JP2971160B2 - Prepaid card system using IC card - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a prepaid card system using an IC card. For more information, see Prepaid Cards / Prepaid Cards
About the system.

[0002]

2. Description of the Related Art At present, various cashless systems such as a prepaid card system and a credit card system are widely used. On the other hand, various misconduct has been performed in these cashless systems, and the demand for highly secure cashless systems has been increasing. On the other hand, a system has been developed in which security is enhanced by using an IC card that is more secure than a medium such as a magnetic card.

FIG. 8 is a system configuration diagram of a conventional system of a prepaid card system using an IC card. The system includes an IC card 81, and a store transaction terminal (POS) placed at a store where a user holding the IC card 81 performs shopping.
Terminal) 82 and a bank center system 83.

The bank center system 83 has a personal account 84 of a user holding the IC card 81, a personal card balance log file 85 for storing the amount of money deposited by the card user on his / her own card, a plurality of cards And a store account 87 for transferring the total amount of card sales for each store for a certain period from the unsettled fund file. The unsettled fund file 86 is the bank center system 8
There are one or several in three. A personal account 84 and a personal card balance file 85 exist corresponding to each individual holding the IC card 81, and a store account 87 exists corresponding to each store.

[0005] The IC card 81 has a balance storage register 88.
And the amount of money that can be used by the IC card 81 is stored. The store transaction terminal (POS terminal) 82 includes:
There is sales data 89 for storing sales at the terminal.

[0006] The card user stores his or her IC card in 8
In using 1, first, the IC card 81 is deposited. At the time of deposit, a PIN is entered from the keypad of the card to activate the IC card.
Access the bank center system via the 0. If the amount you want to deposit on the card is within the balance of the personal account 84,
This amount is added to the card balance, and the result of the addition is written to the balance storage register 88 of the IC card 81 via the ATM 90 (the amount of money deposited into the card 91). At the same time, the card balance is written to the personal card balance log file 85 of the bank center system 83.

[0007] This personal card balance log file 85
It can be used to prevent fraudulent acts on C cards. That is, the next time the card user makes a deposit, the IC card 81
Should be equal to or less than the amount written in the personal card balance log file 85,
If the amount of money stored in the balance storage register 88 of the C card 81 is larger than that of the personal card balance log file 85, it can be determined that the IC card 81 has been tampered with. Also,
The amount stored in the personal card balance log file 85 is a guaranteed amount that is guaranteed to the card user when the card is damaged.

[0008] When shopping with the IC card 81, the user enters a shopping amount into the store transaction terminal 82, inserts the IC card 81 into the store transaction terminal 82, and inputs a password from the keypad of the IC card. IC card 81
(Activate 92 for shopping). Thus, the store transaction terminal 82 updates the balance amount by subtracting the shopping amount from the balance in the balance storage register 88 of the IC card 81 (balance subtraction 93), and adds the shopping amount to the sales data 89. That is, the card of the IC card 81
If the user has an account at Bank A, the purchase amount is added to the amount a for Bank A in the sales data 89 and updated.

In the store transaction terminal 82, the sales amount is added to the sales data 89 by the above method, and the amount of the sales data 89 is encrypted and sent to the bank center system 83 at regular intervals. That is, after a certain period of time, the sales amount for each bank (for example, the amount a for Bank A) is encrypted, and the sales (billing) data 94 is used as the bank center system (for example, the bank center system of Bank A). Send to The bank center system 83 decodes the received sales (billing) data 94 and transfers the amount from the unsettled fund file 86 to the store account 87.

[0010] FIG. 9 is an explanatory diagram of the conventional update of the total sales data and the update of the IC card balance in the store transaction terminal. When shopping, the user inserts the IC card 81 into the store transaction terminal 82, activates the IC card 81 with a personal identification number, and inputs a purchase amount 95 from the store transaction terminal 82. This shopping amount 95 is input to the adder 96 of the store transaction terminal 82 and the subtractor 97 of the IC card 81, and the amount display 98 of the IC card 81 is displayed.
Is output to Thus, the user of the IC card 81 can determine whether or not the input of the purchase price 95 is correct. Another input of the adder 96 of the store transaction terminal 82 is sales sum data 99. When the purchase amount 95 is input, the adder 96 adds the purchase amount 95 to the sales total data 99 so far, and the sales total data 9
9 is updated. On the other hand, another input of the subtracter 97 of the IC card 81 is the value of the balance storage register 88. When the purchase amount 95 is input, the purchase amount 95 is subtracted from the value of the balance storage register 88 by the subtracter 97, and the difference is stored in the balance storage register 88 again to update the balance.

As described above, the conventional prepaid card
In the system, access control for disabling use by anyone other than the person by inputting the personal identification number of the IC card, and
Encryption for preventing wiretapping on a line between the bank center system is performed as a security measure.

