JP5245589B2 - Operator terminal system and operator terminal - Google Patents

Description

  The present invention relates to an operator terminal system and an operator terminal for performing accounting-related business processing in a financial institution, and particularly to an operator terminal system and an operator terminal in which a plurality of operators use one operator terminal jointly.

When leaving a terminal such as a PC (personal computer) equipped with a function that can be used by inputting a password or the like when the terminal is left in use, There is a risk of unauthorized use.
As a technique for preventing such unauthorized use and ensuring security, for example, there is a keyboard lock system disclosed in Patent Document 1.

In this lock system, when a terminal user registers a password in the terminal and leaves the terminal while the terminal is in use, the terminal automatically enters a state in which the keyboard input is not accepted after a certain period of time, that is, a key lock state. When the password is entered and the return key is pressed, the entered password is checked against the registered password. If they match, the key lock state is released and the keyboard is returned to the state that accepts keyboard input. It is a thing.
Japanese Patent Laid-Open No. 9-167041

  However, in the above-described conventional technology, only the person who knows the correct password can release the key lock state. Therefore, this technology is used by a plurality of operators in a financial institution jointly for business. When the operator's terminal is used while the operator's terminal is used, if the operator is automatically locked, the other operator will not be able to use the operator's terminal, causing problems in business operations. There is.

  An object of the present invention is to solve such a problem.

Therefore, the operator terminal system of the present invention has an operator terminal used jointly by a plurality of operators of the financial institution, each operator having the operation qualification of the operator terminal, and the authority to release the operation qualification and the locked state of the operator terminal. An authentication server that performs authentication of the unlocking authority and an authority information management server that manages the authority information of each operator and the unlocking authority, and one operator operates the operator terminal to operate the authentication server. After performing authentication, when an operation is not performed for a certain period of time during execution of business processing, the operator terminal is locked so as not to accept any operation other than input of authentication information. When authentication information is entered in, authentication is performed by the authentication server based on the entered authentication information. If it is authenticated is a qualified person I sends authorization information based on the authentication information input after the lock in the right information management server the operator terminal, the operator terminal, its authority information In the case of the unlocking authority information, the business processing up to the locked state is invalidated, and the locked state is released so that other operators can use it.

  The present invention as described above is an unlocking authority person who has the authority to unlock even when an operator who is performing business processing at the operator terminal leaves and the operator terminal is automatically locked. Thus, the lock can be released so that the other operator can use the operator terminal. Therefore, it is possible to minimize the occurrence of troubles in business operations.

  Embodiments of an operator terminal system and an operator terminal according to the present invention will be described below with reference to the drawings.

FIG. 1 is a system configuration diagram showing an embodiment.
In FIG. 1, reference numeral 1 denotes an operator terminal installed at a counter or behind a financial institution's sales office. Although only one terminal is shown in the figure, a plurality of operator terminals are usually installed, and each operator terminal 1 has a plurality of operators. Are shared.
The operator terminal 1 is connected to the authentication server 10 and the authority information management server 20 installed in the center via a communication line, and can exchange information with each other.

The authentication server 10 manages an authentication information database (hereinafter DB) 11 in which authentication information is registered, and the authority information management server 20 manages an authority information database (hereinafter DB) 21 in which authority information is registered.
FIG. 2 is a block diagram showing the configuration of the operator terminal 1. As shown in the figure, the operator terminal 1 includes a display unit 2 such as an LCD, an input unit 3 such as a keyboard or a mouse, and a storage unit 4 such as an HD. The storage unit 4 includes a control unit 5 having a memory 6 as a temporary storage unit, and the storage unit 4 performs a business process such as deposit, withdrawal, transfer, etc. performed at the operator terminal 1 A program for controlling the display unit 2 and the input unit 3 and screen information for business processing are stored, and the control unit 5 operates the operator terminal 1 based on the program stored in the storage unit 4. In addition to having a function to control the entire system, in this embodiment, if the input operation is not performed for a certain period of time during the business process of the operator, the operator is not allowed to accept any operation other than authentication information input. With locking the end 1, the lock post has a function for controlling to unlock by operating the lock release permission to operate or later of the lock before the operator.

  FIG. 3 is a diagram showing an example of the contents of authentication information registered in the authentication information DB 11. As shown in the figure, the authentication information DB 11 includes an operator who is qualified to operate the operator terminal 1 and a role with higher authority than the operator. A user ID and a password that are individually assigned to or set by the unlocking authority having the authority to operate the operator terminal 1 such as a person and the authority of unlocking are registered as authentication information in association with each other.

  FIG. 4 is a diagram showing an example of the contents of authority information registered in the authority information DB 11. As shown in the figure, the authority information DB 11 includes an operator who has the qualification to operate the operator terminal 1 and qualification and lock to operate the operator terminal 1. In association with the user ID of the unlocking authority who has the authority to release, the job classification (rank) of the operator or the unlocking authority is registered as authority information.

