JP7044733B2 - Card processing equipment, card processing system, card processing method, and card processing program - Google Patents

Description

The present invention relates to a card processing device that processes received cards, a card processing system that processes accepted cards, a card processing method, and a card processing program.

Conventionally, various types of cards have been used. Examples of such a card include a medical examination ticket used at a medical institution, a membership card indicating that the member is a member of various stores, a credit card used when paying money at the medical institution, the store, and the like. Such cards store information used to identify the owner of the card, information used to pay money, etc., depending on the intended use, such as inserting the card into a reading device or inserting it into a reading device. This information is automatically read by holding it over. In particular, since the information used for payment of money is important information for the user, techniques for handling this kind of information have been studied (for example, Patent Documents 1 and 2).

Patent Document 1 describes a patient information management system that manages information about a patient in a medical institution such as a hospital. This patient information management system is installed in a medical institution or the like and is configured to include a payment device used for payment of medical expenses and the like. When paying medical expenses or the like using a credit card, the payment device inquires, for example, an external payment server whether or not the credit card can be used.

Patent Document 2 describes a credit payment system with improved security in credit payment using a credit card. In this credit payment system, the card reader reads the recognition information recorded on the credit card, and when the recognition information is transmitted via the network, it is encrypted with a predetermined encryption key information.

Japanese Unexamined Patent Publication No. 2017-151732 Japanese Unexamined Patent Publication No. 2013-84032

Here, when the user uses the card, he / she may use the card according to the situation at that time, but the wrong card may be inserted into the reading device or held over. In such cases, the information used to pay money may be read when the information of the cardholder should be read, or the information of the cardholder may be read when the information used to pay money should be read. do. If such erroneous information is read, the information may be misused and the user may suffer a disadvantage. The techniques described in Patent Documents 1 and 2 are not supposed to handle information when the information of an erroneous card is read in a situation where there are a wide variety of cards, and there is room for improvement.

Therefore, a card processing device, a card processing system, a card processing method, and a program for the card processing device capable of appropriately handling the information stored in the card are required.

The characteristic configuration of the card processing device according to the present invention is a card processing device that processes a received card, which is a received card, and includes a card information acquisition unit that acquires card information stored in the received card. Based on the specific unit that specifies the type of the accepted card from the card information, the type information acquisition unit that acquires the type information indicating the type of the card to be accepted, and the type of the accepted card and the type information. A processing setting unit that switches processing for the card information and a processing unit that executes processing for the card information based on the processing information switched by the processing setting unit are provided, and the type of the card to be accepted is When the type of the card whose card information should not be encrypted and the type of the accepted card is the type of the card to be encrypted, the processing unit has the card information acquired by the card information acquisition unit. Is at the point of erasing.

With such a feature configuration, it is possible to switch the processing for the card information based on the type of the card acquired by the card information acquisition unit and the type of the card to be accepted. Therefore, for example, when the acquired card information such as a medical examination ticket is not encrypted, and when the card information requiring encryption such as the credit card information is received, the card information is deleted or the card information is received. By switching the processing so as not to spread the card information, it becomes possible to properly handle (protect) the card information.

Further, with such a configuration, it is possible to appropriately execute the processing for the card information.

Further, with such a configuration, when the acquired card information such as a medical examination ticket is not encrypted and the card information requiring encryption such as credit card information is received, the card information is received. Can be erased. Therefore, it is possible to appropriately protect the card information stored in the credit card.

Further, the type of the card to be accepted is the type of the card whose card information should not be encrypted, and the processing unit has received the card when the type of the accepted card is the type of the card to be encrypted. It is preferable to clearly indicate that the card is the type of card to be encrypted.

With such a configuration, when the acquired card information such as a medical examination ticket is not encrypted, and when card information requiring encryption such as credit card information is accepted, the accepted card is encrypted. It can be clearly stated that it is a card to be converted. Therefore, it is possible to inform the user that the card is being used by mistake.

Further, when the type of the card to be accepted is the type of the card whose card information should be encrypted, and the processing unit is the type of the card to which the received card should not be encrypted, the processing unit may use the card type. It is preferable to clearly indicate that the accepted card is the type of the card that should not be encrypted.

With such a configuration, in the case of encrypting card information such as a credit card, for example, when card information that does not need to be encrypted such as a medical examination ticket is accepted, the accepted card should not be encrypted. It can be clearly stated that it is a card. Therefore, it is possible to inform the user that the card is being used by mistake.

Further, an output unit for outputting the card information is further provided, and the processing unit outputs information based on the card information via the output unit based on the type of the received card and the type information. Then it is suitable.

With such a configuration, information based on the card information (for example, encrypted information) is output based on the card type acquired by the card information acquisition unit and the card type information to be accepted. Can be done. Therefore, it is possible to prevent the output of card information that does not match the usage status, so that the card information can be appropriately protected.