[0012]

However, the conventional method does not protect against unauthorized use at the store terminal, and there is a problem in the security of the prepaid card system as a whole.

[0013] It is an object of the present invention to prevent fraud at a store terminal and improve safety.

[0014]

FIG. 1 is a functional block diagram of the present invention. The present invention is based on a prepaid card system 1 including an IC card 2, a store transaction terminal 3, and a bank center system 4. The bank center system 4 has a personal account 5 of the user having the IC card 2, and when the IC card user deposits into the IC card 2, if the desired deposit amount is equal to or less than the amount of the personal account 5, the amount To the balance register 8 in the IC card to indicate the usage limit. Further, the bank center system 4 updates the unsettled funds by adding the amount of money deposited into the IC card 2 to the amount of the unsettled fund file 6 storing the total usage limit of all IC card users. Further, the bank center system 4 has a store account 7, and the bank center system 4 deposits the amount of the request into the store account 7 in response to the settlement request 13 from the store transaction terminal 3. Also, the IC card 2
Each time a purchase is made, the purchase amount 9 is subtracted from the balance data in the balance register 8 and the usable limit at each time is stored in the balance register 8. The present invention has the above premise as a prepaid card system.

First, there is a sales summation / encryption means 10. The sales summation / encryption means 10 can be provided in the store transaction terminal 3 or the IC card 2. Total sales /
The encryption means 10 updates the total sales amount by adding the purchase amount 9 to the total sales amount up to that time every time the shopping by the IC card 2 is performed, and furthermore, updates the total sales amount with the bank key. Encrypt using. In this encryption, a method using an authenticator generation method for performing encryption processing using a part of data to be encrypted (plaintext) and an encryption method for performing encryption processing using the entire plaintext are used. There is a method and either one is adopted. When the sales sum encryption means 10 is executed by the IC card 2, the bank key used for the encryption can be changed for each bank so that the IC card 2 issued by another bank cannot be encrypted. In addition, by using, as data to be encrypted, data obtained by combining the total sales amount data, the serial number corresponding to the number of settlement requests to the bank center system 4 and the totalization start date and time, the store transaction terminal 3, it is possible to prevent tampering and fraud by copying the total sales data at the time of another settlement request. Furthermore, by adding ID data unique to the store transaction terminal 3 to the data to be encrypted, it is possible to prevent tampering and fraud by copying the total sales amount data from another store transaction terminal.

Next, sales total storage means 11 is provided. The sales sum storage means 11 is provided with the sales sum / encryption means 10
Is stored in the shop transaction terminal 3.

Further, a fraud detecting means 12 is provided. The fraud detecting means 12 is used for the store transaction terminal 3 or the IC card 2
And is executed prior to the update and encryption of the total sales amount by the sales totaling / encrypting means 10 each time the shopping by the IC card 2 is performed. First, the total sales data and its encrypted text are extracted from the total sales storage unit 11, the total sales data is encrypted with a bank key, and compared with the encrypted text read from the total sales storage unit 11. If they match, it is determined that there is no fraud. If they do not match, it is determined that the total sales data stored in the total sales storage unit 11 of the store transaction terminal 3 has been tampered with.

Finally, the bank center system 4 has a fraud detection and settlement means 14. The fraud detection and settlement means 14 receives the settlement request 13 from the store transaction terminal 3 and determines whether or not there is any fraud. If there is no fraud, the settlement processing is executed. Do not do. From the store transaction terminal 3, the total sales amount data stored in the total sales storage means 11 and its cipher text are received, and the total sales amount data is encrypted using a bank key, and the transmitted cipher text and Compare. If they match, it is determined that there is no fraud, and if they do not match, it is determined that there is fraud.

The fraud detection / settlement means 14 is also used by the sales summing / encrypting means 10 as the data to be encrypted, in addition to the sum of the sales, a serial number indicating the number of billing times, the summation start date and time, and the store transaction terminal ID. Is added, it is determined whether or not there is any contradiction in the added serial number, date and time, and terminal ID. If there is a contradiction, it is determined that there is an inconsistency.
If there is no inconsistency, it is determined that there is no injustice, and an injustice is detected due to the above-mentioned inconsistency in ciphertext.

[0020]

In the prepaid card system 1 using the IC card 2, the shopper owns the IC card 2, and the store has a store transaction terminal that can use the IC card 2. The bank center system 4 of the bank that issues the IC card 2 and contracts with the store has a personal account 5 of the user of the IC card 2 and a store account 7 of the store.

When the user of the IC card 2 uses the IC card 2, first, a process of accessing the bank center system 4 and depositing the IC card 2 is performed. That is, the user notifies the deposit amount, and if the deposit amount is equal to or less than the balance of the personal account, the bank center system 4 approves the deposit and sets this amount in the balance register 8 in the IC card 2. In the bank center system 4, there is an unsettled fund file 6 for storing the total amount of payments to all the contracted IC cards. File 6 is deposited.

