JP2021002223A - Automatic trading device - Google Patents

Abstract

To provide an automatic trading device capable of excluding maintenance work by persons who are not officially licensed from device vendors and the like.SOLUTION: The present invention comprises a device management section in which: one or more devices to be installed in an automatic trading device at a predetermined timing are recognized; identification information for each of the identified devices is compared with identification information for each of the devices included in device management information for managing each of the devices to check whether they match each other; and as a result of the comparison, if there are mismatched devices, handling of the automatic trading device is canceled.SELECTED DRAWING: Figure 1

Description

The present invention relates to an automated teller machine.

Generally, maintenance work for equipment (for example, ATM: Automatic Teller Machine) is performed by the maintenance staff of the equipment vendor, and the equipment vendor concludes a license agreement for equipment maintenance with the maintenance company as an authorized maintenance company. There are cases where maintenance work is outsourced.

For example, an authorized maintenance company performs work such as replacing a replacement device purchased from an equipment vendor when an ATM device breaks down. The maintenance work of these authorized maintenance companies receives training and various support regarding equipment maintenance from equipment vendors, so the quality of maintenance work is guaranteed.

However, a non-authorized maintenance company that does not have a license agreement with the above equipment vendor may carry out maintenance work on the vendor's equipment. Such a non-genuine maintenance company carries out maintenance work using, for example, a device illegally obtained from a discarded device, a device illegally duplicated / manufactured, or the like (non-genuine device).

Conventionally, as a technique for avoiding the use (replacement) of a non-genuine device, for example, in Patent Document 1, it is determined whether the product is a genuine product or a non-genuine remanufactured product based on information from a storage element mounted on the device (cartridge). However, when a non-genuine device is installed, technology such as warning the user (maintenance staff of a non-genuine maintenance company, etc.) that the product is non-genuine is disclosed.

JP-A-2007-62203

However, for example, even if the use of the non-genuine device is avoided by the technique described in Patent Document 1 and the replacement maintenance work is performed by the genuine device, there is a problem that the non-genuine maintenance company performs the maintenance work. is there.

That is, unlike the maintenance company of the regular maintenance company, the maintenance work of the non-regular maintenance company does not guarantee the quality of the maintenance work, so that the maintenance work of low quality (for example, the update of the firmware of the replaced device is not executed, etc.) ) May deteriorate the quality of the equipment.

Therefore, there is a demand for an automated teller machine that can eliminate maintenance work by a person who is not officially licensed by an equipment vendor or the like.

The present invention recognizes one or two or more devices mounted on an automated teller machine at a predetermined timing, and the identification information of each recognized device and each device included in the device management information for managing each device. It is characterized by including a device management unit for stopping the handling of the automated teller machine when the devices that do not match each other as a result of comparing and comparing with the identification information of the above.

According to the present invention, it is possible to eliminate the maintenance work of a person who is not officially licensed from the device vendor or the like.

It is a block diagram which shows the internal structure of the automatic teller machine which concerns on 1st Embodiment. It is an external perspective view which shows the external appearance structure of the ATM which concerns on 1st Embodiment. It is explanatory drawing which shows an example of the device ID list which concerns on 1st Embodiment. It is a block diagram which shows the internal structure of the banknote deposit / withdrawal part which concerns on 1st Embodiment. It is a flowchart which shows the characteristic operation (processing at the time of device exchange) of ATM which concerns on 1st Embodiment. It is a flowchart which shows the characteristic operation (processing at the time of device exchange) of ATM which concerns on 2nd Embodiment. It is a block diagram which shows the structure of the financial system which concerns on a modified embodiment.

(A) First Embodiment The first embodiment of the automated teller machine of the present invention will be described in detail below with reference to the drawings. Hereinafter, an example in which the automated teller machine of the present invention is applied to an ATM will be described.

(A-1) Configuration of First Embodiment FIG. 2 is an external perspective view showing an external configuration of an ATM according to the first embodiment.

In FIG. 2, the ATM 1 of the first embodiment has an operation display unit 12, a card entry / exit 13, a bill entry / exit 14, a passbook entry / exit 15, and a receipt discharge port 16.