The user ID registered in the authentication information DB 11 and the user ID registered in the authority information DB 11 are the same information.
The operation of the above configuration will be described.
The operation of the operator terminal 1 described below is controlled by the control unit 5 based on a program (software) stored in the storage unit 4, and the authentication server 10 and the authority information management server 20 are respectively It is assumed that control is performed by a control unit (not shown) based on a program (software) stored in a storage unit (not shown).

FIG. 5 is a flowchart showing the operation of the embodiment, and will be described in accordance with the step indicated by S in the figure.
FIG. 6 is an authentication information input screen displayed on the display unit 2 of the operator terminal 1 and is provided with a user ID and password input field. In this authentication information input screen, only the user ID and password are controlled to be valid. The

First, when one operator who intends to operate the operator terminal 1 looks at the authentication information input screen displayed on the display unit 2 and inputs a user ID and password from the input unit 3 (S1), the control unit 5 inputs The stored user ID is stored in the memory 6 and the user ID and password are sent to the authentication server 10 to request authentication (S2).
The authentication server 10 collates the sent user ID and password with the user ID and password registered in the authentication DB base 11, and if a matching user ID and password are registered, either one is qualified. However, if it is different, it is authenticated as an unqualified person, and information to that effect is transmitted to the operator terminal 1 as an authentication result.

When the control unit 5 of the operator terminal 1 acquires (receives) the authentication result from the authentication server 10 (S3), it determines whether the information of the authentication result is a qualified person (S4). While waiting for the input of the user ID and password, if it is information of a qualified person, a menu screen is displayed on the display unit 2.
When the operator views one of the menu screens and selects one of the processing items (transaction type) of the account-related business such as deposit, withdrawal, or transfer by operating the input unit 3, the control unit 5 checks the account according to the selected processing item. A screen for system business processing is displayed on the display unit 2, and the operator is caused to execute the business processing (S5).

During the execution of the account-related business process, the control unit 5 monitors whether or not there has been an input operation from the input unit 3 (S6). (S15) If the operation is an end operation, the business process is terminated. If the operation is not an end operation, the process returns to S5 to continue the business process.
When there is no input operation from the input unit 3, the control unit 5 determines whether or not a predetermined time (for example, 15 minutes) has elapsed since the previous operation (S7). Returning to S6, monitoring of the input operation is continued, but when a certain time has elapsed, the control unit 5 displays the authentication information input screen shown in FIG. 6 on the display unit 2 and displays the operator terminal 1 with the user ID and password. It locks in the state which does not accept operation other than the input of (S8).

In this locked state, the previously entered information is stored in the memory 6 assuming that the business processing up to that point is still effective.
In this state, when someone inputs a user ID and password using the input unit 3, the control unit 5 stores the input user ID in the memory 6 and sends the user ID and password to the authentication server 10 to request authentication ( S10).

The authentication server 10 checks the sent user ID and password against the user ID and password registered in the authentication DB base 11, and if a matching user ID and password are registered, either one is qualified. However, if it is different, it is authenticated as an unqualified person, and information to that effect is transmitted to the operator terminal 1 as an authentication result.
When the control unit 5 of the operator terminal 1 acquires (receives) the authentication result from the authentication server 10 (S11), it determines whether the information of the authentication result is a qualified person (S12). Waiting for input of user ID and password, if it is information of qualified persons, the same operator is determined by whether or not the user ID input before the screen lock stored in the memory 6 matches the user ID input after the lock Whether or not (S13).

Here, when the user IDs match and are determined to be the same operator, the control unit 5 releases the lock state so that the business process before the lock can be continued (S14), and repeats the processes from S6.
When it is determined that the user IDs do not match and are not the same operator, the control unit 5 sends the user ID input in S9 to the authority information management server 20 and requests the authority information search (S16).

The authority information management server 20 searches the authority information DB 21 for a job title corresponding to the transmitted user ID, and transmits the search result to the operator terminal 1 as authority information.
When the control unit 5 of the operator terminal 1 acquires (receives) the authority information from the authority information management server 20 (S17), it determines whether the authority information is information of the unlocking authority person (S18). If the operator is not a general operator, the process returns to S8 and the locked state is continued.

When the authority information is information of the unlocking authority person, the control unit 5 displays a screen for accepting only the cancellation of the account-related business process, and when the operation for instructing the cancellation of the account-related business process is performed by the input unit 3 thereby. (S19) The control unit 5 invalidates the business process up to the locked state, erases the information and user ID input so far from the memory 6, releases the lock, and ends the process.
As a result, the operator terminal 1 can be used by other operators.

  According to the embodiment described above, even if the operator who is the user leaves the seat while using the operator terminal and the operator terminal is automatically locked, the authority to unlock other than the operator is granted. If the authorized person who has entered the identification information and it is confirmed that it is the unlocking authorized person from the identification information, it is possible to unlock so that other operators can use the operator terminal, It is possible to minimize the occurrence of troubles in business.

