generated two-dimensional code and displays it on the display unit 32.

  Since the card reading unit 333 is the same as that of the first embodiment, the description thereof is omitted here. The verification request unit 334 is different in that additional verification using information included in the inquiry result is not performed, but other functions are the same as those in the first embodiment. As with the first embodiment, the verification request unit 334 may or may not perform additional verification using the image information acquired by the imaging unit 37.

  The provisional application transmission unit 336 transmits a provisional application request including the result of identity verification to the company server 10 and receives a provisional application code as a response. In the present embodiment, the identity confirmation result includes a certificate confirmation result obtained from the public personal authentication server 40 in which the ATM 30 is a verifier of the signature electronic certificate. In addition, the provisional application transmission unit 336 may transmit the my number together with the result of identity verification.

  The two-dimensional code generation unit 337 generates a two-dimensional code including link information for completing the main application of a transaction provisionally applied at the ATM 30. In the present embodiment, the two-dimensional code generation unit 337 is based on basic 4 information (name, date of birth, sex, address) read from the My Number card, provisional application code, and link information to the website of the company server 10. Generate a two-dimensional code.

(Process flow)
11 and 12 show an example of the authentication process according to the second embodiment of the present invention. First, with reference to FIG. 11, the process performed by the authentication system 1 when a customer makes a provisional application at the ATM 30 will be described. Next, processing executed by the authentication system 1 when a customer makes an application using the customer terminal 20 will be described with reference to FIG.

(Tentative application at ATM30)
When the ATM 30 receives a provisional application start instruction from the user, the flow control unit 331 of the ATM 30 generates a provisional application start screen for selecting the application company and displays it on the display unit 32 (S1101). When the customer B selects an application company on the provisional application start screen (S1102), the flow control unit 331 prompts the user to present the my number card to the IC card reader / writer 36, and the personal certificate of the electronic certificate for signing the my number card is signed. A personal identification number screen for acquiring the number is generated and displayed on the display unit 32 (S707). Here, it is assumed that the customer B selects the bank 1 specified by the company code “001” as the application company. Subsequently, it is assumed that the customer B presents my number card to the IC card reader / writer 36 and inputs the personal identification number via the input unit 41.

  When the ATM 30 receives the password (S708), the card reading unit 333 reads the My Number card information from the My Number card using the received password (S709). In the present embodiment, the My Number card information includes a signature electronic certificate, name, date of birth, gender, address, and My Number.

  The verification request unit 334 transmits the read signature electronic certificate to the public personal authentication server 40 (S711, S712), and receives the certificate confirmation result as a response (S713, S714). In the present embodiment, it is assumed that a certificate confirmation result indicating that the validity of the signature electronic certificate has been successfully received has been received.

  Subsequently, the provisional application transmission unit 336 of the ATM 30 transmits a provisional application request including the identification result and my number to the company server 10 (S1103). Here, the provisional application transmission unit 336 transmits a provisional application request including the identity confirmation result “certificate confirmation result: success” and my number “223456789012” to the company server 10 of the bank 1 selected in S1102. To do.

  When the company server 10 receives the provisional application request, the ATM provisional application receiving unit 127 of the company server 10 generates a provisional application code (S1104) and registers a provisional application record in the provisional application DB 131 (S1105). Here, it is assumed that the ATM provisional application receiving unit 127 has registered the provisional application record shown in FIG. 5B based on the received identity confirmation result, My Number, and the generated provisional application code.

  Also, the ATM provisional application receiving unit 127 transmits the generated provisional application code to the ATM 30 (S1106). Here, the ATM provisional application receiving unit 127 transmits the generated provisional application code “222” to the ATM 30.

  When the ATM 30 receives the provisional application code (S1107), the two-dimensional code generation unit 337 of the ATM 30 generates a two-dimensional code including link information for completing the main application of the provisional application (S1108). In the present embodiment, the two-dimensional code generation unit 337 is based on basic 4 information (name, date of birth, sex, address) read from the My Number card, provisional application code, and link information to the website of the company server 10. Generate a two-dimensional code. Here, the two-dimensional code generation unit 337 includes the name “customer B”, the date of birth “February 2, 1970”, the sex “male”, the address “Chuo-ku, Tokyo ...”, and the provisional application code “222”. ”, A two-dimensional code is generated based on the link information“ http: // bank1 /... ”To the website of the company server 10.

  Finally, the flow control unit 331 generates a main application transition screen including a two-dimensional code and displays it on the display unit 32 (S1109).