On the other hand, the store transaction terminal 3 calculates the total sales amount within a certain period and requests the total sales amount to the bank center system 4 as the settlement request 13 for each predetermined period. At the beginning of a certain period, the total sales amount is initialized to zero.

In this state, it is assumed that the IC card user performs shopping at the store. At this time, first, the IC card 2 is inserted into the store transaction terminal 3, and the IC card user
The IC card 2 is activated by inputting the personal identification number of the card 2. Next, the user inputs the purchase amount 9 from the keyboard or the like of the store transaction terminal 3. At this stage, the sales summation / encryption means 10 is activated.

The sales summing / encrypting means 10 includes a method of placing it in the store transaction terminal 3 and a method of placing it on the IC card 2. First, it is assumed that it is placed in the store transaction terminal 3. The sales summation / encryption means 10 sets the purchase price 9 as the sales sum when the sales summation for a certain period starts, and encrypts the sum with the bank key stored in the store transaction terminal 3. Then, the total sales amount and its cipher text (an authenticator may be used instead of the cipher text) are sent to the total sales storage unit 11. The sales sum storage means 11 in the store transaction terminal 3 stores the sales sum amount data input from the sales summing / encryption means 10 and its encrypted text.

On the other hand, in the IC card 2 inserted in the store transaction terminal 3, the shopping amount 9 is subtracted from the balance amount stored in the balance register 8, and the data in the balance register 8 is updated to a new balance amount.

It is assumed that the next shopper is shopping with the IC card 2. First, the IC card 2 is inserted into the store transaction terminal 3, and the IC card user activates the IC card 2 by inputting the personal identification number of the IC card 2. next,
The user inputs the purchase amount 9 from the keyboard or the like of the store transaction terminal 3. At this point, the sales summation / encryption means 10 is activated. Since we know that it is not the start of sales for a certain period,
Prior to the sales summation / encryption processing, the fraud detecting means 12 is activated. The fraud detecting means 12 is also the sales summing / encrypting means 10
In the same manner as described above, it can be provided in the store transaction terminal 3 or the IC card 2. Here, it is assumed that it is placed in the store transaction terminal 3.

The fraud detecting means 12 includes the total sales storing means 1
The total sales amount data and its cipher text (or authenticator) stored in 1 are read, and it is checked whether or not there is any contradiction between the total sales amount and the cipher text (authenticator). That is, the sales sum amount data is encrypted with the same bank key as that used by the sales summing / encrypting means 10, and a process is performed to check whether or not the data matches the read cipher text (or authenticator). When the cipher text is used, the cipher text may be decrypted with the same bank key, and it may be checked whether or not it matches the read sum total amount data. If they match, it can be determined that there has been no tampering, and if they do not match, it can be considered that some tampering has occurred. If not, the sales summing / encrypting means 10 is started. On the other hand, if there is any fraud, the fact that there is fraud is notified to the bank center system 4, and the process is terminated.

If there is no fraud, the sales summation / encryption means 10 is activated. That is, the total sales amount data is updated by adding the shopping amount 9 to the total sales amount data read by the fraud detecting means 12, and the updated sales total amount data is encrypted with the bank key. Then, the data is sent to the sales sum storage means 11 in the store transaction terminal 3. By repeating the above process, the total sales amount within a certain period is calculated.

After a predetermined period has elapsed, the store transaction terminal 3 sends a settlement request 13 to the bank center system 4.
When receiving the settlement request 13, the bank center system 4 activates the fraud detection settlement means 14.

The fraud detection and settlement means 14 is provided by the store transaction terminal 3
Then, the sum total sales amount data and its cipher text (or authenticator) are called from the sales total sum storage means 11 and whether there is no inconsistency between the total sales amount data and the cipher text is determined. That is, the total sales amount data is transferred to the bank center system 4
And encrypts it with the same bank key as that used by the sales summation / encryption means 10, and compares the sentence obtained with the called ciphertext (or authenticator). If they match, it is determined that there is no fraud, and if they do not match, it is determined that there is some kind of tampering. Also in this case, when the ciphertext is used, the called ciphertext may be decrypted with the same bank key and compared with the summed sales sum data. If there is no fraud, a settlement process, that is, a process of depositing the sum of the sales amount from the unsettled fund file 6 into the store account 7 is executed. If it is determined that there is unauthorized tampering, the settlement processing is not executed.

In the above description, the sales summation / encryption means 1
Although the zero and fraud detecting means 12 are placed in the store transaction terminal 3, they can be placed in the IC card 2 to prevent fraud by decrypting the bank key. The operation is the same as described above.