Further, the feature configuration of the card processing system according to the present invention is a card processing system that processes a received card, which is a received card, and obtains card information that acquires card information stored in the received card. The unit, the specific unit that specifies the type of the accepted card from the card information, the type information acquisition unit that acquires the type information indicating the type of the card to be accepted, and the type of the accepted card and the type information. Based on this, a processing setting unit that switches processing for the card information and a processing unit that executes processing for the card information based on the processing information switched by the processing setting unit are provided, and the type of card to be accepted. Is the type of card for which the card information should not be encrypted, and the processing unit has acquired the card information acquisition unit when the type of the accepted card is the type of the card to be encrypted. The point is to erase the card information.

Even with such a card processing system, there is substantially no difference from the above-mentioned card processing device, and it is possible to obtain the same effect as the card processing device.

Further, the characteristic configuration of the card processing method according to the present invention is a card processing method for processing a received card, which is a received card, and is a card information acquisition method for acquiring card information stored in the received card. A step, a specific step for specifying the type of the accepted card from the card information, a type information acquisition step for acquiring the type information indicating the type of the card to be accepted, and the type of the accepted card and the type information. Based on the above, the card type to be accepted includes a switching step for switching the processing for the card information and a processing step for executing the processing for the card information based on the processing information switched in the switching step. If the type of the card whose card information should not be encrypted and the type of the accepted card is the type of the card to be encrypted, the processing step is the card information acquired in the card information acquisition step. Is at the point of erasing.

Even with such a card processing method, there is substantially no difference from the above-mentioned card processing device, and it is possible to obtain the same effect as the card processing device.

Further, the characteristic configuration of the card processing program according to the present invention is a card processing program for causing a computer to process a received card, which is a received card, and the card information stored in the received card is used. The card information acquisition process to be acquired, the specific process of specifying the type of the accepted card from the card information, the type information acquisition process of acquiring the type information indicating the type of the card to be accepted, and the type of the accepted card. It is provided with a switching process for switching the process for the card information based on the type information and an execution process for executing the process for the card information based on the process information switched in the switching process, and should be accepted. The type of the card is the type of the card whose card information should not be encrypted, and the execution process is acquired by the card information acquisition process when the type of the accepted card is the type of the card to be encrypted. The point is to erase the card information.

Even with such a card processing program, there is substantially no difference from the above-mentioned card processing device, and it is possible to obtain the same effect as the card processing device.

It is a figure which shows typically the structure of the card processing apparatus. It is a figure which shows the presence or absence of encryption based on the accepted card and the card which should be accepted. It is a figure which shows the structure of the automatic teller machine schematically. It is a figure which shows the process at the time of accepting a card other than a credit card. It is a figure which shows the process at the time of accepting a credit card. It is a flowchart which shows the reading process of a card information. It is a figure which shows the process in the case of accepting the data written in the free area which does not affect the security in the credit card data which concerns on other embodiments.

1. 1. Card processing device The card processing device according to the present invention is configured to appropriately handle the information stored in the card. Hereinafter, the card processing apparatus 1 of the present embodiment will be described. The card processing device 1 processes the received card, which is the received card. The accepted card is a card in which the information stored in the card (corresponding to "card information" described later) is read in order to use the information stored in the card, and the information is acquired. Such cards include credit cards and cards other than the credit cards (hereinafter referred to as "non-credit cards"). Specific examples of non-credit cards include medical examination tickets and patient IDs issued by medical institutions, membership cards issued by stores, and the like. Such a card is accepted by inserting the card into a card reader 2 (see FIG. 1) that reads information stored in the card, or by holding the card over the card reader 2.

FIG. 1 is a block diagram schematically showing the configuration of the card processing apparatus 1 according to the present embodiment. The card processing device 1 of the present embodiment is configured to include each functional unit of a card information acquisition unit 10, a specific unit 20, a type information acquisition unit 30, a processing setting unit 40, a processing unit 50, and an output unit 60. The functional unit is constructed of hardware, software, or both with a CPU as a core member in order to process the received card described above.

The card information acquisition unit 10 acquires the card information stored in the accepted card. As described above, in the present embodiment, the card is accepted by the card reader 2. Therefore, the card information stored in the accepted card corresponds to the card information stored in the card accepted by the card reader 2. When the card is a credit card, the card information corresponds to, for example, information used when using the credit function (for example, a credit card number, card company information, etc.), and the card is a non-credit card. In this case, for example, information that can identify the owner of the card (for example, an identification number, a date of birth, etc.) corresponds to this. The card information is read by the card reader 2 and transmitted to the card information acquisition unit 10. The card reader 2 may be mounted on the card processing device 1 or may be provided separately from the card processing device 1.

The step of acquiring the card information stored in such a received card is referred to as a card information acquisition step in the card processing method for processing the received card which is the received card. The card information acquired by the card information acquisition unit 10 is transmitted to the specific unit 20 and the processing unit 50, which will be described later.