(This application using the customer terminal 20)
Next, with reference to FIG. 12, processing executed by the authentication system 1 when the customer B makes a main application for a transaction using the customer terminal 20 from the main application transition screen displayed on the ATM 30 will be described.

  When the customer B directs the imaging unit 26 of the customer terminal 20 to the display unit 32 of the ATM 30, and the imaging unit 26 acquires a two-dimensional code image, the two-dimensional code reading unit 232 of the customer terminal 20 is the imaging unit 26. The two-dimensional code information is read from the acquired two-dimensional code image (S1201), and the website of the company server 10 is accessed based on the link information included in the two-dimensional code information (S1202).

  In the present embodiment, as described above, the two-dimensional code information includes the name, date of birth, sex, address, provisional application code, and link information to the website of the company server 10. The dimension code reading unit 232 transmits the name, date of birth, sex, address, and provisional application code included in the two-dimensional code information to the company server 10. Here, when accessing the website “http: // bank1 /...” Of the company server 10, the two-dimensional code reading unit 232 has a name “customer B” and a date of birth “February 2, 1970”. It is assumed that the gender “m”, the address “Chuo-ku, Tokyo ...”, and the provisional application code “222” are transmitted to the company server 10.

  When access from the customer terminal 20 to the application site provided by the company server 10 is received (S1203), the website providing unit 123 of the company server 10 sends a web page corresponding to the accessed URL to the customer terminal 20. Transmit (S1204). The received temporary application code is associated with the transmitted web page.

  The website providing unit 123 may save time for customer input by creating a web page using the received name, date of birth, sex, and address. In an alternative embodiment, the enterprise server 10 matches the information read from the My Number Card with the information included in the present application information by requesting the customer to input some of the received information without including it in the web page. Whether or not to do so may be verified. The customer terminal 20 that has received the web page displays the web page (S1205).

  When the provisional application code associated with the web page and the main application information input on the main application screen are transmitted from the customer terminal 20 in accordance with the operation of the customer on the browser (S1206, S1207), the web of the enterprise server 10 The main application reception unit 128 associates the main application information with the identity verification result of the temporary application record specified by the temporary application code (S1208). In the present embodiment, the web main application reception unit 128 registers records in the customer DB 132 and the account DB 133 based on the temporary application record and the main application information, respectively.

  Next, the web main application receiving unit 128 passes the main application result indicating whether or not the main application has been successful to the website providing unit 123. In the present embodiment, the web main application receiving unit 128 passes the present application result including the branch number, account number, account type, etc. of the opened account to the website providing unit 123, and the website providing unit 123 performs the main application. A web page corresponding to the result is transmitted to the customer terminal 20 (S1209). The customer terminal 20 that has received the web page displays the web page of the present application result (S1210).

  In the present embodiment, an example has been described in which the ATM 30 transmits a My Number to the company server 10 upon successful certificate confirmation. However, in an alternative embodiment, the ATM 30 does not transmit the My Number temporarily. A provisional application request including an application code and an identification result may be transmitted to the company server 10.

  As described above, according to the present embodiment, a customer who wants to open an account, which is a transaction that requires identity verification, uses a customer terminal based on the provisional application requested from the ATM 30 to the company server 10 of the bank 1 that manages the desired account. 20 can be used to complete this application.

(Third embodiment)
In the first embodiment, an example has been described in which a temporary application code is transmitted to the customer A who has made a temporary application for a transaction using the customer terminal 20, and then the actual application for the transaction specified by the temporary application code is performed from the ATM 30. . In the third embodiment, instead of the provisional application code, an IC card is sent to the customer C who has made a provisional application for the transaction using the customer terminal 20, and then the main application of the transaction specified by the IC card, that is, An example in which the IC card is activated from the ATM 30 will be described. In the third embodiment, description of matters common to the first embodiment is omitted, and only different points will be described.

(Corporate server configuration)
In the third embodiment, as illustrated in FIG. 13, the arithmetic processing unit 121 of the company server 10 includes a website providing unit 123, a card application receiving unit 1241, a card application inquiry unit 1251, and an activation request receiving unit 1261 as functional units. It has. Since the website providing unit 123 is the same as that of the first embodiment, the description thereof is omitted here. In the third embodiment, the storage unit 13 preferably has a card DB 134.

  The card DB 134 stores information about cards. In one embodiment, it is desirable that a card code, name, date of birth, sex, address, PIN, status, etc. are registered in the card DB 134. The card code is information used to uniquely identify the card. The PIN is information used for authenticating the customer who holds the card, and is information including, for example, a four-digit number. The status is information (before activation or after activation) indicating whether or not the card is activated.

