JPH04245586A - Ic card issuing system - Google Patents

Abstract

PURPOSE:To provide an IC card issuing system able to improve the security of the terminal equipment of firm banking and so on from the point of the setting of an ID code. CONSTITUTION:In card issue used for the terminal equipment of firm banking and so on to which an IC card 3 in which 2 kinds of ID codes such as the ID code for authority certification and the ID code for individual certification are registered is mounted and to operate under the collation with the ID code inputted from a keyboard 15, the code that the setting of the ID code for authority certification on the issue of the IC card to which the specified processing authority is not given can not be inputted from the keyboard of the terminal equipment is set to the one part of it. Accordingly, however often the keyboard of the terminal equipment of the firm banking and so on is operated and key input is tried, the codes for authority certification is not coincident and a CE and so on can not enter a processing operation important in the operational process of it. Thus, security much higher than heretofore can be secured.

Description

[Detailed description of the invention]

0001

[Industrial Application Field] The present invention relates to an IC card issuance system, and more specifically, an improvement to a PIN code setting method for a firm banking terminal that can prevent abuse or erroneous operation by maintenance personnel of the firm banking terminal. Regarding.

0002

[Prior Art] In financial institutions such as banks, a large number of terminal devices are installed inside the store, and these terminal devices are connected to a large central computer, and these terminals are used to make deposits, withdrawals, transfers, transfers, and inquiries about savings balances. Various business processes are being carried out. The terminal device used in this case is generally a terminal device (workstation) using a general-purpose personal computer.

[0003] Furthermore, due to its miniaturization, small terminal devices called firm banking terminal devices that use general lines can be used in relatively demarcated areas such as corporate departments, departments, homes, and store fronts of various financial institutions. This terminal device is installed in the terminal device, and the terminal equipment is operated directly by the staff and customers using the IC cards owned by the staff and customers, and it is possible to collect personal information for personnel management, transfer, transfer, advance payment, automatic payment processing, etc. at financial institutions. Computer processing systems that perform balance inquiries, etc. are being put into practical use.

In particular, the latter type of firm banking terminal device is equipped with an IC card and can be operated using its pin code, etc., and in order to improve operability, operations are instructed by menu selection and processing is performed. The process is simpler than normal equipment because of the fact that the result,
If the PIN codes match, various processes can be easily performed, but this system has the disadvantage that it is more susceptible to abuse and erroneous operation than conventional systems.

[0005] Financial terminal devices of this type, such as firm banking, perform certain processes such as processing related to money transfers and transfers, processing related to special data, bulk transmission of data to a host computer, and changing and adding pin codes. Permission is given to authorized persons. Furthermore, this type of terminal device also requires an issuing system for various IC cards, and the issuing task is given to an authorized person. Therefore, IC cards used in firm banking terminals, etc. contain a password for authenticating the authority of an administrator who is specially given the authority to perform important processing as mentioned above, and a password for normal transaction processing and inquiries. Two types of password codes are stored: a password code for personal authentication for the operator who performs the process, and the security key is improved by comparing these codes.

[0006]

[Problems to be Solved by the Invention] By the way, the IC cards used in this type of device are issued by IC card issuers such as banks. There are also IC cards issued to maintenance personnel for equipment maintenance and management. Therefore, the maintenance worker's IC card also has a column for storing the administrator's password. Moreover, the pin code of these IC cards is
It is input from the keyboard of a terminal device such as firm banking, and after the code is verified internally in each IC card, the terminal device such as firm banking performs firm banking processing by menu selection, etc.
Starts various processing operations.

[0007] By the way, conventionally, when a maintenance worker is not given specific authority, a specific code is inserted as dummy data for the password code in the authority authentication password field, and the operation by the maintenance engineer, etc. Register a PIN code for each maintenance worker in the personal authentication PIN code column for each maintenance worker, and the maintenance staff can only use the PIN code set for the individual without informing the maintenance staff of the PIN code for authority authentication. is informed.

[0008] However, in many cases, especially maintenance staff, are outsiders from the perspective of the company where the terminal equipment for firm banking etc. is installed, and moreover, they have more freedom to use firm banking etc. can operate terminal devices. As a result, maintenance personnel may find out the PIN code assigned to the administrator and misuse their own IC card, or they may learn the PIN code for authority authentication for the administrator during the operation process and use it to protect the device. is more likely to be exploited than other systems. Furthermore, there is no guarantee that the password secretly given to the maintenance worker during operation, or the password given to the customer's administrator due to an incorrect input of the password, will coincidentally coincide.

[0009] For this reason, even if a personal identification code is specially provided for the administrator, firm banking terminal devices are more susceptible to unauthorized use and abuse than other systems.