The specific unit 20 specifies the type of accepted card from the card information. As described above, when the card is a credit card, the card information includes credit card information such as a credit card number. On the other hand, when the card is a non-credit card, the card information includes a number that can identify the owner of the card and the like. Whether or not the card information is a credit card can be determined by the format of the card information. When the format of the card information is that of credit card information, the specific unit 20 specifies that the type of the accepted card in which the card information is stored is a credit card, and the format of the card information is that of credit card information. If not, the type of accepted card in which the card information is stored is specified as a non-credit card.

The step of acquiring the card information stored in such a received card is referred to as a specific step in the card processing method. The specific result by the specific unit 20 is transmitted to the processing setting unit 40, which will be described later.

The type information acquisition unit 30 acquires type information indicating the type of card to be accepted. The card to be accepted is a card that requires the card reader 2 to read the card information in the situation where the owner of the card comes to use the card. Specifically, when the user needs to read the credit card in order to pay money, the card to be accepted is the credit card, and it is not the case when the user accepts medical examinations at a medical institution. It is a credit card. Therefore, the type information indicating the type of the card to be accepted corresponds to the information indicating the credit card or the non-credit card. Here, such a card to be accepted changes depending on the situation of the user such as acceptance and payment. The user's situation can be specified, for example, by the input of the administrator of the host system (not shown) or the card processing device 1, and in the present embodiment, the type information acquisition unit 30 obtains such type information. It is acquired from an input device (not shown) that accepts the input of the administrator of the host system or the card processing device 1.

Such a step of acquiring the type information indicating the type of the card to be accepted is referred to as a type information acquisition step in the card processing method. The type information acquired by the type information acquisition unit 30 is transmitted to the processing setting unit 40, which will be described later.

The processing setting unit 40 sets the processing for the card information based on the type of the received card and the type information. The type of the accepted card is transmitted as a specific result from the above-mentioned specific unit 20. The type information is transmitted from the above-mentioned type information acquisition unit 30. "Setting processing for card information" means, for example, setting an output destination of card information to the outside, or setting instruction information instructing a processing unit 50 to be described later to encrypt card information. That is equivalent.

FIG. 2 shows an example of processing for card information based on the type of accepted card and the type of card to be accepted (type information). When the type of the card to be accepted is the type of the card whose card information should not be encrypted, and the type of the accepted card is the type of the card to be encrypted, the processing setting unit 40 deletes the card information as a process. Set the process. "When the type of card to be accepted is the type of card whose card information should not be encrypted" corresponds to "when the type of card to be accepted is a non-credit card". "When the type of accepted card is the type of card to be encrypted" corresponds to "when the accepted card is a credit card". In this case, a non-credit card should have been used, but the credit card is mistakenly used, and the card information stored in the credit card is read by the card reader 2. Therefore, # in FIG. As shown in 2, the processing setting unit 40 sets the erasing process so that the card information acquired by the card information acquisition unit 10 is erased. In addition to the erasing process, processing (encryption, reduction of the number of digits in the credit number, etc.) may be performed.

Further, when the type of the card to be accepted is the type of the card whose card information should not be encrypted, and the type of the accepted card is the type of the card to be encrypted, the processing setting unit 40 has the accepted card. It is also possible to configure it to set an explicit process that clearly indicates that it is the type of card to be encrypted. That is, the process setting unit 40 is configured to set an explicit process for clearly indicating that a credit card has been used by mistake (for example, giving an error notification) where a non-credit card should have been used. Is also possible (# 3 in FIG. 2).

Further, when the type of the card to be accepted is the type of the card whose card information should be encrypted and the type of the accepted card is the type of the card which should not be encrypted, the processing setting unit 40 performs processing. Set an explicit process that clearly indicates that the accepted card is a type of card that should not be encrypted. "When the type of card to be accepted is the type of card whose card information should be encrypted" corresponds to "when the type of card to be accepted is a credit card". "When the type of accepted card is the type of card that should not be encrypted" corresponds to "when the accepted card is a non-credit card". In this case, the processing setting unit 40 clearly indicates that a credit card should have been used, but a non-credit card was mistakenly used, as shown by # 4 in FIG. Set the process (for example, error notification).

Further, although a credit card should have been used originally, even if a non-credit card is mistakenly used, the card processing device 1 may transmit the acquired card information to the outside. In this case, as shown by # 5 in FIG. 2, the processing setting unit 40 sets the encryption process so that the card information acquired by the card information acquisition unit 10 is encrypted, and further, encryption is performed. External transmission processing (above, processing for setting the output destination of card information to the outside) may be set so as to transmit the card information to the outside.

Further, when the type of the card to be accepted is the type of the card to which the card information should be encrypted and the type of the accepted card is the type of the card to be encrypted, the processing setting unit 40 encrypts as a process. Set the encryption process. "When the type of card to be accepted is the type of card whose card information should be encrypted" corresponds to "when the type of card to be accepted is a credit card". "When the type of accepted card is the type of card to be encrypted" corresponds to "when the accepted card is a credit card". In this case, since the credit card was properly used under the situation where the credit card should be used, the processing setting unit 40 performs the encryption process so that the card information acquired by the card information acquisition unit 10 is encrypted. Set (# 1 in FIG. 2). In this case, the external transmission process (the above-mentioned process of setting the output destination of the card information to the outside) may be set so that the process setting unit 40 transmits the encrypted card information to the outside.