  In response to the website providing unit 123 receiving the card application information from the customer terminal 20, the card application receiving unit 1241 generates a temporary PIN of the card to be issued and registers the card record in the card DB 134. In one embodiment, the card application information includes application details, name, date of birth, gender, address, and the like. The card application reception unit 1241 registers a card record based on the card application information and the generated temporary PIN. In the status of the card record, information indicating that the card record has not been activated is stored.

  The card application inquiry unit 1251 receives a card application inquiry request from the ATM 30 and inquires about the card application. In one embodiment, the card application inquiry request includes a card code and a PIN. The card application inquiry unit 1251 determines whether the card record specified by the card application inquiry request exists in the card DB 134 and transmits the inquiry result to the ATM 30. The inquiry result includes information (success, failure) indicating whether or not the inquiry is successful.

  In one embodiment, the card application inquiry unit 1251 includes at least one of basic four information (name, date of birth, sex, and address) that can be read from the my number card among the information of the card record in the inquiry result. Also good. By including the information from the card record in the inquiry result, it is possible to verify whether or not the My Number card of the customer who applied for the card has been read in the ATM 30.

  The activation request receiving unit 1261 receives an activation request including a card code, a PIN, and a personal identification result from the ATM 30, and associates the personal identification result with the data of the card record specified by the card code. In one embodiment, the activation request reception unit 1261 updates the PIN and status of the card record when the identity verification result indicates that the identity verification is successful. In addition, the activation request reception unit 1261 transmits an activation result indicating whether or not the activation is successful to the ATM 30.

(ATM structure)
In the third embodiment, as shown in FIG. 14, the control unit 33 of the ATM 30 includes, as function units, a flow control unit 331, a card inquiry request transmission unit 3321, a card reading unit 333, a verification request unit 334, and an activation request transmission unit. 3351 and a card writing unit 338.

  As in the first embodiment, the flow control unit 331 controls the transaction application flow and displays a screen corresponding to the flow on the display unit 32. In the third embodiment, in response to receiving an activation start instruction from the user via the input unit 31, the flow control unit 331 prompts the IC card reader / writer 36 to present the IC card and obtains a temporary PIN. An activation start screen is generated and displayed on the display unit 32.

  When the inquiry result indicating that the inquiry is successful is received as a response to the card application inquiry request from the card inquiry request transmission unit 3321 described later, the flow control unit 331 prompts the IC card reader / writer 36 to present the my number card. Then, a personal identification number screen for acquiring the personal identification number of the electronic certificate for signing the My Number card is generated and displayed on the display unit 32.

  When the verification request unit 334 receives the certificate confirmation result indicating that the validity of the signature electronic certificate has been successfully confirmed, the flow control unit 331 displays a PIN screen for acquiring a new PIN to be written to the IC card. Generated and displayed on the display unit 32.

  Further, when receiving an activation result indicating that activation was successful as a response to the activation request transmission from the activation request transmission unit 3351 described later, the flow control unit 331 generates an activation result screen based on the activation result. Displayed on the display unit 32.

  The card inquiry request transmission unit 3321 transmits a card application inquiry request to the company server 10 specified by the company code, and receives the inquiry result as a response. In the present embodiment, as described above, the card application inquiry request includes a card code and a PIN. The card inquiry request transmission unit 3321 generates a card application inquiry request including a card code and a PIN based on the input received from the user via the input unit 41 and the IC card information read by the card reading unit 333, It transmits to the company server 10 specified by the company code included in the card information. In the present embodiment, as described above, the inquiry result includes information (success, failure) indicating whether the inquiry is successful. In one embodiment, the inquiry result further includes applicant information including at least one of name, date of birth, gender, and address among the information of the card record specified in the card application inquiry request.

  In the third embodiment, the card reading unit 333 reads the IC card information from the IC card using the IC card PIN received from the user via the input unit 41 in addition to reading the my number card information from the my number card. . In one embodiment, the IC card information includes a company code and a card code.

  Since the verification request unit 334 is the same as that of the first embodiment, the description thereof is omitted here.

  The activation request transmission unit 3351 transmits an activation request including a card code, a PIN, a personal identification result, and the like to the company server 10 and receives the activation result as a response. As described above, in the present embodiment, the identity confirmation result includes at least the certificate confirmation result obtained from the public personal authentication server 40 in which the ATM 30 is the verifier of the signature electronic certificate.