Further, in order to prevent fraudulent alteration of the total sales amount by copying the previous total sales amount data stored in the total sales storage means 11 in the store transaction terminal 3 and its encrypted text (or authenticator). In addition, there is a method of adding a serial number incremented for each settlement request 13 to the total sales amount data, or adding a sales total start date and time within a certain period to the total sales amount data. In this case, the sales summing / encrypting means 10 encrypts the information including the serial number and the date and time. The fraud detection and settlement means 14 in the bank center system 4 checks whether there is any inconsistency in the serial number and the date and time, encrypts the total sales amount data including the serial number and the date and time, and transmits the data with the settlement request 13. It checks for the presence of fraud by comparing it with the ciphertext.

Further, in order to prevent fraudulent alteration of the total sales amount by copying the total sales amount data stored in the total sales storage means 11 of the other store transaction terminals 3 and its encrypted text (or authenticator). There is also a method of adding a unique ID to the total sales amount data for each store transaction terminal 3. In this case, the sales summation / encryption means 10
Encrypt including D. The fraud detection and settlement means 14 in the bank center system 4 detects fraud based on whether there are a plurality of settlement requests for the same store transaction terminal ID, and further encrypts the total sales amount data including the store transaction terminal ID, It is compared with the cipher text sent in the settlement request 13 to check for fraud.

[0034]

FIG. 2 is a system configuration diagram of an embodiment of the present invention. The configuration of the IC card 2 and the store transaction terminal 3 will be described.

The IC card 2 comprises a balance register 8, a subtractor 20, and an amount display 21. In addition, the store transaction terminal 3 has sales data 22, an adder 23, an encryption unit a24,
It comprises an encryption unit b25, a comparator 26, and a bank key 27. The sales data 22 is composed of the total sales data 28 and the authenticator 29.

When the card user makes a purchase and pays with an IC card, the sales data 22 of the store transaction terminal 3 is used.
Is updated and the balance storage register 8 of the IC card 2 is updated, and in addition, fraud prevention processing is performed.

First, prior to payment by the IC card 2, the store transaction terminal 3 encrypts the total sales data 28 in the sales data 22 with the bank key 27 by the encryption unit a24, and sends the result to the comparator 26. Output. Bank key 2
Reference numeral 7 denotes an encryption key prepared for each of a plurality of banks with which the store cooperates in sales by IC card. The comparator 26 compares the encrypted data with the authenticator 29 to determine whether or not the combined sales data 28 when the authenticator 29 was created has been falsified. That is,
If the encrypted data and the authenticator 29 match, the comparator 26 determines that the data has not been tampered with,
The payment processing by the card 2 is executed. On the other hand, if they do not match, it is determined that the data has been falsified, and the operator is notified that fraudulent activity or error has occurred without performing payment processing by the IC card 2.

If it is determined that the data has not been tampered with, the following processing is executed. First, a purchase amount 9 is input from a keyboard or the like of the store transaction terminal 3. Then, the purchase price 9 and the total sales data 28 in the sales data 22 are added, the addition result is stored in the total sales data 28, and the total sales data so far is updated. The addition result is also input to the encryption unit b25. The encryption unit b25 encrypts the new sales sum data with the bank key 27, stores the result in the authenticator 29, and updates the authenticator 29.

The encryption processing (authenticator generation) for creating the authenticator 29 is the same processing as general encryption (for example, F
EAL algorithm). Some bits of the encrypted text are encrypted to form an authentication text. For example, 128
Sixty-four bits of the bit encrypted text are encrypted and used as an authentication text. For this reason, the ciphertext cannot be inversely generated from the authentication text.

On the other hand, the shopping amount 9 is also input to the IC card 2. The shopping price 9 is displayed on the price display 21 and is input to the subtracter 20. Another input of the subtractor 20 is the balance data of the balance storage register 8. The subtracter 20 subtracts the current purchase amount 9 from the balance data,
The result is stored in the balance storage register 8 to update the balance data.

In the first embodiment described above, when the sum of sales is calculated at the store transaction terminal 3, the sum of sales data is encrypted and stored as an authenticator together with the sum of sales data. When performing, the sales total data previously calculated and stored is again encrypted and compared with the previously stored authenticator to determine whether the sales total data has been tampered with in the store transaction terminal 3. As a result, it is possible to prevent the total sales data from being falsified in the store transaction terminal 3.

In the first embodiment, the authenticator 29
There is a method of using ciphertext instead of using. The system configuration is the same as that of FIG.
Is similar to the first embodiment.

When updating the total sales data 28 of the store transaction terminal 3 with the purchase of the shopper (addition by shopping), first, the total sales data 28 before the update is encrypted by the encryption unit a.
24, using the bank key 27 for encryption, and it is determined whether or not the encrypted text matches the encrypted text corresponding to the sales sum data. If they match, it determines that the total sales data 28 has not been tampered with, and executes the updating process. If they do not match, it determines that tampering or an error has occurred, does not perform the updating process, and notifies the operator of the fact. Here, the combined sales data 28 is encrypted to determine the coincidence with the corresponding cipher text. However, when the cipher text is used, the original text can be inversely generated (decrypted) from the cipher text. Alternatively, the ciphertext may be decrypted using the bank key 27, and it may be determined whether or not the decrypted value matches the total sales data 28. Also in this case, it can be determined that there is no falsification in the case of a match, and that there is falsification in the case of a mismatch. For the encryption, for example, the FEAL algorithm or the like can be used.

