JPS60243769A - Transaction device - Google Patents

Abstract

PURPOSE:To prevent a key number from leakage by encoding the key number and changing its ciphering process. CONSTITUTION:Plural ciphering programs and deciphering programs are previously formed and stored in a ciphering program storage part 3c and a deciphering program storage part 3d respectively. Credit terminal equipment 3 selects a ciphering program and its keyword and transmits the selected results a key number input device 4, which receives and stores the program in a ciphering program storage part 4d. If a card is inserted into a card reader part 3e and its key number is inputted, a control part 4a starts the ciphering program in accordance with the program stored in the storage part 4c, ciphers the key number and adds the keyword to the ciphered result to transmit the ciphered to the credit terminal equipment 3. The terminal equipment 3 selects the deciphering program to decipher the ciphered key number.

Description

DETAILED DESCRIPTION OF THE INVENTION (a) Technical Field of the Invention The present invention relates to a transaction device that performs transactions using transaction information recorded on a recording medium such as a magnetic card.

In particular, the present invention relates to a transaction device that prevents interception of a personal identification number that proves the ownership of the transaction card.

(b) Background of the technology In recent years, systems that conduct transactions based on transaction information recorded on recording media have become popular, such as receiving bank deposit payments using magnetic cards, purchasing products using credit cards, etc. are doing. Transaction information such as account numbers and transaction conditions are recorded on these cards, and transactions are performed by inserting the card into a transaction device and having the transaction information read, so it goes without saying that they cannot be used by others. In particular, leakage of transaction information when using a card must be particularly avoided. Therefore, when registering a card, the user registers a certain number (PIN number) known only to the user in the card's recording medium, and the PIN number entered by the user when using the card and the PIN number registered on the card. It is verified whether the user is the registered person.

However, there is a possibility that transaction information such as a personal identification number may be leaked between transaction devices, and there is a need for measures to prevent such leakage.

(C) Prior Art and Problems The conventional technology will be explained using a credit system as an example with reference to FIG.

FIG. 1 shows a credit terminal device, in which la is a main control section, Ib is a display section, lc is an input section for inputting transaction information,
ld is a card reading section, and other functional sections are omitted from FIG. 1. Reference numeral 2 denotes a PIN input device connected to the credit terminal device for inputting a PIN number, 2b a PIN input section consisting of a numeric keypad, 2a a register for temporarily storing the input PIN number, and 2C a PIN input device for inputting a PIN number. This is a display section consisting of lamps and the like.

The credit system has the above configuration.

The credit terminal device 1 is installed in the store, and when the operator inserts the card submitted by the user into the card reading section 1d, the credit terminal device 1 reads the transaction information and inputs the PIN number on the display section 2C of the PIN input device 2. Displays waiting status. Subsequently, when the user inputs a password into the password input device 2, the data is temporarily stored in a register and read by the credit terminal device J to determine whether it matches the password read from the card. Here, the password input device 2 is installed at a counter or the like remote from the credit terminal device 1, and a method is adopted in which the password is input so that it cannot be seen by the operator or other users. However, even if the above-mentioned method of concealing transaction information using a PIN number is used, there is a problem that the PIN number may be intercepted between the PIN input means and the terminal device (12), and privacy cannot be completely protected. there were.

(d) Object of the Invention In view of the above drawbacks, the object of the present invention is to provide a transaction device that prevents leakage of a personal identification number in a transaction device that uses a card with transaction information recorded on a recording medium.

(e) Structure of the Invention Therefore, an object of the present invention is to provide an encoding means provided in the input device for encoding the input PIN number, and to decode the PIN code encoded and transmitted by the encoding means. and means for instructing the encoding means and the decoding means corresponding to the encoding to change the encoding method, the transaction device changing the encoding method of the personal identification number transmitted by the change instruction means. It can be achieved.

That is, the present invention prevents the leakage of the PIN number by encoding (hereinafter referred to as encryption) the PIN number input from the PIN input device to the transaction terminal device, and by changing the encoding process. be.

(f) Examples of the invention Embodiments of the present invention will be described below with reference to the drawings.

First, a simple example of the encryption means provided to the password input device will be explained. FIG. 2 is an example of encrypting an input four-digit password by rotating its focus.

Figure 2 a) shows the configuration of the original 4-digit 16-bit signal,
Figure 2b) represents the right rotation of the original signal by 1 bit.
o1 is shifted to the most significant bit, and the other bits are shifted one bit to the right. When this encryption is performed by the PIN input device and sent to the credit card terminal, even if this signal is intercepted, it will not be determined that the signal has been rotated one bit to the right.

The password cannot be easily decoded. Figure 2C
) is the encrypted signal received by the credit terminal device, rotated one bit to the left and restored to the original signal.

For encryption, methods that are more difficult to decipher have been devised.
Even with simple encryption like in this example.