Further, when the type of the card to be accepted is the type of the card whose card information should not be encrypted and the type of the accepted card is the type of the card which should not be encrypted, the processing setting unit 40 encrypts as a process. Set the external transmission process for external transmission without conversion. "When the type of card to be accepted is the type of card whose card information should not be encrypted" corresponds to "when the type of card to be accepted is a non-credit card". "When the type of accepted card is the type of card that should not be encrypted" corresponds to "when the accepted card is a non-credit card". In this case, since the non-credit card was properly used in the situation where the non-credit card should be used, the processing setting unit 40 uses the card information acquired by the card information acquisition unit 10 without encrypting the card information. Set the external transmission process so that it is transmitted to the outside (# 6 in FIG. 2).

The step of setting the processing for the card information based on the type of the received card and the type information is referred to as a processing setting step in the card processing method.

Returning to FIG. 1, in the processing unit 50, the processing set by the processing setting unit 40 is transmitted as processing information from the processing setting unit 40 described above. When the processing unit 40 transmits information indicating the erasing process as processing information, the processing unit 50 erases the card information acquired by the card information acquisition unit 10. Further, when the processing unit 40 transmits information indicating the above explicit processing as processing information, the processing unit 50 clearly indicates, for example, an error notification. In this case, it is also possible to configure the card to be returned to the user as an error notification. Further, when the processing setting unit 40 transmits the instruction information indicating the encryption processing as the processing information, the processing unit 50 encrypts the card information using a predetermined encryption key, and the processing setting unit 40 processes the card information together. When the instruction information indicating the external transmission process is transmitted as information, the output unit 60, which will be described later, is made to transmit the encrypted card information to the outside. Further, the processing unit 50 encrypts the card information when the instruction information indicating the external transmission process is transmitted as the processing information from the processing setting unit 40 without transmitting the instruction information indicating the encryption process. Instead, the output unit 60, which will be described later, is made to transmit the encrypted card information to the outside.

The output unit 60 outputs card information. Card information that has undergone predetermined processing is transmitted from the processing unit 50 described above to the output unit 60. The output unit 60 outputs the card information. In such a case, the processing setting unit 40 may set an output process for outputting information based on the card information via the output unit 60 based on the type and type information of the accepted card. The information based on the card information includes both the encrypted information of the card information and the unencrypted information (that is, the plain text of the card information). By setting such an output process by the process setting unit 40, the output unit 60 can output the card information corresponding to the output process.

2. 2. Automatic Teller Machine The above-mentioned card processing device 1 can be applied to an automated teller machine that automatically conducts transactions. The automatic teller machine corresponds to, for example, a payment machine such as a medical fee payment device of a medical institution, a ticket vending machine, an ATM (automatic teller machine), or the like. FIG. 3 shows a block diagram of a medical fee payment device 3 which is an example of an automated teller machine.

In the example of FIG. 3, the medical fee payment device 3 includes a card information processing device 4 and a terminal 5. The card information processing device 4 includes a card reader 2 and a card processing device 1 (board). The card reader 2 functions as a card reception unit that accepts cards. The card reader 2 not only reads the card information stored in the card, but also functions as a writer for writing the information on the card. When using a credit card as a card, the medical expenses are settled. It also functions as a processing unit. The card reader 2 may include the card processing device 1 as a substrate.

In the example of FIG. 3, the card processing device 1 is mounted on a board, communicates with a card reader 2, and transmits / receives various information. Such communication is performed via the communication unit 71. It is preferable that the communication unit 71 is configured to have the functions of the card information acquisition unit 10 and the output unit 60 of the card processing device 1 described above.

Further, the communication unit 71 sends and receives various information to and from the control unit 72, and the control unit 72 instructs the processing. Therefore, the communication unit 71 functions as the acquisition unit 91. Further, in the present embodiment, the acquisition unit 91 acquires the card information output from the output unit 60 as the output card information. The card information output from the output unit 60 corresponds to credit card information in the case of a credit card, and corresponds to an identification number used to identify a user in the case of a medical examination ticket. The acquisition unit 91 acquires what kind of information the card information output from the output unit 60 is. This information corresponds to the output card information. It is preferable that the control unit 72 includes the functions of the specific unit 20, the type information acquisition unit 30, the processing setting unit 40, and the processing unit 50 of the card processing device 1 described above. When the card reader 2 is mounted on the card processing device 1, the card reader 2 constitutes the acquisition unit 91.