In the updating process when it is determined that there is no tampering, first, the adder 23 adds the purchase price 9 and the data of the sales total data 28 inputted from the keyboard or the like of the store transaction terminal 3 to the adder 23. Are stored again in the total sales data 28. Further, the output of the adder 23, that is, the new sales sum data is input to the encryption unit b25, encrypted by the bank key 27 to create a ciphertext, and this is combined with the sales sum data 28
(Replace the part of the authenticator 29 as a ciphertext).

The processing on the IC card 2 side is the same as in the first embodiment. That is, the shopping amount 9 input to the store transaction terminal 3 is also sent to the IC card 2, and this amount is output to the amount display 21 and input to the subtractor 20. From the value, the purchase amount 9
Is subtracted, the subtraction result is stored again in the balance storage register 8, and the balance data is updated.

FIG. 3 is a system configuration diagram of the second embodiment. The update processing and the encryption of the sales sum data are performed on the IC card side. The IC card 2 includes a combined data encryption unit 30 using an IC card and a card balance updating unit 31 using an IC card. The integrated data encryption unit 30 using the IC card updates the total sales amount of the store transaction terminal 3 of the store where the card user shops, executes processing for encrypting the data, and updates the card balance using the IC card. The unit 31 executes a process of updating the balance of the IC card 2.

An integrated data encryption unit 30 using an IC card
Is an adder 32, an encryption unit 33, a decryption unit 34, a comparator 35, a bank key storage unit 3,
Consists of six. The bank key of the bank (bank A) that issued the IC card 2 is stored in the bank key storage unit 36. Using this key, the encryption unit 33 encrypts the ciphertext, and the decryption unit. At 34, the ciphertext is decrypted. On the other hand, IC
The card balance updating unit 31 using a card has the same configuration as the IC card 2 in the first embodiment, and includes a balance storage register 8 and a subtractor 20.

On the other hand, the store transaction terminal 3 comprises a sales data storage section 37, an adder 38, and a comparator 39. The sales data storage unit 37 is composed of a house bank name 41, a plaintext 41 of total sales data, and an encrypted text 42 of total sales data.
Stored separately for each bank with which the store transaction terminal 3 does business (37-1, 37-2, 37-3, ...). Then, the sales total data (plaintext 41) and the encrypted text 42 obtained by encrypting the data are stored in the sales data storage unit 37 as a pair.

In order to update the total sales by the purchase of the shopper, first, the IC card 2 is inserted into the store transaction terminal 3 and the purchase amount 9 is inputted from the keyboard of the store transaction terminal 3 or the like. By inserting the IC card 2, the IC card 2
The plaintext 41 (41-1) and the ciphertext 42 (42-1) of the sales data storage unit 37 for the bank that issued the IC card 2 (in this case, bank A) are sent. And ciphertext 4
2 is input to the decryption unit 34 in the IC card 2, and the IC card 2 decrypts using the bank key (here, the key of Bank A) stored in the bank key storage unit 36. by this,
The cipher segment 42 should return to the plaintext before encryption. The decrypted sentence is input to the comparator 35. Another input of the comparator 35 is the plain text 41 sent from the store transaction terminal 3. The comparator 35 compares the decrypted sentence with the plaintext 41 from the store transaction terminal 3, and if they match, the store transaction terminal 3
Assuming that the sales data has not been tampered with, the sales data is updated. On the other hand, if they do not match, the decrypted sentence and the original plaintext are different,
The operator is notified that some tampering or error has occurred, and the process is terminated.

If the result of the comparator 35 is the same and the data has not been tampered with, the value of the plaintext 41 in the sales data storage unit 37 sent from the store transaction terminal 3 and the shopping price 9 input by the keyboard are used. Input to the adder 32. Adder 32
Calculates the sum of sales by adding these two values.
The result is sent to the store transaction terminal 3 and the IC
The data is sent to the encryption unit 33 in the card 2. Encryption unit 3
3 encrypts the total amount of sales with the bank key stored in the bank key storage unit 36 and sends the result to the store transaction terminal 3 as ciphertext update data 43. The store transaction terminal 3 stores the received ciphertext update data 43 in the ciphertext 42 of the sales data storage unit 37.

