JPH1196323A - Card system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a card system with which an illegal user can be specified and chased even in the case of illegal use while checking the presence/absence of illegal use or refusing such use at the time point to use a card even when a user does not notice the loosing or stealing of the card. SOLUTION: The data storage part of the card stores face photographic image data, identity designation telephone number and card managing center telephone number. This system is provided with a message transmission/ reception part 104 for transmitting a message for reporting the occupation of the card by automatically dialing the identity designation telephone number read from the data storage part when using the card at a card utilizing terminal 10, card managing center transmission/reception part 106 for inquiring the confirmation of the validity of the card by automatically dialing the card managing center telephone number, and means 105 for storing face photographic image data together with history data for multiple checks after the card is utilized.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a card system that enables purchase of goods and use of various services by using, for example, an IC card. Make it harder to abuse, or even if abuse,
Allows the unauthorized person to be easily tracked, or does not attempt to modify the card or use the card itself, knowing that the unauthorized person is easily tracked by this system Card system.

[0002]

2. Description of the Related Art At present, a credit card or a bank card having a magnetic storage unit generally uses a password for personal identification. In this case, if the unauthorized user obtains or guesses (for example, date of birth) the personal identification number by some means and uses the card, a report of loss or theft from the person in advance is sent to the card management center. Unless the card is used, it cannot prevent unauthorized use, much less if the person himself is not aware of the loss or theft (according to the 1997 survey, the short-term unauthorized use before the (Accounting for 40% of the total), the damage will greatly expand. Neither is there any effective means of tracking the unauthorized user after unauthorized use, and thus the system does not give up any attempt at unauthorized use. In recent years, an IC card has been put to practical use as a card having a larger storage capacity by using an IC memory as a storage unit of the card, but these problems have not been solved.

For example, I used for credit cards and the like
Japanese Patent Application Laid-Open No. 4-271494 discloses a conventional technique of personal authentication for checking whether or not the presented IC card is the presenter's own when using the C card. The face photograph data of the person is stored in the non-volatile memory, and the data stored in the IC card is reproduced on the screen when the IC card is used, so that the face of the IC card holder and the face photograph displayed on the screen are displayed. And a mechanism for performing identity verification by comparison with the above is disclosed. As described above, the face photograph data is recorded in a memory built in the IC card, and when the IC card is used, the face photograph data is displayed on a display device to check with the face of the card user. Other than 271494, JP-A-62-147580 and JP-A-62-1
Also disclosed in JP-A-71088 and JP-A-63-112199.

Further, Japanese Patent Application Laid-Open No. 62-244698 discloses
Japanese Patent Application Laid-Open No. 4-373080 discloses a technique for comparing and identifying the face image data of a card owner (registrant) read from an IC card with the face image data of a card user photographed by a camera using a processing device. ing.

All of these are considered to be more effective in preventing unauthorized use than in the case of using a personal identification number in a situation where a card is used, but the face photograph data has been replaced by an unauthorized user in advance. In such a case, it is invalid unless the property has been previously lost or stolen. You can also easily track and understand fraudsters,
It has not been considered to reimburse the amount of unauthorized use or to inform a person who intends to attempt unauthorized use that the system can be easily tracked, so as to eliminate the attempt to use the unauthorized use itself.

[0006]

With the development and penetration of electronic technology, the emergence of electronic technology technicians or hackers has led to the appearance of counterfeit prepaid cards such as telephone cards, and forgery cases involving cards. News of abuse cases has become more than uncommon. In addition, the tactics are also becoming more sophisticated, and mere use of a personal identification number is extremely insufficient to prevent unauthorized use. It is also conceivable that a person who has illegally obtained an IC card replaces the face photograph data recorded on the IC card with his / her own face photograph and uses it. Nor does it provide an effective means of tracking the fraudulent user.

[0007] Further, with the expansion of the field of use of cards, the types of cards have increased, and the types and number of cards owned by individuals have also increased, so that not all individuals carry their own cards at all times. (For example, some cards are kept at home, etc.), and if you own a large number, you may not be aware for a while that some of them are lost It has become.

[0008] Under such circumstances, one's card may be used by a person other than the person (for example, a family member) without the person's knowledge, or the person may not notice even if the card is lost or stolen. Delay in noticing, or
Even if you notify the card management company after noticing, the card management company will use the card by unauthorized access until the process of invalidating (unusable) the card is completed It is feared that the number of cases will increase.