  In one embodiment, the identity verification result may further include additional information indicating whether or not the information read from the my number card matches the information included in the information specifying the applicant. For example, in one embodiment, the additional information may be information indicating whether the date of birth read from the My Number card matches the date of birth included in the card application information. In another embodiment, the additional information is information indicating whether or not the person specified by the facial photograph information read from the My Number card matches the person specified by the image information acquired by the ATM 30. Also good. In addition, the activation request transmission unit 3351 may include my number in the activation request.

  When the activation result indicating that the activation is successful is transmitted from the company server 10, the card writing unit 338 writes the PIN into the IC card. In one embodiment, the card writing unit 338 writes the PIN transmitted by the activation request transmission unit 3351 to the IC card.

(Process flow)
15 and 16 show an example of an authentication process according to the third embodiment of the present invention. First, with reference to FIG. 15, processing executed by the authentication system 1 when a customer makes a card application using the customer terminal 20 will be described. Next, processing executed by the authentication system 1 when the customer activates the IC card at the ATM 30 will be described with reference to FIG.

(Card application using customer terminal 20)
When the customer C accesses the transaction service site provided by the company server 10 of the card company 1 using the browser of the customer terminal 20 (S601, S602), the website providing unit 123 of the company server 10 uses the URL received as an access. The corresponding web page is transmitted to the customer terminal 20 (S603). The customer terminal 20 that has received the web page displays the web page (S604).

  When the card application information input on the card application screen is transmitted from the customer terminal 20 in response to the customer's operation on the browser (S1501), the card application acceptance unit 1241 of the company server 10 provides a temporary PIN of the card to be issued. (S1502), and the card record is registered in the card DB 134 (S1503). In the present embodiment, the card application information includes application details, name, date of birth, sex, address, and the like. Here, it is assumed that the card application receiving unit 1241 registers a card record specified by the card code “12345” based on the card application information and the generated temporary PIN “YYYY”. It is assumed that information indicating that the card record has not been activated is stored in the status of the card record.

  Thereafter, based on the card DB 134, the card company 1 sends a document describing the issued IC card and temporary PIN to the address of the customer C.

(Activate at ATM30)
FIG. 16 is a flowchart showing an example of processing of the authentication system 1 according to the third embodiment of the present invention. In the present embodiment, it is assumed that the customer C who has received the document in which the IC card and the temporary PIN are described operates the ATM 30 and starts activating the IC card.

  When the ATM 30 receives an activation start instruction from the user, the flow control unit 331 of the ATM 30 prompts the IC card reader / writer 36 to present the IC card, generates an activation start screen for acquiring a temporary PIN, and displays the display unit 32. (S1601). When the customer C presents the IC card to the IC card reader / writer 36 along the screen and inputs a temporary PIN (S1602), the card reading unit 333 of the ATM 30 uses the received PIN to read the IC card information from the IC card. Is read (S1603).

  Subsequently, the card inquiry request transmission unit 3321 of the ATM 30 transmits a card application inquiry request to the company server 10 (S1604). Here, the card inquiry request transmission unit 3321 has transmitted a card application inquiry request including the card code “12345” and the PIN “YYYY” to the company server 10 of the card company 1 identified by the company code “002”. To do.

  When the company server 10 receives the card application inquiry request (S1605), the card application inquiry unit 1251 of the company server 10 inquires about the card application. (S1606). In the present embodiment, the card application inquiry unit 1251 refers to the card DB 134 and determines whether or not there is a provisional application record specified by the card application inquiry request. Next, the card application inquiry unit 1251 transmits the inquiry result to the ATM 30 (S1607). Here, it is assumed that the card application inquiry unit 1251 transmits the inquiry result including the information indicating that the inquiry is successful and the date of birth “March 3, 1990”.

  When the card inquiry request transmission unit 3321 receives the inquiry result (S1608), the flow control unit 331 prompts the IC card reader / writer 36 to present the my number card when the inquiry result indicates that the inquiry is successful, and the my number card A personal identification number screen for acquiring the personal identification number of the signature electronic certificate is generated and displayed on the display unit 32 (S707). Note that steps S707 to S714 in FIG. 16 are the same as steps S707 to S714 in FIG. In S714, it is assumed that the certificate confirmation result indicating that the validity of the signature electronic certificate has been successfully received is received.