On the other hand, the output of the adder 32 in the IC card 2 (total sales amount) is also sent to the store transaction terminal 3 and becomes one input of the comparator 39 in the store transaction terminal 3. An adder 38 also exists in the store transaction terminal 3, adds the plaintext 41 of the sales data in the sales data storage unit 37 and the purchase price 9, and calculates the total sales amount on its own. Let it be the other input. If the total sales amount sent from the IC card 2 and the total sales amount independently calculated by the store transaction terminal 3 match, the total sales amount is regarded as correctly calculated, and the sales total amount is used as the amount update data 44. It is stored in the plaintext 41 of the data storage unit 37. On the other hand, if there is a mismatch in the comparator 39, the total sales amount sent from the IC card 2 will be different from the total sales amount originally calculated by the store transaction terminal 3, and the IC card 2 or store transaction This means that an error has occurred in one or both of the terminals 3. In such a case, the processing is stopped and a message to that effect is output.

The IC card 2 performs its own balance updating process in addition to the sales total data updating process on the store side. I
The card balance updating unit 31 using the C card inputs the balance data stored in the balance storage register 8 to the subtractor 20. Then, the other input of the subtractor 20 is converted to the purchase amount 9
Then, the shopping amount 9 is subtracted from the balance data and stored in the balance storage register 8 again. Thus, the update of the balance data is completed.

In the second embodiment, the sum of sales calculation processing and the encryption of the sum of sales are performed on the IC card side, so that the processing cannot be performed on the store side. In the first embodiment, if the bank key is decrypted at the store side, the total sales calculation and its encryption can be performed, and the possibility of unauthorized tampering remains. However, as in the second embodiment, the IC card side By doing so, such fraudulent acts can be prevented. Further, by changing the bank key for each bank, there is an advantage that encryption processing cannot be performed unless the IC card is issued by the bank, security is increased, and the bank key can be updated for each bank.

In the second embodiment, the encrypted data 42 and the corresponding encrypted text 42 are stored in the sales data storage unit 37 by encryption processing, but a part of the plaintext 41 of the combined sales data is used. In this case, the corresponding authenticator may be stored in the ciphertext 42 by encryption.

FIG. 3 is an explanatory diagram of fraudulent information which is obtained by the system configuration of the first or second embodiment and which may occur in the total sales data stored in the store transaction terminal. Store transaction terminal 3
Is composed of total sales data 28 for a certain period and an authenticator 29 obtained by performing an encryption process on the total sales data 28. Assume that the total sales data 28 for a certain month is 1,000,000 yen. Then, in the month, the total sales amount is charged to the bank center system 4 (the nth billing data 48). That is, the n-th billing data 48 is the sales sum data 28 (10
Authenticator 29 corresponding to (0,000 yen). The bank center system 4 receives this data, and firstly,
Encrypts the sales sum data 28 with the bank key 46. The authenticator obtained by this encryption is input to the comparator 47, and is compared with the transmitted authenticator 29. If they match, it is determined that there is no fraud, and the bank center system 4 deposits the billed amount into the store account.

Here, the total sales amount for the next month is as small as 100,000 yen, and in order to increase sales, the store side terminal 3 uses the sales data 22 for the previous month as the sales data 22 for this month.
Unauthorized tampering by copying 2 as it is. That is, the authenticator 29 corresponding to the sales total data 28 (1 million yen) of the previous month is copied as the sales data 22 of this month.

In such a case, the (n + 1) th billing data 4
The sales data 22 of the previous month copied as 9 is sent to the bank center system 4 as it is. That is, the total sales data 28 (1 million yen) and the corresponding authenticator 29 are sent. In the bank center system 4, the sales sum data 28 of the (n + 1) th billing data 49 sent is encrypted with the bank key 46 and compared with the authenticator 29. However, since the transmitted total sales data (1 million yen) 28 and the authenticator 29 are in correspondence, it cannot be detected that the data of the previous month has been copied, and such fraud cannot be prevented. Such impropriety due to copying can be made at any time, either at the time of billing to the bank center system 4 or in the middle of the month.

This is because the total sales data and the authenticator are one-to-one.
Because it corresponds to. In order to prevent such fraud, a method of adding a serial number of the bill to the sales data 22 is considered.

FIG. 5 is an explanatory diagram of a third embodiment, that is, a system in which a serial number is added to sales data.
The store transaction terminal 3 has a counter that is incremented each time a sales request is made to the bank center system 4. The bank center system 4 stores a serial number corresponding to each store transaction terminal as a check counter 51. ing. Then, as the billing data, the total sales data 28
And the authenticator 29 are sent. The authenticator 29 converts the data obtained by adding the serial number 50 to the total sales data 28 into an IC.
The card 2 is obtained by encryption.

For example, in the second billing data, the value of the total sales data 28 is “1 million yen”, and the authenticator 2
Reference numeral 9 denotes an authenticator obtained by encrypting data obtained by combining the serial number "2" and the total sales data "1 million yen".
On the bank side, it is detected by the check counter 51 that this is the second billing, the combined sales data “1,000,000 yen” and the received data are encrypted, and an authenticator is obtained. Compare with authenticator sent. If they match, it is determined that there is no fraud, and the billed amount is credited to the store account. If they do not match, it is determined that there is an error or an error.