In other words, in a state where the user is not aware of the loss or theft of the card, the personal identification method using the personal identification number requires the unauthorized user to obtain or guess the personal identification number by some means and use the card. In some cases, the damage is greatly expanded before the person notices, and even if the personal authentication system using face photograph data, the person notices the owner's face photograph data recorded on the illegally obtained card. If a fraudulent person replaces his / her own face photo before using it, the conventional system cannot check the fraudulent use even at the time of use, and after the fraudulent use, the culprit There is no effective way to identify and track

[0010] It is an object of the present invention to solve the above problems.
In other words, even if the person is unaware of loss or theft, the card is checked for unauthorized use at the time of use, or the card is rejected if it is used. An object of the present invention is to provide a card system capable of identifying and tracking unauthorized users.

[0011]

According to the present invention, there is provided a card system for performing personal authentication using a card having a data storage unit.
The telephone number (identified telephone number 22 in FIG. 2) is stored in the data storage unit (see FIG. 2), and is stored in the card using terminal (the authentication terminal device 10 in FIGS. 1 and 3) when the card is used. A means (message transmitting / receiving unit 104 in FIG. 3) for automatically dialing a telephone number (personal designated telephone number 22) read from the data storage unit and transmitting a message indicating that the card is being used is provided. The phone numbers stored in the data storage of the card include
Data corresponding to all or some of the personal identification numbers recorded on the card is included. This prevents a third party from arbitrarily changing to a convenient telephone number.

The present invention also relates to a card-using terminal having a card reading function (see FIG. 1 and FIG. 2), which converts the card registrant's face photograph image data (the face photograph image data 21 in FIG. 2) recorded in the data storage section of the card into a card. In the card system which is read by the authentication terminal device 3) and performs the personal authentication of the card user, the storage device 14 connected to the card usage terminal is used.
(Or a storage device installed at the card management center; not shown)
In addition, the read face photograph data is recorded together with card use history data (for example, card number, card registrant name, use date, use time, use store name, use amount, etc.)
Means for storing (image data storing / retrieval unit 105 in FIG. 3)
Further, in this configuration, the above-mentioned means for automatically dialing the telephone number (person-specified telephone number 22) read from the data storage unit at the time of using the card and transmitting a message notifying that the card is being used is transmitted. It is characterized by being added.

Further, the card use terminal receives a response message indicating whether or not the card can be used from a message receiving device (a mobile phone, a pager, a mobile PC, etc.) for notifying that the card is being used, and uses the card based on the response message. Means for controlling whether or not the above is possible. At this time, the message receiving device is provided with a function of pre-registering a response message and an automatic response function of a pre-registered response message.

[0014]

DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention mainly has the following embodiments. According to a first aspect, in a card system for performing personal authentication using a card having a data storage unit, a card having a telephone number recorded as a personal identification number in the data storage unit of the card and having a card reading function Means is provided for transmitting a message indicating that the card is being used from the use terminal to the telephone number read from the card. As a result, the loss or theft of a card that the user has not noticed can be immediately noticed to the user when the card is illegally used, and the unauthorized use can be prevented on the spot. This can inform the fraudulent user of giving up trying to exploit it.

In a second embodiment, a card system for reading card photographer's face photograph image data recorded in a data storage section of a card from a card using terminal having a card reading function and authenticating the card user is used. Means for recording and accumulating the read face photograph data together with card use history data in a storage device of the card use terminal or a storage device installed in a card management center are provided. As a result, the person who illegally acquired the card can rewrite the face photo data recorded on the card with his / her own face photo data,
Even if the card can be used, the face photograph data of the fraudulent user is recorded and stored in the storage device, so that the fraudulent user can be identified without fail, and this provides a great clue for tracking. By notifying that the system is used, it is possible to give up the unauthorized user to replace it with his / her own face photo data, that is, to give up trying to illegally use the system.

In a third mode, a card use terminal receives a response message indicating whether or not a card can be used from a receiving device for a message indicating that a card is being used, and performs a card use process based on the response message. Has a function of pre-registering a response message and an automatic response function. As a result, a lost or stolen card that the user has not noticed can be immediately noticed when the card is misused,
The unauthorized use can be stopped on the spot, and furthermore, it can be notified that such a system is used, and the unauthorized user can give up trying to make unauthorized use.