The card processing device 1 is also provided with a storage unit 73. The storage unit 73 stores a credit card format and a card determination program. The credit card format referred to here indicates a credit card data format. The credit card format stores various credit card formats (formats) and is used by the control unit 72 (specific unit 20) when appropriately specifying whether or not the card read by the card reader 2 is a credit card. Will be done. Further, the card determination program is a program used by the control unit 72 (specific unit 20) to specify whether or not the card read by the card reader 2 is a credit card. This card determination program is stored in the storage unit 73 via, for example, an external storage unit (for example, a DVD-ROM, a memory, or the like).

The terminal 5 corresponds to a payment terminal on which the user pays medical expenses. The terminal 5 sends and receives various information via the communication unit 71 and the communication unit 81 of the card processing device 1. The terminal 5 has an operation display unit 82 having a touch panel function, a password input unit 83 for inputting a password when using a credit card, cash and fishing paid when medical expenses are paid in cash. The valuable medium processing unit 84 that manages the above is provided. Each functional unit of the communication unit 81, the operation display unit 82, the password input unit 83, and the valuable medium processing unit 84 is controlled by the control unit 85, and processing related to payment of medical expenses is performed. In addition, instead of the operation display unit 82, it may be configured to provide guidance by voice, or the password input unit 83 may be built in the operation display unit 82.

The medical fee payment device 3 communicates with the medical accounting system 6 provided in the hospital via the communication unit 81, and acquires medical fee information indicating the medical fee of the user who pays the medical fee. Further, the medical fee payment device 3 communicates with the processing center 7 provided inside or outside the hospital via the communication unit 81, and when the user is requested to pay the medical fee by credit card, the medical fee payment device 3 communicates with the processing center 7 provided inside or outside the hospital. Acquire examination result information showing the examination result related to payment by credit card.

Here, it is preferable that the terminal 5 is configured to include an output destination setting unit 92. The output destination setting unit 92 sets an output destination that outputs at least a part of the output card information (for example, encrypted information or only the identification number) according to the type of the card to be accepted. The output card information acquired by the acquisition unit 91 and the type information indicating the type of the card to be accepted are transmitted to the output destination setting unit 92. The output destination corresponds to, for example, the medical accounting system 6 or the processing center 7 described above. When the type of the card to be accepted is a credit card, the output destination setting unit 92 sets the processing center 7 as the output destination of the credit card information among the output card information, and the card to be accepted is a non-credit card. In the case (in the case of a medical examination ticket), the medical accounting system 6 is set as the output destination of the information necessary for identifying the user among the output card information. This makes it possible to prevent unnecessary information from being transmitted to the medical accounting system 6 or the like, for example, in the process of accepting a credit card.

Next, the processing in the medical fee payment device 3 will be described with reference to a flowchart. FIG. 4 shows a flowchart when the card to be accepted is a non-credit card. First, the card reader 2 performs a card acceptance process (step # 101). The card reader 2 reads the information stored in the card, encrypts the card information, and transmits the card information (step # 102).

The encrypted card information (encrypted information) is transmitted to the board (card processing device 1) and received by the communication unit 71 (step # 103). When the board is built in the card reader 2, the card information acquired by the communication unit 71 may be in plain text. The encrypted information received by the communication unit 71 is decrypted by the control unit 72 (step # 104). The control unit 72 specifies the type of the card (accepted card) whose acceptance process has been performed by the card reader 2 from the decrypted card information.

When the type of the accepted card is a credit card (step # 105: Yes), an error notification is transmitted to the control unit 85 of the terminal 5 via the communication unit 71 and the communication unit 81, and the card information is transmitted to another device. Erase without sending to (step # 114). The control unit 85 performs a card return process (step # 115), and ends the process.

In step # 105, if the type of the accepted card is not a credit card (step # 105: No), the card information is transmitted in plain text to the terminal 5 via the communication unit 71 without being encrypted (step # 106). ).

In the terminal 5, the communication unit 81 receives the card information composed of plain text (step # 107). The received card information is transmitted to the control unit 85 of the terminal 5, and the patient number is extracted from the card information (step # 108). In this extraction, a predetermined digit determined for each hospital in the card information is acquired as the patient number. The extracted patient number is transmitted in plain text to the medical accounting system 6 (step # 109).

When the medical accounting system 6 receives the patient number (step # 110), it acquires the payment information of the medical expenses of the patient (user) related to the patient number and transmits it to the terminal 5 (step # 111).

When the terminal 5 acquires payment information from the medical accounting system 6 (step # 112), the terminal 5 performs accounting processing (step # 113), and the user collects the card and ends the processing.

Here, whether or not the credit card is a credit card is specified in step # 105, but since the format of the credit card is unified, it can be easily determined from the card information whether or not the credit card is a credit card. On the other hand, medical examination tickets and membership tickets cannot be judged from the card information because the formats are not unified. Therefore, if the format is a credit card format, it is preferable to specify that it is a credit card, and in other cases, it is preferable to specify that it is not a credit card.