  In addition, if the person who unlocks is the unlocking authority, only the cancel operation of the business process performed by the operator who operated the operator terminal before the lock is accepted and the cancel operation is performed. Since the input information is erased from the memory, it is possible to prevent another person from continuing illegally the business processing performed by the operator before locking, and high security can be obtained.

  In the above-described embodiment, only the user ID is stored in the memory 6 at the time of the authentication request, and when the user ID and the password are input after the operator terminal is locked, the authentication server 10 performs authentication, and the operation is qualified by this authentication. If the user ID is confirmed, the user ID input before the lock is compared with the user ID input after the lock. If they match, the lock is released. If they do not match, the authority information management server 20 stores the authority information. Although the search request is made, both the user ID and the password are stored in the memory 6 at the time of the authentication request, and when the user ID and the password are input after the operator terminal is locked, the input user ID and password are not locked If the user ID and password entered in are matched, the lock is released. When a password is entered, authentication is performed by the authentication server 10, and if it is confirmed that the operation is qualified, the authority information management server 20 may be requested to search for authority information. Accordingly, when the operator who is the user before the operator terminal lock returns to the seat, the business process can be immediately resumed.

In the above-described embodiments, the authentication information is the user ID and password. However, biometric information such as an iris, vein pattern, or fingerprint can be used as the authentication information, and the biometric information is combined with the user ID or password. Authentication information can also be used.
In the above-described embodiment, the authority information management server 20 that manages the authority information DB 11 in which the authority information is registered is provided in the center. However, the authority information DB 11 is owned by the office server provided in the normal office. Thus, it is possible to make this branch office server function as the authority information management server 20.

System configuration diagram showing an embodiment Block diagram showing the configuration of the operator terminal 1 The figure which shows the example of the content of the authentication information registered into authentication information DB The figure which shows the example of the content of the authority information registered into authority information DB Flow chart showing the operation of the embodiment Figure showing an example of the authentication information input screen

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Operator terminal 2 Display part 3 Input part 4 Memory | storage part 5 Control part 6 Memory 10 Authentication server 11 Authentication information DB
20 Authority information management server 21 Authority information DB

Claims (6)

An operator terminal jointly used by multiple operators of financial institutions;
An authentication server for authenticating each operator having the operation qualification of the operator terminal and the operation qualification of the operator terminal and the unlocking authority having the authority to release the lock state;
It has an authority information management server that manages authority information of each operator and unlocking authority,
After one operator operates the operator terminal and authenticates with the authentication server, when no operation is performed for a certain period of time while the business process is being executed, no operation other than input of authentication information is accepted. So that the operator terminal is locked,
After the lock, when the authentication information is input at the operator terminal, if the authentication server authenticates the authentication server based on the input authentication information, the authentication information is input after the lock. Based on the authentication information, the authority information management server sends the authority information to the operator terminal, and the operator terminal invalidates the business process up to the locked state when the authority information is information on the unlocking authority person , An operator terminal system which releases a lock state and enables use by another operator . The operator terminal system according to claim 1,
When the authority information from the authority information management server is information on an unlocking authority person, the operator terminal displays a screen for accepting cancellation of a business process executed up to the locked state, and an operation for instructing cancellation When the operation is performed, the operation processing up to the locked state is invalidated . An operator terminal used jointly by a plurality of operators of financial institutions,
In the middle of executing the business process after the operator is authenticated by the authentication server by the authentication information inputted by one operator who performs the business process at the authentication unit as the qualified person having the operation qualification of the apparatus. When no operation is performed for a certain period of time, the lock is set so that no operations other than the input of authentication information are accepted.
After the lock, when the authentication information is input at the input unit, if the authentication server is authenticated based on the input authentication information, the authentication information input after the lock Authority information is acquired from the authority information management server based on this, and if the acquired authority information is information of the unlocking authority person who has the authority to unlock, the business process up to the locked state is invalidated and the locked state is released An operator terminal characterized in that it can be used by other operators. In the operator terminal according to claim 3,
The authentication information is a user ID and password,
The user ID stored at the start of business processing by the one operator and stored in the memory is the user ID.
After the lock, when the user is authenticated by the authentication server based on the user ID and password input at the input unit and is authenticated, the user ID input at the operator terminal after the lock And the user ID stored in the memory, and when they match, the operator terminal releases the locked state so that the business process can be continued. In the operator terminal according to claim 3,
The authentication information is a user ID and password,
Storing the user ID and password entered by the one operator at the start of business processing in a memory;
After the lock, the user ID and password entered in the input unit are collated with the user ID and password stored in the memory, and if they match, the locked state is released so that the business process can be continued. Characteristic operator terminal. In the operator terminal as recited in any one of claims 3 to 5,
When the authority information from the authority information management server is information on the unlocking authority person, a screen for accepting cancellation of the business process executed up to the locked state is displayed, and an operation for instructing cancellation is performed. the operator terminal end, characterized by disabling work process up to the locked state.

Images