The encryption method cannot be easily deciphered simply by arbitrarily switching between a plurality of encryption methods by changing parameters such as the number of rotation bits and the direction of rotation without fixing the encryption method.

When transmitting the encrypted password from the password input device to the credit terminal device, a method of transmitting a keyword at the same time is useful for preventing leakage of confidential information.

The keyword is one that specifies, for example, a decryption program, and includes the address of the decryption program in the C credit terminal device, the parameter designation of the encryption program, and the like. The credit terminal device calculates the keyword received together with the encrypted password according to a predetermined process, determines the decryption program, and decodes the encoded password.

The present invention prepares a plurality of encryption programs, decryption programs, and keywords necessary for the encryption described above in a credit terminal device, and transmits them at any time, so that a password input device has the encryption programs and keywords, and The system attempts to prevent the PIN number from being intercepted by encrypting it and inputting it into the credit terminal device.

Examples will be described below with reference to the drawings.

Figure 3 is a block diagram showing the configuration of the transaction device of the present invention.
4 is a credit terminal device, 4 is a password input device, and FIG. 4 is a flow chart showing the operation.

In FIG. 3, the configuration of the credit terminal device 3 shows only the portions related to the present invention.

3c is an encryption program storage section that stores a plurality of encryption programs; 3d is a decryption program storage section that stores a program for decoding encrypted signals.

3e is a card reading unit, 3f is a communication control unit that exchanges data with the password input device, 3g is a keyword processing unit that adds a predetermined operation to a keyword and specifies a decoding program, and 3h is a unit that processes transaction information, etc. A display section 3i displays a keyboard input section for inputting transaction information and specifying functions of the device, and a control section 3a controls each of the above-mentioned functional sections using a program stored in a storage section 3b.

3. 4 is a password input section, 4b is a communication control section that exchanges data with the credit terminal device, and 4d is an encrypted program storage section that stores the encrypted program and keywords sent from the credit terminal device. , 4e is a PIN manual input unit for the user to enter the PIN number, 4f is a display unit for issuing PIN input instructions, etc., and 4a is a control unit that controls each of the above functional units by a program stored in the storage unit 4c. be.

The functions of each part of the above-mentioned transaction device, and operation examples and operations for carrying out the present invention, will be explained with reference to FIG. 4. FIG. 4a) shows the procedure for inputting the encryption program into the password input device 4, and FIG. 4b) shows the operation at the time of transaction.

b) A plurality of encryption programs and decryption programs are created in advance and stored in the encryption program storage section 3c and the decryption program storage section 3d, respectively.

(i) When the power of this system is turned on or at any time, the credit terminal device 3 selects an encryption program and a keyword, and transmits them to the password input device 4. The password input device 4 receives the program and stores it in the encrypted program storage section 4d.

The procedure for selecting an encryption program is to input a keyword by the person in charge using the administrator key, or to select the encryption program using the control unit 3 according to the random number table.
Any method such as automatic setting set by a may be used.

c) After the above preparations are completed, the transaction is processed.

When the operator first inserts the customer's card into the card reading section 3e, the card reading section 3e reads transaction information such as a password recorded on the card and instructs the password input device 4 to input the password.

D) The control section 4a of the password input device 4 receives the above input instruction and displays on the display section 4f that it is waiting for input of the password.

e) When the password is input, the control section 4a starts an encryption program according to the program stored in the storage section 4C, encrypts the password, attaches a keyword, and sends it to the credit terminal device 3.

f) The credit terminal device 3 performs an operation on the keyword,
Select and start a decryption program to decrypt the encrypted password. Next, transaction processing such as comparison and verification with the PIN number read from the aforementioned card is performed.

In FIG. 3, storage units 3c and 3d can be included in storage unit 3b, and storage unit 4d can be included in storage unit 4C.

(g) Effects of the Invention According to the embodiments of the present invention, a plurality of encryption programs can be selected at any time and applied to the password input device.

The password input device can prevent the password from being intercepted by encrypting and transmitting the input password.

[Brief explanation of drawings]

FIG. 1 is a block diagram of a conventional transaction device. FIG. 2 is a diagram showing a simple example of encryption. It is. In the diagram 3 is credit terminal device 3c is an encrypted program storage unit 3d is the decoding program storage section 3g is the keyword processing section 4 is a PIN input device 4d is an encrypted program storage unit 4e is the PIN input section It is. Agent □Patent attorney Hiroshi Matsuoka ヰ 1st 2nd ship 1,000 3rd class No. ＋ bile

Claims (1)

[Claims] A transaction device that performs a transaction by comparing password information recorded on a recording medium with a password input from an input device, and a code provided on the input device that encodes the input password. comprising: encoding means, means for decoding the password encoded and transmitted by the encoding means, and means for instructing the encoding means and the decoding means corresponding to the encoding to change the encoding method, A transaction device characterized in that the encoding method of a personal identification number transmitted by a change instruction means is changed.