[0010] The present invention solves the problems of the prior art, and provides an IC card issuance system that can improve the security key of terminal devices such as firm banking from the point of view of setting a password code. The purpose is to provide

[0011]

[Means for Solving the Problems] A feature of the IC card issuing system of the present invention to achieve this object is that two types of PIN codes are registered: a PIN code for authority authentication and a PIN code for personal authentication. Regarding the issuance of IC cards that are not granted specific processing authority in the issuance of IC cards used in terminal devices such as firm banking, which operate by checking the pin code entered from the keyboard after the IC card is inserted. The setting of the password for authority authentication is performed by including at least a part of the code that cannot be input from the keyboard of the terminal device.

0012

[Operation] ICs that are not granted specific processing authority in this way
When issuing a card, the PIN code for authority authentication is set so that at least a part of it includes a code that cannot be entered from the keyboard of a terminal device such as firm banking. No matter how many times they operate the keyboard and try to input keys, the codes for authority authentication never match, and maintenance personnel and others are unable to perform important processing operations during the operation process. This makes it possible to secure a higher security key than before.

[0013]

[Embodiment] FIG. 1 is a flowchart of an issuance process showing an embodiment of the IC card issuance method of the present invention, and FIG. 2 is an explanation of an example of setting a PIN code on a memory map in a maintenance worker's IC card. 3 is a block diagram showing the internal configuration of the IC card issuing device, and FIG. 4 is a block diagram showing the internal configuration of the IC card issuing device.
A block diagram of a firm banking terminal device that uses a card, and FIG. 5 is an explanatory diagram of an example of the operation of the firm banking terminal device.

As shown in FIG. 3, the IC card issuing device 10 includes an issuance control unit 1 composed of a so-called computer, an IC card reader/writer 2 connected to the issuance control unit 1, and an IC card reader/writer 2 connected to the issuance control unit 1. It consists of an IC card 3 that is inserted and registered with predetermined information and issued.The IC cards issued at this time include an IC card 3a for customers and an IC card 3b for use by maintenance personnel. In the IC card 3a, a specific code is registered as a code for authority authentication, and this column is a dummy code, and only a PIN code for personal authentication is registered in the PIN code column for personal authentication. There are some settings. Note that the issuance control section 1 includes a processing system having a microprocessor and memory therein, a floppy disk device, a display, a keyboard, and the like.

As shown in FIG. 4, the firm banking terminal device 11 includes a control processing section 12, an IC card reader, and an IC card reader.
It includes a writer 13, a display section 14 such as a liquid crystal, a keyboard section 15, a printer 16, and a communication control section 17 for exchanging data with a host computer using a telephone line or the like.

The operation of the IC card issuing device 10 will be explained according to the process shown in FIG. 1. For example, in accordance with the menu screen, in step 101, a customer card or a maintenance worker card is selected as the issue target. In the case of a customer card, in step 102, the entire area or a predetermined area that can be used by the customer is set by setting a flag in the status area provided inside the IC card.

[0017] In the next step 103, according to the menu screen, information related to the bank's management code, account number, and current balance transaction is registered, and the customer's PIN code is registered to insert the end user's IC card. 3. Perform the issuance registration process. In addition, two PIN codes are set at this time, one for personal authentication and one for authority authentication, and the person giving authority has a code for authority authentication, and if not, a predetermined dummy code is registered there. Ru. These password codes are combinations of numbers or symbols that can be input from the keyboard section 15 of the firm banking terminal device 11. This is usually mainly alphanumeric keys or kana keys.

Here, if the maintenance personnel card side is selected in the determination at step 101, a maintenance personnel card will be issued, but at this time, in step 104, first,
A symbol other than the symbols on the keyboard section 15 of the firm banking terminal device 11 is selected and set as the password for authority authentication. This mainly uses alphanumeric keys and kana keys, so other symbols such as
This is a code that includes "@" or "?" in at least one of the password codes that give authority. Figure 2 shows I for maintenance personnel.
An example of how the password code is stored on the memory map of the C card is shown. In the figure, ID1 is a personal identification code column, and for example, a six-digit code "123476" is assigned. 1D2 is a password code field for authority authentication, and for example, an 8-digit code "@@@@@576" is assigned. Note that since the keyboard of the IC card issuing device 10 is a keyboard normally used in computers, there are more key codes than are assigned to the keys of the keyboard section 15 of the firm banking terminal device 11. Therefore, symbols that are not assigned to the keyboard part of the firm banking terminal device, such as ")" and "^" on the keyboard, and even JI
A process is performed in which a symbol such as "S" such as "▽" or "◎" is included in at least a part of the password for authority authentication.

