JP2793710B2 - Transaction authentication method - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION [Industrial Application Field] The present invention is intended to reliably perform transaction authentication when conducting a transaction using a cashless card issued by a financial institution such as a bank or a credit company. And a transaction authentication method.

[Conventional technology]

In recent years, it has been called the cashless era, and by using a card issued by a credit company or the like, it is possible to purchase products without handling cash. Conventionally, plastic cards,
Embossed cards, magnetic stripe cards, and the like are generally used, but these cards are structurally easy to forge and have a problem of unauthorized use. In order to solve such a problem, recently, an information card, a so-called IC card, in which an IC circuit storing a personal identification number or the like is incorporated in the card so that the personal identification number cannot be easily read from the outside, has been developed. . This IC card has advantages that it is difficult to forge, has excellent confidentiality, and can store a large amount of information. However, when actually conducting a transaction using the above-mentioned IC card, it was installed at a bank or a store.
An IC card is attached to an IC card terminal, and a predetermined transaction operation is performed after the validity of the card and the card user is confirmed by inputting a personal identification number or the like.

[Problems to be solved by the invention]

However, in the case of verifying the personal identification number by attaching the IC card to the terminal in this way, first, for example, when inputting the personal identification number at a store or the like, there is a possibility that the input operation itself may be visually stolen. is there. Secondly, for example, if the terminal side has been modified to store the information of the personal identification number inputted by the cardholder with a signal of the identification number coincidence, the personal identification number of the true cardholder is used. May be easily stolen by the merchant or the like where the terminal is installed.

Therefore, at present, the PIN of the card holder is stored in advance in the memory of the card when the card is issued, and the PIN entered from the keyboard provided on the card body is compared with the PIN in the memory. Instantly IC
It is displayed on the display unit provided on the card itself, so it has no connection relationship with the so-called terminal side,
An IC card that can independently perform identity verification is being considered. However, even with such an IC card having a function of performing personal identification alone, the card itself may be forged. That is, for example, even if a display such as "Personal OK" is displayed on the display unit on the card body, it cannot be confirmed whether or not the card itself is issued by a valid card company. It is very difficult to authenticate a cardholder.

In addition, when the transaction is completed, the information for confirming the transaction between the financial company and the store can be obtained by scrambling the purchase price of the product, the bank account number, the serial number of the receipt, etc. with a specific encryption code. The above information,
Usually, it is used for confirming a transaction between a financial company or the like and a store in a document, and does not play any role in confirming the transaction on the spot.

[Means for solving the problem]

SUMMARY OF THE INVENTION The present invention has been made in view of the above-described problems, and has been made in consideration of the above problem. A transaction authentication method for reliably authenticating the mutual validity of a cardholder and a financial company without illegally stealing personal information of a cardholder. The purpose is to provide a system.

That is, the transaction authentication system using the portable IC card terminal according to the present invention uses a personal identification card, in which data for identifying a cardholder is stored in advance, in a portable form.
Connect to the IC card terminal, perform mutual authentication between the card and the terminal, confirm the validity of the card and the terminal,
The cardholder identification data entered by the cardholder is compared with the cardholder identification data on the card to confirm the validity of the cardholder, and to check the purchase price of the product, credit number, etc. , Sent to financial companies, etc.
The data obtained based on this is scrambled with the same key and the same algorithm at both the financial company's host computer and the portable IC card terminal, compared and collated, and the validity of the card and terminal is checked by the financial company's host computer. And to verify the validity of the transaction.

(Operation)

The present invention uses a first code and a second code that are common to both an IC card and an IC card terminal to scramble a first data string created by an IC card and a second data string created by an IC card reader. To ensure that the IC card and IC card reader are each valid,
You can confirm that the relationship between the owner and the IC card is legitimate using the password. Further, the transaction authentication data transmitted from the financial institution is scrambled with the third code, and the financial institution scrambles with the same third code, so that the relationship between the IC card terminal and the financial institution is also valid. Can be confirmed. Therefore, by performing all the above confirmations, it is possible to confirm that all relationships from the owner of the IC card to the financial institution are valid.