The operation display unit 12 displays, for example, a transaction type selection menu screen, an operation screen for each transaction, a confirmation screen for transaction details, and the like, and imports input information input by a customer. For example, the operation display unit 12 can apply a touch panel type operation display unit. The operation display unit 12 is not limited to the touch panel type in which the operation unit and the display unit are integrated, and the operation unit and the display unit may have physically different configurations.

The operation display unit 12 is also a user interface (maintenance operation unit) for workers who perform maintenance work on the ATM 1. The maintenance operation unit may be arranged in a place different from the operation display unit 12, for example, the back side of the ATM 1 (the back side when the position where the operation display unit 12 is arranged is the front side). It may be arranged in.

The card entrance / exit 13 is for a customer to insert a cash card or take out a cash card.

The bill entry / exit 14 is for the customer to insert or remove the bill. As the bill entry / exit 14, for example, a bucket type having an opening / closing body that can be opened / closed may be used, or a bucket type having no opening / closing body may be used. When the customer inserts banknotes, for example, in the case of a bucket type having an opening / closing body, after the opening / closing body opens the opening of the bucket, the customer inserts the banknotes into the opening of the bucket, and then the ATM1 has the opening / closing body. Close and take in the inserted banknotes. When the ATM1 returns the banknote, the ATM1 pays out the banknote to the bucket, and then the opening / closing body opens. The bill inlet / outlet 14 is not limited to a bill inlet for inserting bills and a bill outlet for discharging bills, but the bill inlet and the bill outlet have physically different configurations. You may.

The passbook entrance / exit 15 is for the customer to insert or take out the passbook.

The receipt discharge port 16 discharges a receipt on which transaction details are printed.

FIG. 1 is a block diagram showing an internal configuration of an automated teller machine according to the first embodiment. In FIG. 1, the ATM 1 includes a control unit 10, a storage unit 20, a communication unit 30, an operation display unit 12, a card processing unit 40, a bill deposit / withdrawal unit 50, a passbook processing unit 60, and a statement slip issuing unit 70.

The control unit 10 is mainly composed of a CPU (Central Processing Unit) (not shown), and is executed by reading a predetermined program from a ROM (Read Only Memory), a RAM (Random Access Memory), and a storage unit 20. It controls each part to perform various processes such as deposit transaction, storage process and withdrawal transaction.

The control unit 10 includes a device management unit 100, a firmware update unit 101, and an authentication unit 102.

The device management unit 100 includes a device ID list L, and manages each device mounted on the ATM 1 by the device ID list L. FIG. 3 is an explanatory diagram showing an example of the device ID list according to the first embodiment. In FIG. 3, the device ID list L includes items of a “device” indicating each device constituting the ATM 1 and a “device ID” indicating an identification number (for example, a serial number) unique to each device. For example, a failed device and the same device have different device IDs (serial numbers).

The devices stored in the device ID list L do not have to be all that constitute ATM1, and may be some. However, it is assumed that the storage unit (storage element) of each device (card processing unit 40, statement slip issuing unit 70, etc.) stores a device ID (serial number) that can be recognized when mounted on the ATM 1. In other words, if the device ID of each device can be recognized, all the recognizable devices can be stored and managed in the device ID list L.

Further, the device management unit 100 may encrypt and hold the device ID list L, or may hold the device ID list L in the same format.

The device management unit 100 recognizes the device ID of each device mounted on the ATM 1 at a predetermined timing (for example, when the power of the ATM 1 is turned on), and each device stored in the recognized device ID and the device ID list L. Comparison with the ID is performed, and if there is a device whose device ID does not match, the handling of ATM1 is discontinued. For example, the device management unit 100 temporarily suspends the handling of the ATM 1 when any device is replaced (physically replaced) with a new device due to a failure or the like. Then, when the ID of the corresponding device stored in the device ID list L is updated to the ID of the exchanged device (including the firmware update described later), it is considered that the device exchange has been completed normally. Then, the ATM1 is put into a normal operating state.

The firmware update unit 101 is a functional unit that updates the firmware of each device to the latest firmware (firmware F of each device stored in the storage unit 20). The firmware F of each device may be encrypted and retained, or may be retained in the same format, but in this embodiment, it is assumed that the firmware F is encrypted and retained. Further, the encryption method / type is not limited, and various methods / types can be applied.