(First Embodiment) Hereinafter, a first embodiment of the present invention will be described in detail with reference to the drawings. FIG. 1 is an overall configuration diagram of the card system according to the present embodiment. In FIG. 1, reference numeral 10 denotes an authentication terminal device. The authentication terminal device 10 includes a card reader 12 for reading the contents of a card,
A display device 13 for displaying image data and a storage device 14 for recording processed face photograph image data are connected. The authentication terminal device 10 is connected to a communication line 17 for calling a telephone or a pager 15 and a communication line 18 for inquiring the validity of the used card to a center device 16 of a card company.

FIG. 2 is a diagram showing an example of data contents recorded in advance on an IC card used in a credit card system to which the present invention is applied. As shown in the figure, the storage unit of the IC card 20 stores general information such as name, date of birth, gender, membership number or registration number, expiration date, and personal identification number (password) stored in a normal credit card. In addition to the data items 23, the card system stores, in particular, face photograph image data 21, a telephone number 22 designated by the person, and a telephone number of the center device of the card management company, that is, a card management center telephone number 24. deep. It should be noted that the telephone number 22 specified by the user is made to match the password (password) in the data item 23 or a part of the password (password).

FIG. 3 is a configuration diagram of the authentication terminal device 10 in the card system. As shown in FIG. 1, the authentication terminal device 10 in the present card system includes a card reading control unit 102, an image display control unit 103, a message transmitting / receiving unit 104, and an image data storage / search unit 105.
And a card management center device transmission / reception unit 106, and a CPU 101 that executes various processes and controls the entire device. The card reading control unit 102 has a function of performing control for reading various data contents recorded on the IC card as shown in FIG. Image display control unit 10
Reference numeral 3 has a function of performing control for displaying the face photograph image data 21 of the information read from the IC card on the display device 13.

The message transmitting / receiving unit 104 transmits a message to a device (a mobile phone, a pager, a personal computer, or the like) indicated by the contents of the “person-specified telephone number 22” in the information read from the IC card. And a function of receiving a message from a device indicated by the content of the "person-specified telephone number 22". Image data storage
The search unit 105 has a function of storing the face photograph image data 21 of the information read from the IC card in the storage device 14 and searching from the storage device 14. The card management center device transmitting / receiving unit 106 automatically dials the contents of the “card management center telephone number” in the information read from the IC card to transmit a message to the card management center, It has the function of receiving messages.

FIG. 4 is a flowchart showing a processing procedure of the authentication terminal device in the card system. Next, the operation of the authentication terminal device 10 will be described with reference to FIG. First, various information stored in the IC card 20 by the card reader 12 (face picture image data 21, designated telephone number 22, name, date of birth, gender, member number or registration number, expiration date, password (password) )), Card management center telephone number 2
4 is read and loaded into the authentication terminal device 10 (step 40).

Next, a comparison is made between the personal identification number input by the card user from the keyboard and the touch panel (not shown) and the personal identification number in the information read from the IC card (step 41: first check). ). If the two passwords do not match, for example, a message such as "The password is incorrect. Please re-enter." Is displayed, and even if the password is re-entered a predetermined number of times (for example, three times). If the passwords do not match, the subsequent processing is stopped and processing such as invalidating the IC card is performed. If both passwords match, then the IC
Face photo image data 21 in information read from card 20
Is displayed on the display device 13 (step 42).

With this display, the operator checks the face of the user of the IC card and the face photograph image stored in the IC card and displayed on the display device (second check). If the face of the user of the IC card does not match the face photograph image stored in the IC card, the process is stopped and, for example, an operator performs a measure such as asking the user of the IC card about the situation.

If the face of the user of the IC card matches the face photograph image stored in the IC card, the authentication terminal device 10 then reads the information read from the IC card 20. A message notifying that "IC card is in use" is transmitted to a device (mobile phone, pager, personal computer, or the like) indicated by the content of "person designated telephone number 22" (step 43). The owner (registrant) of the IC card can confirm that the IC card is about to be used now by receiving this message with a mobile phone or a pager (third check). The “person-specified telephone number 22” is used by the registrant of the IC card to register and record the telephone number of his / her mobile phone or pager when the IC card is issued. .