〔Example〕

 An embodiment of the present invention will be described below with reference to the drawings.

FIG. 2 shows an IC card 12 indicated by a dotted line in a card terminal 11 when the IC card offline terminal is embodied.
FIG. 2 is a schematic configuration diagram of a state where the device is mounted. The card terminal 11 has a keyboard 13 and a display unit 14 on its upper surface.
And a card insertion slot 15 for electrical connection with the IC card 12 on the lower surface of the keyboard 13. The key input unit 13 includes numeric keys, function keys 16, and the like. The function key 16 has a password PIN (Perso
nal Identification Number) and transaction authentication number SAN (Sa
lesApproval No.) or an ENTER key (ENT) for instructing the end of data input, or a cursor movement key (↑) for specifying a required transaction when multiple transaction procedures are stored in the card. , ↓).

Next, FIG. 3 shows an IC card in the card terminal 11 described above.
12 shows a vertical cross-sectional configuration taken along line A1-A2 in a state where No. 12 is mounted. The card terminal 11 connects the circuit board 21 to the central control unit 22, the mutual / transaction authentication unit 25, the voice output device (speaker) 24, and the IC card 12 provided on the lower surface side of the circuit board 21. Connection terminal 23. Display unit 14
Has a liquid crystal display panel 26.

Next, the circuit configuration of the IC card 12 will be described with reference to FIG.

The IC card 12 includes a central control unit 31, a data memory 32, a PIN verification unit 34, a mutual authentication unit 33, and an interface unit 35 connected to the central control unit 31, and connection terminals connected to the interface unit 35. 36. The data memory 32 has a personal identification number PIN set by the card holder when the IC card 12 is issued, an encryption code 1 used for mutual authentication between the IC card 12 and the card terminal 11,
An encryption code 2, an encryption code 3 used for generating a transaction authentication number, and a transaction procedure in the present system are stored in advance, and, for example, data such as a purchase price related to a commodity transaction is stored together with the transaction date. A storage area used for the operation is secured. When performing the personal verification at the card terminal 11, the PIN verification unit 34 checks the personal identification number PIN entered by the card holder and the PIN of the true card holder stored in advance in the data memory 32.
Is compared and collated. The PIN is
When it is determined that they match, a personal OK message is transmitted to the card terminal 11. Mutual authentication part 33
Represents the first random number transmitted from the card terminal 11,
After scrambling with the encryption code 1, the above card terminal 11
And a second random number is generated and transmitted to the card terminal 11. The card terminal 11 scrambles the second random number with the encryption code 2 and transmits the scrambled code to the IC card 12. IC card with encryption code 1
The random number scrambled in 12 and the above card terminal
If the random numbers scrambled in 11 match, the IC card 12 can be regarded as a valid IC card having the same encryption code 1 from the card terminal 11. On the other hand, the random number obtained by scrambling the second random number transmitted by the IC card 12 at the card terminal and the random number obtained by scrambling the second random number with the encryption code 2 in the IC card 12 match. For example, from the IC card 12, the card terminal 11 can be regarded as a valid card terminal having the same encryption code 2, and an authentication OK message is transmitted to the card terminal 11. In this way, the IC for the card terminal
Performs mutual authentication of both the card and IC card. Here, the data memory 32 is
It can be configured by EEP-ROM.

Next, the circuit configuration of the card terminal 11 will be described with reference to FIG.

The card terminal 11 controls a central control unit 22, a key input control unit 41 that controls the key input unit 13, a display control unit 42 that controls the display unit 14, and a speaker 24 connected to the central control unit 22. An audio output control unit 50 is provided. Further, the central control unit 22 is connected to the arithmetic unit 43, the IC card connection terminal 23 and the mutual / transaction authentication unit 44 via the interface unit 49. The mutual / transaction authentication unit 44 executes a command from the central control unit 22 via the interface unit 49, and includes a transaction authentication number generation unit 45, a mutual authentication unit 46, a control calculation unit 47, and a data memory 48. Have been. The memory 48 stores an encryption code 1 and an encryption code 2 for mutual authentication processing. In the case of the mutual authentication process, when a mutual authentication command is transmitted to the mutual / transaction authentication unit 44 via the interface unit 49, the program of the mutual authentication unit 46 of the mutual / transaction authentication unit 44 is started, and Memory 48
Interface unit 49 using the encryption codes 1 and 2 of
The above-described mutual authentication processing is performed between the IC card 12 and the IC card 12 via the interface unit 49, and when it is determined that they are valid, a mutual authentication OK message is sent to the central control unit 22 via the interface unit 49. Send.