When the card reader 2 is mounted on the card processing device 1, steps # 102 and # 103 may be omitted.

Next, the process when the card to be accepted is a non-credit card will be described with reference to the flowchart of FIG. In this case as well, the card reader 2 first performs the card acceptance process (step # 201). The card reader 2 reads the information stored in the card, encrypts the card information, and transmits it (step # 202).

The encrypted card information (encrypted information) is transmitted to the board (card processing device 1) and received by the communication unit 71 (step # 203). When the board is built in the card reader 2, the card information acquired by the communication unit 71 may be in plain text. The encrypted information received by the communication unit 71 is decrypted by the control unit 72 (step # 204). The control unit 72 specifies the type of the card (accepted card) whose acceptance process has been performed by the card reader 2 from the decrypted card information.

When the type of the accepted card is a credit card (step # 205: Yes), the card information related to the credit card is encrypted (step # 206). This encryption is performed by a predetermined encryption method. On the other hand, when the type of the accepted card is a non-credit card (for example, when it is a medical examination ticket) (step # 205: No), the card information related to the medical examination ticket is encrypted (step # 206). Also at this time, the encryption is performed by the above-mentioned predetermined encryption method.

The control unit 72 transmits the encrypted information to the terminal 5 via the communication unit 71 (step # 207), and the control unit 85 of the terminal 5 receives the encrypted information via the communication unit 81 (step # 207). Step # 209). The control unit 85 transmits the encrypted information to the processing center 7 via the communication unit 81 (step # 210). At this time, the control unit 85 encrypts and transmits by an encryption method different from the above-mentioned predetermined encryption method (encryption method in steps # 202 and # 206).

The processing center 7 combines the received card information. The processing center 7 performs an authorization determination (credit confirmation of the card user) based on the decrypted card information (step # 211), and transmits the authorization determination result to the terminal 5 (step # 212). At this time, the authorization determination result is encrypted and transmitted by an encryption method (encryption method according to step # 210) different from the above-mentioned predetermined encryption method (encryption method in steps # 202 and # 206). ..

When the terminal 5 receives the authorization determination result (step # 213) and the authorization determination result indicates that the credit card is valid (step # 214: Yes), a predetermined payment process (processing center) is performed. 7 and the payment process via communication with the card company) are performed (step # 215), and the process is completed. On the other hand, if the authorization determination result does not indicate that the credit card is valid (step # 214: No), the credit card return process is performed (step # 216), and the process ends.

Although it was shown in step # 205 to specify whether or not it is a credit card, the card information decrypted in # 204 is encrypted by a predetermined encryption method without performing the processing of # 205. You may (step # 206).

Further, although it is shown that the authorization determination of the credit card is performed at the processing center 7, it is also possible to configure the terminal 5 to perform the authorization determination.

Further, in step # 205, when the type of the accepted card is a non-credit card (for example, when it is a medical examination ticket) (step # 205: No), the card information related to the medical examination ticket is not encrypted. It is also possible to configure the card to be returned (step # 216).

When the card reader 2 is mounted on the card processing device 1, steps # 202 and # 203 may be omitted.

3. 3. Card Information Reading Process In the card processing device 1 and the automatic teller machine, the card information is read by the card reader 2 and transmitted to the card information acquisition unit 10. Here, the process of reading the card information will be described.

Conventionally, a card reader is used in which the part for reading the information (card information) stored in the IC chip built in the card and the part for reading the information (card information) stored via the magnetic stripe are different from each other. It has been. In this type of card reader, the information stored in the IC chip is read by inserting the card into the card slot, and the information stored via the magnetic stripe is read by sliding the card into the magnetic reading unit.

On the other hand, in transactions by credit card, fallback processing is possible. The fallback process is a magnetic credit settlement when the IC chip is built into the credit card, but the IC chip data cannot be read for some reason, such as damage to the IC chip or damage to the IC chip reader. It is a process to perform. When making a transaction with a credit card at a store, if fallback processing is permitted, if the credit card is returned from the card slot due to the fact that the IC chip is not embedded in the credit card, the return will be made. Slide the credit card to the magnetic reader again to read the card information via the magnetic stripe and make a credit payment.

In general, it is not easy to determine whether a card has an IC chip, so it is usually necessary to first read the IC chip in the card slot, and the card inserted in the card slot. If the IC chip is not mounted on the machine, the magnetic reading process must be performed by the magnetic reading unit. In such a case, since the credit card reading operation is performed twice, it is troublesome for the user and the processing related to the transaction becomes complicated. In addition, the time required for the transaction increases by the amount of the operation time.