The authentication unit 102 is a functional unit that performs an authentication process (confirmation of an authorized maintenance company) before executing a maintenance function (device ID list L update function, firmware update function). In this embodiment, the authentication unit 102 uses password authentication, but as a modification, biometric authentication such as face authentication, palm vein authentication, iris authentication, and voice band authentication may be performed instead of password authentication. Authentication means may be used together.

The storage unit 20 stores a processing program executed by the control unit 10, firmware F of each device described above, and the like, and is composed of, for example, an HDD (Hard Disk Drive), an SSD (Solid State Drive), or the like.

The communication unit 30 is a network interface for connecting to a host computer or the like via a communication network.

The card processing unit 40 takes in or ejects a cash card from the card inlet / outlet 13 under the control of the control unit 10. Further, the card processing unit 40 reads the card information stored in the storage unit (for example, magnetic storage unit, IC chip, etc.) of the cash card inserted from the card inlet / outlet 13, and transmits the card information to the control unit 10. It is what you give.

The banknote deposit / withdrawal unit 50 stores and manages banknotes by denomination under the control of the control unit 10.

FIG. 4 is a block diagram showing an internal configuration of a banknote deposit / withdrawal unit according to the first embodiment. The bill deposit / withdrawal unit 50 separates the above-mentioned bill inlet / outlet 14 and the bills received in the bill inlet / outlet 14 one by one, discriminates the denomination of the bill, and counts the discriminated bills for each denomination. A banknote recognition unit 51, a banknote temporary hold unit 52 that collects and temporarily holds banknotes that have been discriminated and counted by the banknote recognition unit 51, and one or more banknote storage 53 that stores deposited banknotes by denomination. The banknote reject storage 54 and the banknote transport unit 55 for transporting banknotes are provided in each part.

In addition to the banknotes, the ATM 1 may include a coin deposit / withdrawal unit (similar to the banknote deposit / withdrawal unit 50) that handles coins.

The passbook processing unit 60 takes in or discharges the passbook from the passbook inlet / outlet 15 under the control of the control unit 10. Further, the passbook processing unit 60 reads the passbook information (for example, magnetic stripe data) stored in the passbook storage unit (for example, magnetic data storage unit, IC chip, etc.) inserted from the passbook entrance / exit 15. The passbook information is given to the control unit 10.

Under the control of the control unit 10, the statement slip issuing unit 70 prints the transaction result on the transaction statement and issues (discharges) it from the receipt discharge port 16.

(A-2) Operation of First Embodiment Next, the operation of ATM1 in the first embodiment will be described in detail with reference to the drawings. FIG. 5 is a flowchart showing a characteristic operation (process at the time of device replacement) of the ATM according to the first embodiment.

ATM1 (power off) receives replacement of any failed device by maintenance personnel (S101).

Next, the ATM1 (device management unit 100) reads the device ID stored in each device (storage element of each device) actually mounted when the power is turned on (power ON) (S102). The read device ID is compared with the device ID stored in the device ID list L (S103). As a result of the comparison, if a mismatched device ID exists, the ATM1 executes the following process, and if the mismatched device ID does not exist, the ATM1 ends this flow.

The ATM 1 shifts to an inoperable state (handling discontinued state) in which a general customer cannot execute transactions such as deposits and withdrawals (S104).

The ATM 1 (authentication unit 102) authenticates with the password entered by the maintenance staff via the operation display unit 12 in order to execute the function of updating the device ID list (S105).

Since the maintenance staff of the regular maintenance company has obtained the correct password in advance from the device vendor or the like, if the correct password is entered, the next process (device ID list update process) can be executed. On the other hand, the maintenance staff of the non-regular maintenance company does not know the correct password, so that the maintenance work cannot be continued any more. That is, even if the device (regardless of genuine product or non-genuine product) is physically replaced, the device ID list L cannot be updated, so that the ATM1 remains in the discontinued state.

Further, as a modified example, if the password is input incorrectly a predetermined number of times in a row, further password input may be rejected. In the following, it will be explained assuming that the correct password has been entered by the maintenance staff.

ATM1 (device management unit 100) updates the device ID list L (S106). For example, the device management unit 100 accepts the execution of ID update of the exchanged device via the selection screen displayed on the operation display unit 12. For example, when the device management unit 100 replaces the bill storage 53 with the device ID “F” with the bill storage 53 with the device ID “Z”, the device ID of the bill storage 53 in the device ID list L Is updated to "Z".