As described later, the transaction authentication number generation unit 45 performs mutual authentication,
It is used for conducting the transaction after PIN verification, and is performed by scrambling using the transaction authentication number generation number input from the key input unit 13 and the encryption code 3 read from the data memory 32 of the IC card 12. A transaction authentication number is generated. This transaction authentication number is transmitted to the central control unit 22 via the interface unit 49.

Next, the operation of calculating and displaying a card transaction authentication number on the spot at the time of a commodity transaction using the IC card 12 using the IC card offline terminal configured as described above will be described with reference to the flowchart shown in FIG. .

First, when a cardholder makes a purchase,
When a transaction is completed with the product, the above card terminal
The IC card 12 is inserted into the card insertion slot 15 of 11. Then, as shown in FIG. 3, the IC card 12 is mounted on the card mounting portion of the card terminal 11, and the connection terminal 36 on the card side and the IC card connection terminal 23 are connected. Here, the central control unit 22 transmits a mutual authentication command to the mutual / transaction authentication unit 44 via the interface unit 49 in step S1. The mutual / transaction authentication unit 44 starts the mutual authentication program 46, and performs the first authentication according to the mutual authentication program 46.
Generate a random number for. The generated first random number is sent to the mutual authentication unit 33 in the IC card via the interface unit 49 and the IC card connection terminal 23. The data is scrambled using the mutual authentication code 1 stored in the memory 48 via the interface unit 49 and stored in the memory 48. On the other hand, the IC receiving the first random number transmitted through the interface unit 49 and the IC card connection terminal 23
The mutual authentication unit 33 in the card stores the first random number in the data memory
The first scramble (random number) and the second random number are generated using the mutual authentication encryption code 1 stored in the memory 32, and the mutual authentication encryption code 2 stored in the data memory 32 is generated. The data is then scrambled and stored in the data memory 32 (second scramble random number). Further, the random number scrambled using the mutual authentication encryption code 1 stored in the data memory 32 and the second random number are transmitted to the mutual / transaction authentication unit 44 via the IC card connection terminal 23 and the interface unit 49. Send to Having received the first scrambled random number and the second random number, the mutual / transaction authentication unit 44 receives the first scrambled random number and the random number 1 scrambled using the mutual authentication encryption code 1 stored in the memory 48 and And if they match, the IC card
12 determines that they have the same mutual authentication encryption code 1 as the card terminal 11, and the mutual / transaction authentication unit 44
The processing is continued by regarding the card 12 as a valid card. If they do not match, the IC card 12
The mutual / transaction authentication unit 44 determines that the IC card 12 does not have the same mutual authentication encryption code 1 as that of the IC card 12 and recognizes the IC card 12 as an invalid card, and the central control unit
The message of the card NG is transmitted to 22, and the process is terminated.
The first scrambled random number and the mutual authentication encryption code 1 stored in the data memory 48 and stored in the memory 48
Is compared with the random number 1 scrambled by using, the mutual / transaction authentication unit 44 compares the received random number 2 with the encryption code 2 for mutual authentication stored in the memory 48.
And sent to the mutual authentication unit 33 in the IC card via the interface unit 49 and the connection terminal 23 for the IC card. Having received the random number 2 sent via the interface unit 49 and the IC card connection terminal 23, the mutual authentication unit 33 in the IC card uses the second random number and the second scramble stored in the data memory 32. Compared with the random number, if they match, the card terminal 11 determines that it has the same mutual authentication encryption code 2 as the IC card 12,
The mutual authentication unit 33 in the card regards the card terminal 11 as a valid terminal and sends an authentication OK message to the mutual / transaction authentication unit 44 via the IC card connection terminal 23 and the interface unit 49. If they do not match, the card terminal 11 determines that it does not have the same mutual authentication encryption code 2 as the IC card 12, and the mutual authentication unit 33 in the IC card sends the card terminal 11 to the unauthorized terminal. The message of the authentication NG is regarded as
Mutual / transaction authentication unit via the interface unit 49
Send to 44. In step S2, the central control unit 22
When the NG message is received, an error is displayed on the LCD 14 via the display control unit 42, and the process is stopped. Authentication OK
Is received by the central control unit 22, the central control unit 22 determines in step S3 that the interface unit
The transaction procedure in the present system stored in the data memory 32 of the IC card 12 is read via the IC card 12 and the IC card connection terminal 23, and the operation is performed according to the procedure. In this embodiment, it is assumed that the transaction authentication number is generated after the password input becomes OK.