  Subsequently, the flow control unit 331 generates a PIN screen for acquiring a new PIN to be written to the IC card and displays it on the display unit 32 (S1609). When the customer C inputs a new PIN along the screen (S1610), the activation request transmission unit 3351 of the ATM 30 transmits an activation request including the card code, the PIN, and the personal identification result to the company server 10 (S1611). Here, the activation request transmission unit 3351 transmits an activation request including the card code “12345”, the PIN “ZZZ” and the identity confirmation result “certificate confirmation result: success, additional information: date of birth match” to the company server 10. Shall be.

  When the activation request receiving unit 1261 of the company server 10 receives the activation request (S1612), the personal identification result is linked to the data of the card record specified by the card code included in the activation request (S1613). In the present embodiment, when the personal identification result indicates that the personal identification has been successful, the activation request receiving unit 1261 updates the PIN and status of the card record with the received PIN and information indicating that the card has been activated. Finally, the activation request reception unit 1261 transmits an activation result indicating whether or not the activation is successful to the ATM 30 (S1614).

  When the activation result indicating that activation is successful is transmitted from the company server 10 (S1615), the card writing unit 338 of the ATM 30 writes the PIN into the IC card. Here, the card writing unit 338 writes the PIN “ZZZZ” transmitted by the activation request transmission unit 3351 to the IC card. Thereafter, the flow control unit 331 generates an activation result screen based on the activation result and displays it on the display unit 32 (S1617).

  In the present embodiment, an example in which the ATM 30 transmits an activation request that does not include a My Number to the company server 10 in response to a successful identity verification has been described. However, in an alternative embodiment, the ATM 30 activates an activation that includes a My Number. The request may be transmitted to the enterprise server 10.

  As described above, according to the present embodiment, a customer who wants to issue a card, which is a transaction that requires identity verification, makes a temporary request to the company server 10 of the card company 1 that is the issuing source of the desired card using the customer terminal 20. Based on the application, the application can be completed in the ATM 30 that cooperates with the company server 10.

DESCRIPTION OF SYMBOLS 1 ... Authentication system, 10 ... Company server (transaction server), 11 ... Input part, 12 ... Control part, 121 ... Operation processing part, 123 ... Website provision part, 124 ... Web provisional application reception part, 1241 ... Card application reception , 125 ... Temporary application inquiry part, 1251 ... Card application inquiry part, 126 ... ATM book application acceptance part, 1261 ... Activate request acceptance part, 127 ... ATM provisional application acceptance part, 128 ... Web book application acceptance part, 122 ... Memory , 13 ... storage unit, 131 ... provisional application DB, 132 ... customer DB, 133 ... account DB, 134 ... card DB, 14 ... communication unit, 20 ... customer terminal, 21 ... input unit, 22 ... display unit, 23 ... control 231 ... Temporary application inquiry data receiving unit, 232 ... Two-dimensional code reading unit, 24 ... Storage unit, 25 ... Communication unit, 26 ... Imaging unit, 30 ... ATM (payment / withdrawal device), 31 ... 32, display unit, 33 ... control unit, 331 ... flow control unit, 332 ... inquiry request transmission unit, 3321 ... card inquiry request transmission unit, 333 ... card reading unit, 334 ... verification request unit, 335 ... main application Transmission unit, 3351 ... activation request transmission unit, 336 ... provisional application transmission unit, 337 ... two-dimensional code generation unit, 338 ... card writing unit, 34 ... storage unit, 35 ... communication unit, 36 ... IC card reader / writer, 37 ... Imaging unit 40 ... Public personal authentication server, N ... Network, PN ... Dedicated line

Claims (14)