Next, the authentication terminal device 10 uses the “card management center telephone number 24” in the information read from the IC card 20 to “use card validity check” for the center device of the card company. ". The validity of the IC card is checked in the center device of the card company (step 44: fourth check).

If there is no problem in each of the above steps, the authentication terminal device 10 and the operator
A processing procedure for using the card is performed (step 45).
Finally, the authentication terminal device 10 records the IC card use history data together with the face photograph image data in the storage device 14 (step 46). Here, the IC card use history data includes a card number, a card registrant name, a use date, a use time, a store name, a use amount, and the like.

As described above, according to this embodiment,
When using an IC card, a first check with a personal identification number (password), a second check with collation of the face photograph image data displayed on the display device 13 with the actual face of the IC card user, a card with a designated telephone number Since the third check for notifying that the card is in use and the fourth check for the card validity check to the card management center and the quadruple check are performed, the protection effect against unauthorized use is enhanced. In particular, the third check function allows the user to know the use of his / her IC card by another person who is not aware of it at the time of use.

Further, even if an unauthorized user of the card tries to pass the second check using the face photograph image data, the face photograph image data recorded on the IC card is rewritten to his / her own face photograph image data. Since the face photograph image data of the user is recorded and remains in the storage device 14 (FIG. 4).
(See step 46)), the tracking of the unauthorized user (the culprit) is facilitated, and the effect of suppressing the forgery of the face photograph image data is thereby generated.

Further, in order to allow the unauthorized user of the card to pass through the third check of the card busy notification by the designated telephone number, the telephone number recorded on the IC card is changed to a telephone number convenient for the unauthorized user ( For example, even if it is rewritten to the unauthorized user's mobile phone number), according to the present card system, the phone number recorded on the IC card is used as a personal identification number (password) or a part thereof. Guarded by a first check by number (see step 41).

In the above embodiment, an example in which an IC card is used has been described. However, any card having an information storage unit such as an optical memory card other than the IC card may be used. Further, the card reader 12 may be a contact type or a non-contact type. Further, the device that receives the message during use of the card is not limited to the telephone or pager described in the present embodiment, but may be a personal computer (particularly a portable personal computer) that can be connected to a network.

(Second Embodiment) In a second embodiment of the present invention, the authentication terminal device of the first embodiment of the present invention is provided with a device such as a mobile phone or a pager of the IC card owner. And a function for sending a message for inquiring whether the IC card can be used and receiving a response to the message.

FIG. 5 is a flowchart showing a processing procedure of the authentication terminal device according to the second embodiment of the present invention.
In the figure, the steps from “IC card reading” in step 50 to “face photo data display” in step 52 are exactly the same as those in the first embodiment described above, and the first check and the second check are performed by these processes. Is performed.

In the step 43 of the first embodiment described above, only the message "IC card in use" is transmitted to the device indicated by the content of the "personal designated telephone number 22". In step 53 of the example, instead of the message "IC card in use", an "inquiry message as to whether IC card can be used" is transmitted. In a receiving device such as a mobile phone or a pager that has received this inquiry message, the message receiver transmits a response message of “usable” or “unusable” from the receiving device. Then, the authentication terminal device receives this response message (usable or unusable) (step 54), and controls whether to permit or reject the card use process based on the content (third check). .

That is, when the authentication terminal device receives the response message of “use prohibited”, it halts the card use process at that time. To continue. The processing after the "card validity check (fourth check)" in step 55 (steps 55 to 57) is exactly the same as the processing after step 44 (steps 44 to 46) in the first embodiment.

When a receiving device such as a mobile phone or a pager for realizing the second embodiment receives an "inquiry message as to whether or not the IC card can be used" from the authentication terminal device 10, the receiver receives the message. A function of transmitting a response message of “usable” or “unavailable” from the receiving device is provided. This response message is registered in advance by the card holder (registrant) in the message receiver as either “usable” or “unusable”, and automatically responds when the inquiry message is received. You may do it. Similarly to the first embodiment, the receiving device in the second embodiment can be realized by a telephone, a pager, a network-connectable personal computer (especially a portable personal computer) or the like having an automatic answering function.