Next, in step 105, a personal identification code is set. This code is a combination of numbers or symbols that can be entered from the keyboard section 15 of the firm banking terminal device 11 in the same way as the previous customer's card. Then, in the next step 106, selective settings are made regarding the available processing contents according to the work of the maintenance worker. As a result, maintenance personnel can only perform limited processing, and access to customer data can be prohibited. Then, in step 107, the IC
An IC card 3b for maintenance personnel is issued with various information necessary for use of the card written therein.

Among the IC cards issued in this way, the customer's IC card 3a is inserted into the IC card reader/writer 13 of the firm banking terminal device 11, and the IC card is read using the pin code input from the keyboard section 15. Verification is performed within 3a, and when a match between the password codes is detected, the firm banking terminal device 11 enters firm banking processing operation accordingly.

On the other hand, among the IC cards, the maintenance worker's IC card 3b is attached to the IC card reader/writer 13 of the firm banking terminal device 11, and the keyboard section 1
Verification is performed inside the IC card 3b using the password input from 5, and when a match between the passwords is detected, the firm banking terminal device 11 enters the firm banking processing operation accordingly. However, in this case, no matter how many times the keyboard of the firm banking terminal device 11 is operated and key inputs are attempted, the codes for authority authentication do not match, and the maintenance staff enters into an important processing operation that should be performed by an authorized person. I can't. This makes it possible to secure even more security keys than before.

Next, the operation of the firm banking terminal device of the authorized person in this case will be explained with reference to FIG. Note that, similarly to the above, the following operations will be explained based on the processing performed by menu selection input on the screen. first,
In step 111, the administrator is given card issuing authority and inserts the IC card into the firm banking terminal device 1.
1, a password code entry screen appears in step 112, where the operator enters the password assigned to him or her. Therefore, in step 113, the IC card 3
A comparison is performed internally, and if they match, a menu screen for issuing processing is displayed in step 114, and here,
When maintenance processing is selected, a maintenance screen menu appears in step 115. If, for example, a user service that can be set only by an administrator with a specific authority is selected from this screen, a password code input screen given to the administrator in step 116 will be displayed. Here, if you enter the PIN code assigned to you as an authorized person (for this IC card, the PIN code field for authority authentication is set to a code that can be entered from the keyboard 15), the screen will change to the service settings screen. . In this state, changes to user services and additional processing are possible.

As explained above, in the embodiment, an example is given in which the authority authentication code for the card for maintenance personnel is set to a code other than the code that can be input at the firm banking terminal device. A code that cannot be entered at the firm banking terminal device may be assigned to all cards of those who do not have a bank account.

[0024]

[Effects of the Invention] As explained above, in the present invention, when issuing an IC card to which specific processing authority is not granted, the setting of a pin code for authority authentication is performed on the keyboard of a terminal device such as firm banking. Since the code is set so that at least a part of the code is included in the code that cannot be input from the PC, no matter how much you try to input the keys on the keyboard of the terminal device such as firm banking, the authorization authentication code will never match. Therefore, maintenance personnel and the like cannot perform processing operations that are specifically given to authorized persons. This makes it possible to secure even more security keys than before.

[Brief explanation of the drawing]

FIG. 1 is a flowchart of issuance processing showing an embodiment of the IC card issuance method of the present invention.

FIG. 2 is an explanatory diagram of an example of setting a password on a memory map in a maintenance worker's IC card.

FIG. 3 is a block diagram showing the internal configuration of the IC card issuing device.

FIG. 4 is a block diagram of a firm banking terminal device that uses an issued IC card.

FIG. 5 is an explanatory diagram of an example of the operation of the firm banking terminal device. FIG. 2 is a block diagram showing the internal configuration of an IC card issuing device.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1... Issuance control unit, 2, 13... IC card reader/writer, 3... IC card, 3a... IC card for customer, 3b... IC card for maintenance staff, 10... IC card issuing device, 11...
Farm banking terminal device, 12...control processing unit, 14
...display section, 15...keyboard section, 16...printer, 17...transmission control section.

Claims (1)

[Claims] [Claim 1] An IC in which two types of PIN codes are registered: a PIN code for authority authentication and a PIN code for personal authentication.
Regarding the issuance of IC cards for which specific processing authority is not granted in the issuance of IC cards used in terminal devices such as firm banking, which operate based on verification with the pin code entered from the keyboard after the card is inserted, An IC card issuance method characterized in that a password code for authority authentication is set including at least a part of the code that cannot be input from the keyboard of the terminal device.