When the input of the personal identification number is necessary, the central control unit 22 displays a message prompting the card holder to input the personal identification on the LCD 14 via the display control unit 42. In step S4, the card holder inputs the personal identification number PIN from the key input unit 13 of the card terminal 11. Then, the PIN data generated by the key input is input to the central control unit 22 via the key input control unit 41, and then transmitted to the PIN verification unit 34 in the IC card via the interface unit 49 and the IC card connection terminal 23. Can be The PIN data latched by the PIN collation unit 34 is compared with the PIN data of the true owner of the card 12 stored in advance in the data memory 32 in step S5. ,here,
If the PIN entered by key entry matches the true PIN,
If it is determined that the PIN key input person in S1 is the true owner of the card 12, the process proceeds to step S6, and the central control unit 31
Sends an OK message to the card terminal 11. As a result, the display of the card terminal 11
At 14, a message of the user's OK is displayed via the display control unit 42, and by passing the card terminal 11 to the store operator while the OK message is displayed, the operator The validity of the owner can be confirmed.

On the other hand, in step S6, if a message indicating that the user is OK is not input to the card terminal 11, an error message is displayed on the display unit 14, and the store operator prompts that the PIN input You can confirm that you are the card holder.

When the validity of the card holder is confirmed in this way, the store operator presses any key according to the display on the display unit 14 of the card terminal 11. Then, the card terminal 11 enters a key input waiting state for generating a transaction authentication number. Here, the store operator informs the credit company by telephone or online access of information that can identify a card holder, such as a credit member number, and information that can identify a transaction, such as a purchase price. The credit company searches the credit member number for the same code as the encryption code 3 used for generating the transaction authentication number stored in the data memory 32 of the IC card 12 and managed by the credit company. A transaction authentication number generation number is created from the code and information that can specify the transaction such as the purchase price, and transmitted to the store operator. In step S7, the store operator inputs the transaction authentication number generation number transmitted from the credit company through the key input unit 13 of the card terminal 11. The transaction authentication number generated by the key input is input to the central control unit 22 via the key input control unit 41, and then the mutual / transaction authentication unit via the interface unit 49.
44, the IC card 12 read out via the IC card connection terminal 23 and the interface unit 49 in step S8.
Is transmitted as a transaction authentication number generation command in step S9 together with the encryption code 3 used for generation of the transaction authentication number stored in the data memory 32 of FIG. The mutual / transaction authentication unit 44 activates the transaction authentication number generation program in step S10 using the transaction authentication number generation command,
The transaction authentication number generation number is scrambled by the encryption code 3. The scrambled data is used as a transaction authentication number, and in step S11, the interface unit 4
The information is input to the central control unit 22 via the display unit 9 and is displayed on the display unit 14 via the display control unit 42. here,
The store operator transmits the displayed transaction authentication number to the credit company. The credit company scrambles the transaction authentication number generation number by using the same code as the encryption code 3,
Compare with transaction authentication number. Credit card scrambled transaction authentication number generation number and card terminal 11
If the transaction authentication number generation numbers scrambled in step 1 match, the credit company determines that the valid card 12 is a valid transaction used by a valid card terminal 11 and a valid owner, and Inform the operator that the transaction has been completed. If the transaction authentication number generation number scrambled by the credit company and the transaction authentication number generation number scrambled by the card terminal 11 do not match, the card 12 and / or the card terminal 11 may be invalid. Therefore, the credit company determines that the transaction is fraudulent and informs the merchant operator that the transaction has failed.