Here, the sales are small at the time of the third billing,
It is assumed that fraudulent copying of previous billing data is performed at the store terminal 3. That is, the sales sum data “1 million yen” and the authenticator are copied. When a request is made to the bank center system 4, the bank counter detects that this is the third request by the check counter 51, encrypts the serial number "3" and the total sales data "1,000,000 yen", and encrypts the authenticator. Then, it is compared with the authenticator sent from the store transaction terminal 3. In this case, the transmitted authenticator is encrypted as the serial number '2', and does not match the authenticator obtained by the bank center system 3. Thereby, fraud can be detected.

In the third embodiment, the serial number indicating the number of times of billing to the bank is added to the sales total data to perform encryption. However, instead of the serial number, the date and time at the start of the totaling may be used. The store transaction terminal 3 adds the date and time at the start of the summing to the sales summing data 28 to generate an authenticator. The bank center system 4 manages the date and time added to the combined sales data sent at the time of the previous billing for each store transaction terminal, and compares it with the date and time added to the currently billed sales data. . If the date and time are the same or older than the date and time of the previous billing, it is determined that there is fraud. If the date and time are new, the date and time and the total sales data are encrypted together, an authenticator is generated, and the authenticator is compared with the authenticator sent from the store transaction terminal. If they do not match, it is determined that there is some other injustice or error, and the settlement process is not performed.

FIG. 6 is an explanatory diagram of a fraud that can occur in the system up to the third embodiment. It is assumed that there are a plurality of store transaction terminals on the store side (3-1, 3-2). The total sales data 28-1 of the store transaction terminal A3-1 is 1,000,000 yen, and the sales data 28-2 of the store transaction terminal B3-2.
Is 100,000 yen. Each authenticator (29-
1, 29-2) are the total sales data (28-
1, 28-2) obtained by encryption.

Here, since the sales at the store transaction terminal B3-2 are small, the sales data 22-1 at the store transaction terminal A3-1 is obtained.
Is copied and inflated. As a result, the sales data 22-1 of the store transaction terminal A3-2 is copied as it is to the sales data 22-2 of the store transaction terminal B3-2, and the sales of the store transaction terminal B3-2 is 1,000,000 yen. Become. When this billing data 61 is sent to the bank center system 4, the encryption unit 45 of the bank center system 4 converts the total sales data 28-2 (1 million yen) in the billing data 61 of the store transaction terminal B into the bank key 46. And the result is authenticated by the authenticator 29-
Compare with 2. Since the bank center system 4 cannot detect the difference between the store transaction terminals from the billing data 61, the comparator 47 determines that they match, and executes the settlement processing.

As described above, it is possible that fraudulent increase of sales may occur by copying the sum of sales of other store transaction terminals. FIG. 7 shows a fourth embodiment, namely,
It is explanatory drawing of the system which adds ID of a store transaction terminal.

A unique ID is given to the store transaction terminal, which is included in the sales data 22 as the store transaction terminal ID 70 and billed to the bank center system 4. The bank center system 4 manages the ID of each terminal (terminal number 71).

At each store transaction terminal, the total sales data 28
Authenticator 29 for data with terminal ID 70 added to
Is calculated by an IC card and stored. When making a sales request to the bank center system 4, the sales total data 28 and the authenticator 29 are sent. The bank center system 4 determines whether there is a sales request having the same store transaction terminal ID, and if there is a request with the same ID, it is determined that there is fraud. If there is no request with the same ID, the transmitted sales sum data 28 is encrypted by the encryption unit, and the obtained authenticator is compared with the authenticator sent from the store transaction terminal. If they match, the settlement processing is performed assuming that there is no fraud. If they do not match, it is determined that there is some irregularity or error, and the settlement process is not performed.

[0068]

According to the present invention, a deposit terminal such as an ATM,
Fraud at the store transaction terminal becomes difficult, and safety can be improved. Furthermore, in the past, only prepaid cards with no cash value in terms of security (prepaid cards with a limited purpose) could be issued, but IC cards with cash value can be issued, and the range of use of the cashless system is limited. spread.

[Brief description of the drawings]

FIG. 1 is a functional block diagram of the present invention.

FIG. 2 is a system configuration diagram (update of sales total data at a transaction terminal on the store side) according to an embodiment;

FIG. 3 is a system configuration diagram of a second embodiment (IC of a shopper)
Update of sales total data by card).

FIG. 4 is an explanatory diagram of an increase in sales due to copying of previous billing data.

FIG. 5 is an explanatory diagram of adding a serial number to store sales data.

FIG. 6 is an explanatory diagram of an increase in sales due to copying of billing data of another store transaction terminal.