If the device ID cannot be recognized because the replaced device is a non-genuine device or the like, the device management unit 100 may stop the execution of updating the device ID list L. In this case as well, the ATM1 remains in the discontinued state.

Subsequently, the ATM 1 (authentication unit 102) authenticates with the password entered by the maintenance staff via the operation display unit 12 in order to execute the function of updating the firmware related to the replaced device (S107). The correct password here may be the same as the password in step S105 described above, or may be different. Further, if the correct password is input in the process of step S105 described above, this process may be omitted.

The ATM1 (firmware update unit 101) updates the firmware of the replaced device (S108). For example, the firmware update unit 101 accepts the execution of the firmware update of the replaced device via the selection screen displayed on the operation display unit 12. The encrypted firmware F stored in the storage unit 20 is decrypted by the firmware update unit 101 and downloaded to the storage element of the exchanged device. By downloading (updating) the firmware F, the replaced device operates normally.

The firmware may be updated automatically (the same applies to the above-mentioned update of the device ID list L) when the correct password is input.

After the process of step S108 described above, the ATM 1 shifts from the discontinued state to the normal operating state in which the customer can handle the ATM (S109).

(A-3) Effect of First Embodiment According to the first embodiment, the following effects are exhibited.

The ATM1 of the first embodiment recognizes each device when the power is turned on, and if the information is different from the information in the device ID list L (when the device is replaced), the ATM1 is temporarily discontinued. Then, when executing the maintenance function (device ID list update, firmware update), the authentication unit 102 decides to perform password authentication. Since the non-genuine maintenance personnel cannot obtain the password for executing the maintenance function, they cannot update the device ID or the firmware. Therefore, it is possible to prevent the continuation of maintenance work by non-regular maintenance personnel.

Further, since the firmware F for update is encrypted, even if the firmware is illegally copied from the storage unit 20 and an attempt is made to download the firmware to a non-genuine device using some external tool, the firmware itself is encrypted. The device cannot function because it is held in the firmware.

(B) Second Embodiment Next, a second embodiment of the automated teller machine according to the present invention will be described in detail with reference to the drawings. In the second embodiment, an example in which the automated teller machine of the present invention is applied to an ATM will be described.

(B-1) Configuration of Second Embodiment The configuration of ATM1 according to the second embodiment is basically the same as the configuration shown in FIGS. 1 to 4 described above. However, since the processing of the authentication unit 102 of the control unit 10 is different from that of the first embodiment, the differences will be mainly described below.

The authentication unit 102 of the first embodiment performs password authentication before executing the maintenance function (device ID list update, firmware update). However, if a password that only a regular maintenance company can know is leaked to a non-regular maintenance company, there is a problem that maintenance work cannot be excluded. It is also difficult to identify who leaked the password. Therefore, the authentication unit 102 of the second embodiment uses a dongle (hardware dongle) for authentication instead of a password.

When the authentication unit 102 of the second embodiment detects the insertion of the dongle at a predetermined location of the ATM 1, it authenticates using the authentication data (access key or other security information) stored in the dongle. The connection format between the ATM 1 and the dongle is not limited, and for example, USB (Universal Serial Bus) can be used.

(B-2) Operation of Second Embodiment Next, the operation of ATM1 will be described in detail in the second embodiment with reference to the drawings.

FIG. 6 is a flowchart showing a characteristic operation (process at the time of device replacement) of the ATM according to the second embodiment. In FIG. 6, the same or corresponding processes as those in the flowchart of FIG. 5 according to the first embodiment are indicated by the same reference numerals. Further, a detailed description of the same or corresponding processing as the flowchart of FIG. 5 according to the first embodiment will be omitted because it overlaps.

After the process of step S104 described above, the ATM1 (authentication unit 102) authenticates by inserting a dongle into the ATM1 in order to execute the function of updating the device ID list (S201).

Since the maintenance staff of the regular maintenance company can obtain the dongle from the device vendor or the like, the following process (device ID list update process) can be executed. On the other hand, since the maintenance staff of the non-regular maintenance company does not hold the dongle, it is impossible to continue the maintenance work any more. That is, even if the device (regardless of genuine product or non-genuine product) is physically replaced, the device ID list L cannot be updated, so that the ATM1 remains in the discontinued state.

Similarly to the above, after the process of step S106, the ATM1 (authentication unit 102) authenticates by inserting the dongle into the ATM1 in order to execute the function of updating the firmware (S202).