When the transaction is completed, the card transaction authentication number is printed on a receipt by an embossed imprinter installed at each store and passed to the card holder. here,
The card holder signs the receipt given by the operator and completes the entire transaction by IC card.

Therefore, by using the off-line terminal configured as described above, a safe and secure card transaction can be easily realized.

In the above-described embodiment, the transaction authentication number is displayed on the LCD 14, and the store operator informs the credit company of the transaction authentication number. This data is output as DTMF sound via the speaker 24, for example. You may. In addition, although the validity of the card holder is proved by a PIN, if an image reader is provided in this offline terminal and the card holder is proved by image information such as fingerprints, the system can be verified. Is more secure. Further, in the above-described embodiment, a transaction at a store is taken as an example. However, if the offline terminal is owned by an individual, it is possible to surely confirm the identity even if the terminal is used for mail-order sales or the like. This makes it possible to provide a secure system to both the service provider and the card holder.

〔The invention's effect〕

As described above, according to the present invention, there is provided a card mounting unit for making an electrical connection with an IC card in which data for specifying a cardholder is stored in advance, and a key input unit for inputting transaction data such as a transaction amount. Performs mutual authentication between the card and the card terminal, and generates a card transaction authentication number based on the card holder specific data read from the connected IC card at the card mounting section and the transaction data input from the key input section. It is configured to calculate and compare this with the result calculated by the credit company etc., so it is possible to easily detect fraudulent cards, fraudulent terminals, fraudulent holders, etc. It becomes possible to construct a card transaction system.

[Brief description of the drawings]

FIG. 1 is a circuit diagram of an IC card used in the transaction authentication method of the present invention, FIG. 2 is a schematic view of an IC card offline terminal used in the transaction authentication method of the present invention, and FIG.
FIG. 4 is a circuit diagram of an IC card terminal used in the transaction authentication system of the present invention, and FIG. 5 is a flowchart of one embodiment of the transaction authentication system of the present invention. 11 …… IC card terminal, 12 …… IC card, 22,11…
... Central control unit, 33,46 ... Mutual authentication unit, 34 ... PIN verification unit, 32,48 ... Data memory.

 ──────────────────────────────────────────────────続 き Continuation of the front page (72) Inventor Takafumi Kobayashi Inside NTT Data Communication Co., Ltd. 1-26-5 Toranomon, Minato-ku, Tokyo (56) References JP-A-59-769 (JP) JP-A-61-121170 (JP, A) JP-A-62-65168 (JP, A) JP-A-1-99159 (JP, A) JP-A-2-100164 (JP, A)

Claims (1)

(57) [Claims] 1. A transaction authentication system for inserting a IC card into an IC card off-line terminal and performing transaction authentication, wherein the IC card comprises a personal identification code data and a first code and data for encrypting a data string. Second to encrypt the column
And the third code for encrypting the data string is recorded. The IC card offline terminal records the same code as the first code and the second code, and the third card generated by the IC card Means for scrambling the first data string with the first code in both the IC card and the IC card offline terminal, and detecting the coincidence of both the scrambled data; Scrambling a data string with said second code in both said IC card offline terminal and said IC card;
Means for detecting a match between both scrambled data, a password input to the offline terminal, means for detecting a match between the password data, and data for transaction authentication transmitted from a financial institution to the offline. Means for inputting to the terminal, scrambling with the third code, and transmitting to the financial institution; transaction authentication data scrambled with the third code received at the financial institution; Means for detecting a match between the data and the data scrambled by the same code as the third code recorded in the financial institution.