In the first embodiment, although the use of an IC card by another person who is not aware of the use of the IC card can be known at the time of use, the use of the IC card cannot be prevented. In the second embodiment, the use in that case can be prevented. In addition, by using the response pre-registration function, it is normally registered as “use prohibited”, and only when the user himself / herself uses the IC card, the response is registered as “usable” so that IC can be used.
The security against unauthorized use of the card is improved, and the trouble of the response when the user is used can be reduced. The pre-registration of responses and the automatic response function do not require that the user always carry a message receiver.

Further, in the above embodiment, the "card management center telephone number 24" is stored in the IC card 20, but the authentication terminal device 10 has means for identifying the type of the card, And a correspondence table of the center device telephone number of the card management company, and when the IC card is used, the type of the card is identified, and the center device of the corresponding card management company is automatically dialed. Inquiry of "in-use card validity check" may be performed.

In the above embodiment, the IC card use history data and the face photograph image data are used together with the authentication terminal device 10.
Is stored in the storage device 14 (see step 46 in FIG. 4 and step 57 in FIG. 5), but may be stored in the center device of the card management company. In the first and second embodiments, the credit card system using an IC card has been described. However, the present invention is not limited to the credit card system, but may be an electronic money system using an IC card, an electronic money system, or the like. It is also applicable to personal authentication in a decision making system or the like.

Further, in the first and second embodiments,
First check (PIN check) → Second check (Face photo image data display check) → Third check (First embodiment; Confirmation of use for personal designated telephone number, Second embodiment) The case where the check is performed in the order of the use availability inquiry / response message reception → the fourth check (card validity check) has been described. However, this order is only an example, and for example, the above check is performed. Change the order from 3rd check → 1st check → 2nd check → 4th check, or
The order may be the third check → the fourth check → the first check → the second check, or may be another order.

[0040]

According to the present invention, the authentication terminal device at the time of use of the card is provided with a quadruple check function, so that it is possible to provide a card system which is highly secure against unauthorized use of the card. Even if an unauthorized user slips through each individual check, the unauthorized user can be tracked, and the card has an effect of preventing unauthorized use of the card and prevention of forgery.

[Brief description of the drawings]

FIG. 1 is an overall configuration diagram of a card system of the present invention.

FIG. 2 is a diagram showing a content example of information stored in a card used in the present invention.

FIG. 3 is a configuration diagram of an authentication terminal device used in the card system of the present invention.

FIG. 4 is a flowchart showing a processing procedure according to the first embodiment of the present invention.

FIG. 5 is a flowchart illustrating a processing procedure according to a second embodiment of the present invention.

[Explanation of symbols]

 10: Authentication terminal device (card use terminal) 12: Card reader 13: Display device 14: Storage device 15: Telephone or pager 16: Card company center device 17: Communication line 18: Communication line 20: IC card 21: Face photograph image data 22: Designated telephone number 23: General data item 24: Card management center telephone number 101: CPU 102: Card reading control unit 103: Image display control unit 104: Message transmitting / receiving unit 105: Image data storage / Search unit 106: Card management center device transmission / reception unit

Claims (6)

[Claims] 1. A card system for performing personal authentication using a card having a data storage unit, wherein a telephone number is stored in a data storage unit of the card, and a card use terminal stores the telephone number when the card is used. A card system comprising means for automatically dialing a telephone number read from a data storage section of a card and transmitting a message indicating that the card is being used. 2. A card system for reading face photograph image data of a card registrant recorded in a data storage section of the card with a card use terminal having a card reading function and performing card user identity authentication. A card system, comprising means for recording and accumulating the read face photo data together with card usage history data in a storage device of a terminal or a storage device installed in a card management center. 3. The card system according to claim 2, wherein a telephone number is further stored in the data storage section of the card, and the card usage terminal reads the telephone number from the data storage section of the card when the card is used. A card system comprising means for automatically dialing a telephone number and transmitting a message indicating that a card is being used. 4. The card system according to claim 1, wherein the telephone number stored in the data storage unit of the card corresponds to all or a part of the password recorded on the card. A card system comprising data to be processed. 5. The card system according to claim 1, wherein the card use terminal determines whether or not the card is transmitted from a receiving device that has received a message indicating that the card is being used. A card system for performing, comprising: means for receiving a response message and controlling whether or not to use the card based on the response message. 6. The card system according to claim 5, wherein the message receiving device has a function of pre-registering a response message and an automatic response function of a pre-registered response message.