(B-3) Effect of Second Embodiment According to the second embodiment, in addition to the effect of the first embodiment, the non-regular maintenance company completes the maintenance work unless the dongle is physically obtained. Since it cannot be made to do so, the security effect is further enhanced.

In addition, if each dongle distributed to the maintenance staff of the regular maintenance company is managed (managed by associating it with the serial number of the dongle), even if the dongle leaks, the dongle of each maintenance staff distributed to the regular maintenance company By confirming the presence or absence, the source of the outflow can be identified.

(C) Other Embodiments Although various modified embodiments have been mentioned in each of the above-described embodiments, the present invention can also be applied to the following modified embodiments.

(C-1) In each of the above-described embodiments, an example of applying the present invention to an ATM has been described, but as a modification, for example, a cash processing device, a POS cash register, a semi-self machine, a ticket vending machine, etc. used by a teller. May be applied to.

(C-2) In the first embodiment described above, an example in which the authentication unit 102 uses password authentication has been described, but as a modified example, even if the password is leaked, it cannot be used for a certain period of time on the day. You may use a one-time password such as only / one month only. For example, as shown in FIG. 7, the one-time password may be issued in cooperation with the host computer 2 and / or the monitoring device 3 that monitors the ATM 1.

(C-3) As a modification of each of the above-described embodiments, a database for managing genuine devices (for example, managing by status of genuine, waste, non-genuine, etc. for each serial number) is stored inside the ATM1. Alternatively, it may be stored in a server of an external network. For example, when a device (replacement device) is recognized in ATM1, the database is referred to using the serial number of the recognition device as a key, and when a non-genuine device is recognized, a maintenance function (update device ID list) is used. ) May be refused to accept authentication (password authentication, etc.) to execute.

(C-4) As a modified example, the ATM1 combines all or a part of the configurations and functions of the modified examples described in the first and second embodiments described above, (C-1) to (C-3). You may use it.

1 ... ATM, 10 ... Control unit, 12 ... Operation display unit, 13 ... Card entry / exit, 14 ... Banknote entry / exit, 15 ... Passbook entry / exit, 16 ... Receipt discharge port, 20 ... Storage unit, 30 ... Communication unit, 40 ... Card processing unit, 50 ... Banknote deposit / withdrawal unit, 51 ... Banknote recognition unit, 52 ... Banknote temporary holding unit, 53 ... Banknote storage, 54 ... Banknote reject storage, 55 ... Banknote transport unit, 60 ... Passbook processing unit, 70 ... Statement issuing department, 100 ... Device management department, 101 ... Firmware update department, 102 ... Authentication department, F ... Firmware, L ... Device ID list.

Claims (10)

The identification information of each of the recognized devices by recognizing one or two or more devices mounted on the automated teller machine at a predetermined timing, and the identification information of each device included in the device management information for managing each device. An automated teller machine comprising a device management unit that stops the handling of the automated teller machine when the devices that do not match are present as a result of the comparison. The automated teller machine according to claim 1, wherein the identification information of each device is a serial number or the like. The automated teller machine according to claim 1 or 2, wherein the predetermined timing is when the power is turned on. The device management unit according to any one of claims 1 to 3, wherein the device management unit updates the identification information of each device stored in the device management information with the newly recognized identification information of each device. Automatic teller machine. A storage unit that stores the firmware of each device,
The automated teller machine according to any one of claims 1 to 4, further comprising a firmware update unit that updates the newly recognized firmware of each device to the firmware stored in the storage unit. It also has an authentication unit that certifies the legitimacy of maintenance personnel who maintain the automated teller machines.
5. The authentication unit is characterized in that it authenticates before the device management unit updates the device management information and the firmware update unit executes the firmware update process of each device. The automated teller machine described in. The automated teller machine according to claim 6, wherein the authentication unit performs password authentication. The automated teller machine according to claim 6 or 7, wherein the authentication unit authenticates an individual maintenance worker such as biometric authentication. The automated teller machine according to claim 6, wherein the authentication unit authenticates using a dongle. Claims 6 to 9 are characterized in that the automated teller machine recovers from discontinuation of handling after executing the update process of the device management information and / or the update process of the firmware of each device by the firmware update unit. An automated teller machine described in any of.

Images