FIG. 7 is an explanatory diagram of adding a transaction terminal ID to store sales data.

FIG. 8 is a configuration diagram of a prepaid card system using a conventional IC card.

FIG. 9 is an explanatory diagram of a conventional method of updating total sales data of a transaction terminal at a store and updating an IC card balance.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Prepaid card system 2 IC card 3 Store transaction terminal 4 Bank center system 5 Personal account 6 Unsettled fund file 7 Store account 8 Balance register 9 Shopping amount 10 Sales summation / encryption means 11 Sales summation storage means 12 Fraud detection means 13 Payment request 14 Fraud detection payment means

──────────────────────────────────────────────────の Continuation of the front page (51) Int.Cl. ⁶ Identification code FI G07F 7/12 G07F 7/08 CLR (72) Inventor Hiroshi Tanaka 1015 Uedanaka, Nakahara-ku, Kawasaki-shi, Kanagawa Fujitsu Limited (56) reference Patent flat 2-244394 (JP, a) JP flat 2-75062 (JP, a) JP Akira 63-75062 (JP, a) (58 ) investigated the field (Int.Cl. ⁶ G07G 1/00-5/00 G07F 7/08 G07F 7/12 G06F 17/60 G06F 19/00 G06K 17/00

Claims (5)

(57) [Claims] Claims: 1. A financial institution center system sums up the amounts deposited from each personal account in each IC card, stores the sum as an unsettled fund file, and stores transactions at a store where shopping with the IC card is possible. The terminal sums up and stores the purchase amount of the IC card for each financial institution, and invoices the financial institution center system for a fixed period to execute the settlement processing every fixed period.・ In a prepaid card system that stores the amount of money that can be used in the payment processing of the system in an internal balance register, reduces the balance by the shopping amount each time you shop, and stores the usable amount in the balance register. calculate the total sales amount of money within a certain period in the transaction terminal, and sales combined and encryption means for encrypting on the amount of money該売using the financial institutions key, the sales sum-encryption Sales combined amount of money and means has calculated
The encrypted statement about the total sales amount is stored at the store transaction end.
Means for storing the sum of sales stored in the end of the device, and every time there is a shopping by the IC card, prior to execution of the means for sum of sales and encryption, the sum of sales data stored in the means for sum of sales is encrypted. The encrypted text is compared with the encrypted text stored in the sales sum storage means to determine a match or mismatch. If they match, there is no fraud. If not, there is no tampering with the sum of the sales. Fraud detection means to determine that payment has been made, and
Detects whether the sum of sales data requested by the financial institution center system is fraudulent or not. If there is no fraud, deposit the sum of sales billed into the store account. And a fraud detection and settlement means that does not perform the above, and the sales summation / encryption means and the fraud detection means are provided in a store transaction terminal. A prepaid card system using an IC card. 2. A financial institution center system stores the total amount of money received from each personal account in each IC card and stores it as an unsettled fund file, and stores transactions at a store where shopping with the IC card is possible. The terminal sums up and stores the purchase amount of the IC card for each financial institution, and invoices the financial institution center system for a fixed period to execute the settlement processing every fixed period.・ In a prepaid card system that stores the amount of money that can be used in the payment processing of the system in an internal balance register, reduces the balance by the shopping amount each time you shop, and stores the usable amount in the balance register. Sales summing / encrypting means for calculating the sum of the sales amount within a certain period of time at the transaction terminal and encrypting the sales amount using a financial institution key; And sales summing storing means for storing the encrypted sentence for sales combined amount and該売on summing amount means has calculated in the store transaction terminal, each time there is a shopping by the IC card, the sales summed-encryption means Prior to execution, the sales sum data stored in the sales sum storage means is encrypted, and the encrypted text is compared with the cipher text stored in the sales sum storage means to determine a match or mismatch. If they match, there is no fraud, and if they do not match, fraud detection means to judge that the combined sales amount has been tampered with, and in response to payment requests from the store transaction terminal at regular intervals,
Detects whether the sum of sales data requested by the financial institution center system is fraudulent or not. If there is no fraud, deposit the sum of sales billed into the store account. And a fraud detection and settlement means that does not perform the above, and the sales summation / encryption means and the fraud detection means are provided in the IC card. A prepaid card system using an IC card. 3. The sales summing / encrypting means uses an authenticator for encrypting a sales amount.
Or a prepaid card system using the IC card described in any of 2. 4. The sales summing / encrypting means changes a financial institution key used for encryption for each financial institution, so that it cannot be encrypted with an IC card issued by another financial institution. A prepaid card system using the IC card according to claim 1. 5. The sales summing / encrypting means includes, in addition to the sales summing data, a serial number or a sales summing start date and time incremented for each request to a financial institution, and an ID number assigned to each store transaction terminal. 3. A prepaid card system using an IC card according to claim 1, wherein the data obtained by combining the data is encrypted.