Therefore, when the card reader 2 reads the card information in the card processing device 1 or the automatic transaction device described above, the IC chip can be read and the magnetic stripe can be read by the user in one reading operation. It is preferable to configure it as such. Specifically, the card reader 2 is configured to once read the card information magnetically stored via the magnetic stripe, and immediately after this reading, read the card information stored in the IC chip. Of course, it is also possible to configure the card information stored by magnetism and the card information stored in the IC chip to be read at the same time. With such a configuration, when the card information is read from the IC chip (for example, when the card information acquisition unit 10 acquires the card information stored in the IC chip), a transaction (card) is made based on the card information. If the card information cannot be read from the IC chip (for example, if the card information acquisition unit 10 does not acquire the card information stored in the IC chip), a transaction (card payment) is performed using magnetic information. ) Can be performed.

This eliminates the need for the user to read the credit card twice, even if the user uses a magnetic-only credit card (a credit card that does not have an IC chip built-in). Only one reading process is required), the user's operation and transaction-related processing can be simplified, and the user's erroneous operation and operation time can be prevented from becoming long.

Even when making a card payment using the card information stored in the IC chip, the card information read through the magnetic stripe is illegal, for example, by performing the matching process with the card information read via the magnetic stripe. It is also possible to check if it has been rewritten to.

In order to realize the above configuration, it is preferable to use a so-called self-propelled card reader configured so that the user automatically reads the card information by inserting the card into the reading unit provided in the card reader 2. .. Specifically, it is preferable to use a card reader 2 that can read the card information stored in the IC chip and the card information magnetically stored via the magnetic stripe just by inserting the card in the reading unit.

FIG. 6 is a flowchart showing the process of the above configuration. First, a guide is given to insert a credit card in the reading unit of the card reader (self-propelled card reader) 2 via voice or display on the operation screen (step # 301). The card reader 2 performs a process of reading the card information stored in the IC chip of the credit card inserted in the reading unit and the card information stored magnetically (step # 302).

If the information used for credit payment (credit card information) can be read via the IC chip (step # 303: Yes), the IC chip will be used as described in the card processing device 1 and the automated teller machine. Based on the stored card information, payment processing by credit card is performed (step # 304), and the card is returned (step # 306). On the other hand, if the information used for credit payment (credit card information) cannot be read via the IC chip (step # 303: No), the card information stored magnetically via the magnetic stripe is read. Payment processing by credit card is performed based on the card information (step # 305), and the card is returned (step # 306). By performing the processing according to the above flow, the above-mentioned configuration can be realized.

4. Other Embodiments In the above embodiment, the card processing device 1 includes each functional unit of a card information acquisition unit 10, a specific unit 20, a type information acquisition unit 30, a processing setting unit 40, a processing unit 50, and an output unit 60. Although it has been described as being configured, it is also possible to configure each of these functional units by dividing them into a plurality of devices. In such a case, it can be realized as a card processing system including each functional unit of the card information acquisition unit 10, the specific unit 20, the type information acquisition unit 30, the processing setting unit 40, the processing unit 50, and the output unit 60. Since the configuration of each functional unit is the same as that of the card processing device 1, the description thereof will be omitted.

In the above embodiment, the card processing device 1 and the card processing method have been described, but it is also possible to configure the card processing program as a card processing program for causing a computer to process a received card which is a received card. In such a card processing program, the card information acquisition unit 10, the specific unit 20, the type information acquisition unit 30, and the processing setting unit 40 of the card processing device 1 are subjected to card information acquisition processing, specific processing, and type information acquisition processing, respectively. By performing the processing setting processing, it is possible to obtain the same effect as the card processing device 1 without being substantially different from the above-mentioned card processing device 1.

In the above embodiment, the card processing device 1 has been described as being configured to include each functional unit of the card information acquisition unit 10, the specific unit 20, the type information acquisition unit 30, and the processing setting unit 40. It can be said that the device 1 includes a card information acquisition unit 10, a specific unit 20, and a determination unit. Since the card information acquisition unit 10 and the specific unit 20 are the same as those in the above embodiment, the description thereof will be omitted. The determination unit is configured to be able to determine whether to continue the transaction with the accepted card based on the type of the accepted card, and to determine whether to continue the transaction for at least two types of cards. At least two types of cards are credit cards and non-credit cards (eg, medical examination tickets). As described above, the card processing device 1 determines that if the accepted card is a credit card, for example, payment processing of medical expenses is performed, and if the accepted card is a non-credit card, medical treatment is performed. Judgment to perform the consultation process. In this way, it is also possible to paraphrase the card processing device 1.

In the above embodiment, a "credit card" has been described as an example of "a card whose card information should be encrypted", but this is just an example, and may be, for example, a "My Number card". .. In such a case, the information stored in the My Number card (IC chip) can be appropriately protected. Of course, it can also be applied to cards other than these as "cards whose card information should be encrypted".

In the above embodiment, the non-credit card has been described by taking a medical examination ticket as an example, but other membership cards may be used. It is also assumed that a credit card will be used as a membership card (membership card). In this case, it is advisable to encrypt and handle the card information (credit number, etc.) stored in the credit card and authenticate whether or not the member is a member.