An inquiry request transmission unit that transmits a provisional application inquiry request including a provisional application code to the transaction server and receives an inquiry result as a response;
A card reader for reading card information from the card;
A verification request unit that transmits an electronic certificate included in the card information to an authentication server and receives a certificate confirmation result as a response;
A deposit / withdrawal apparatus comprising: a present application transmission unit that transmits a present application request including the provisional application code and the certificate confirmation result to the transaction server when the inquiry result indicates that the inquiry is successful. The inquiry result includes applicant information,
The deposit / withdrawal apparatus according to claim 1, wherein the verification request unit verifies whether the applicant information matches information corresponding to the card information.   The verification request unit verifies whether the person specified by the image information acquired by the imaging unit of the deposit / withdrawal device matches the person specified by the face photo information included in the card information. Item 3. A deposit / withdrawal apparatus according to item 1 or 2.   The deposit / withdrawal apparatus according to claim 2, wherein the main application request further includes additional information indicating a result verified by the verification request unit. A method performed by a computer,
Sending a provisional application inquiry request including a provisional application code to the transaction server and receiving the inquiry result as a response;
Reading card information from the card;
Transmitting an electronic certificate included in the card information to an authentication server, and receiving a certificate confirmation result as a response;
Transmitting the present application request including the temporary application code and the certificate confirmation result to the transaction server when the inquiry result indicates that the inquiry is successful. On the computer,
A process of sending a provisional application inquiry request including a provisional application code to the transaction server and receiving an inquiry result as a response;
Processing to read card information from the card,
A process of transmitting an electronic certificate included in the card information to an authentication server and receiving a certificate confirmation result as a response;
When the inquiry result indicates that the inquiry is successful, a program for executing a process of transmitting the application request including the temporary application code and the certificate confirmation result to the transaction server. In response to receiving the provisional application information, a provisional application code is generated, and a provisional application record is registered based on the provisional application information and the provisional application record. To the customer ’s contact information,
A provisional application inquiry request including a provisional application code is received from the deposit / withdrawal device, and it is determined whether or not a provisional application record specified by the provisional application code of the provisional application inquiry request exists, and the inquiry result is input / output. A provisional application inquiry section to be sent to the gold device;
An ATM main application reception that receives the main application request including the temporary application code and the certificate confirmation result from the deposit / withdrawal device, and associates the certificate confirmation result with the data of the temporary application record specified by the temporary application code. And the certificate confirmation result indicates whether the electronic certificate contained in the card information read from the card in the depositing / withdrawing device has been successfully verified or not. A transaction server comprising: A card reader for reading card information from the card;
A verification request unit that transmits an electronic certificate included in the card information to an authentication server and receives a certificate confirmation result as a response;
A temporary application request including the certificate confirmation result is transmitted to the transaction server, and as a response, a temporary application transmission unit that receives a temporary application code;
A depositing / withdrawing apparatus comprising: a provisional application code and a two-dimensional code generation unit that generates a two-dimensional code based on link information to the website of the transaction server.   The verification request unit verifies whether the person specified by the image information acquired by the imaging unit of the deposit / withdrawal device matches the person specified by the face photo information included in the card information. Item 9. The deposit / withdrawal apparatus according to Item 8. In response to receiving a provisional application request including a certificate confirmation result from the deposit / withdrawal device, an ATM provisional code is generated and a temporary application record is registered based on the certificate confirmation result and the provisional application code. An application accepting unit that transmits the provisional application code to the deposit / withdrawal device;
In response to receiving the provisional application code and the main application information, a transaction comprising: a web main application receiving unit that links the main application information to the certificate confirmation result of the temporary application record specified by the temporary application code server. A card reader;
A card inquiry request transmission unit that transmits a card application inquiry request including the card code read by the card reading unit from the first card and the first PIN, and receives an inquiry result as a response;
A verification requesting unit that transmits an electronic certificate included in the card information read from the second card by the card reading unit to the authentication server, and receives a certificate confirmation result as a response;
When the inquiry result indicates that the inquiry is successful, an activation request transmission unit that transmits the activation request including the card code, the second PIN, and the certificate confirmation result to the transaction server and receives the activation result as a response. When,
A depositing / withdrawing apparatus comprising: a card writing unit that writes the second PIN to the first card when an activation result indicating that activation is successful is transmitted from the transaction server. The inquiry result includes applicant information,
The deposit / withdrawal apparatus according to claim 11, wherein the verification request unit verifies whether the applicant information matches information corresponding to the card information.   The verification request unit verifies whether the person specified by the image information acquired by the imaging unit of the deposit / withdrawal device matches the person specified by the face photo information included in the card information. Item 11. A deposit / withdrawal apparatus according to item 11 or 12. In response to receiving the card application information, a card application receiving unit that generates a temporary PIN of the card to be issued and registers a card record based on the card application information and the temporary PIN;
The card application inquiry request including the card code and the first PIN is received from the deposit / withdrawal device, it is determined whether or not there is a card record specified by the card application inquiry request, and the inquiry result is input / output. A card application inquiry section to be sent to the gold device;
The activation request including the card code, the second PIN, and the certificate confirmation result is received from the deposit / withdrawal device, and the second PIN and the certificate are included in the data of the card record specified by the card code. An activation request accepting unit for associating a confirmation result, wherein the certificate confirmation result indicates whether or not the validity check of the electronic certificate included in the card information read from the card in the deposit / withdrawal device is successful. A transaction server comprising: an activation request receiving unit.

Images