In the above embodiment, the processing in the medical fee payment device 3 has been described with reference to the flowchart of FIG. Here, there is an area (free area) that can be used by member stores and card issuers in the storage area of the IC chip of the credit card, and a number that can identify the owner of the credit card can be written in the free area. It has become. This identifiable number can be treated as card information stored on a non-credit card.

FIG. 7 shows a flowchart showing the processing in such a case. Here, only the processing different from that of FIG. 4 will be described. In step # 105 of FIG. 7, when the type of the accepted card is a credit card (step # 105: Yes), whether or not the identifiable information is recorded in the free area by the specific unit 20. Confirm (step # 150). When identifiable information is recorded in the free area (step # 150: Yes), the information (card information) is not encrypted and is sent to the control unit 85 of the terminal 5 as in the case of non-credit card data. It is transmitted as plain text (step # 151). When the control unit 85 receives the plaintext (step # 152), the control unit 85 performs a predetermined member service (step # 153), and ends the process. On the other hand, if no identifiable information is recorded in the free area (step # 150: No), the process is continued from step # 114. The information to be encrypted (information stored outside the free area) may be encrypted and transmitted to the control unit 85 of the terminal 5 according to the flowchart shown in FIG.

In the above embodiment, the card processing device 1 has been described by giving an example of applying it to an automated teller machine that pays medical expenses using a medical examination ticket. It is also possible to apply.

The processing in the above embodiment can also be configured to perform processing that reduces the amount of information on the card information.

The present invention can be used in a card processing device that processes received cards, a card processing system that processes accepted cards, a card processing method, and a card processing program.

1: Card processing device 2: Card reader (card reception)
3: Medical fee payment device (automated teller machine)
10: Card information acquisition unit 20: Specific unit 30: Type information acquisition unit 40: Processing setting unit 60: Output unit 91: Acquisition unit 92: Output destination setting unit

Claims (7)

It is a card processing device that processes accepted cards that are accepted cards.
The card information acquisition unit that acquires the card information stored in the accepted card, and
A specific part that identifies the type of the accepted card from the card information,
The type information acquisition unit that acquires type information indicating the type of card to be accepted, and
A processing setting unit that switches the processing for the card information based on the type of the received card and the type information, and
A processing unit that executes processing for the card information based on the processing information switched by the processing setting unit is provided.
The type of card to be accepted is the type of card whose card information should not be encrypted.
The processing unit is a card processing device that erases the card information acquired by the card information acquisition unit when the type of the accepted card is the type of the card to be encrypted. The type of card to be accepted is the type of card whose card information should not be encrypted.
The card processing apparatus according to claim 1, wherein when the type of the received card is the type of the card to be encrypted, the processing unit clearly indicates that the received card is the type of the card to be encrypted. .. The type of card to be accepted is the type of card to which the card information should be encrypted.
The processing unit according to claim 1 or 2, wherein when the type of the received card is the type of the card that should not be encrypted, the processing unit clearly indicates that the received card is the type of the card that should not be encrypted. Card processing equipment. Further equipped with an output unit for outputting the card information,
The item according to any one of claims 1 to 3, wherein the processing unit outputs information based on the card information based on the type of the received card and the type information via the output unit. Card processing device. It is a card processing system that processes accepted cards that are accepted cards.
The card information acquisition unit that acquires the card information stored in the accepted card, and
A specific part that identifies the type of the accepted card from the card information,
The type information acquisition unit that acquires type information indicating the type of card to be accepted, and
A processing setting unit that switches the processing for the card information based on the type of the received card and the type information, and
A processing unit that executes processing for the card information based on the processing information switched by the processing setting unit is provided.
The type of card to be accepted is the type of card whose card information should not be encrypted.
The processing unit is a card processing system that erases the card information acquired by the card information acquisition unit when the type of the accepted card is the type of the card to be encrypted. It is a card processing method in which a computer processes the accepted card, which is the accepted card.
The card information acquisition step for acquiring the card information stored in the accepted card, and
A specific step to specify the type of the accepted card from the card information,
Type information acquisition step to acquire type information indicating the type of card to be accepted,
A switching step for switching the processing for the card information based on the type of the received card and the type information, and
A processing step for executing processing for the card information based on the processing information switched in the switching step is provided.
The type of card to be accepted is the type of card whose card information should not be encrypted.
The processing step is a card processing method for erasing the card information acquired in the card information acquisition step when the type of the accepted card is the type of the card to be encrypted. It is a card processing program for making a computer execute the processing of the accepted card, which is the accepted card.
The card information acquisition process for acquiring the card information stored in the accepted card, and
Specific processing to specify the type of the accepted card from the card information,
Type information acquisition process to acquire type information indicating the type of card to be accepted,
A switching process for switching the process for the card information based on the type of the accepted card and the type information, and
An execution process for executing a process for the card information based on the process information switched in the switching process is provided.
The type of card to be accepted is the type of card whose card information should not be encrypted.
The execution process is a card processing program that erases the card information acquired by the card information acquisition process when the type of the accepted card is the type of the card to be encrypted.

Images