JPS62249275A - Transaction system by transaction media - Google Patents

Abstract

PURPOSE:To prevent access to a password number in an IC card by another person and to prevent an unfair transaction by deleting password number information in an IC card after a predetermined time elapses or after the transaction is completed. CONSTITUTION:An IC card has a function to delete personal recognizing information of a password number, etc., with the card itself automatically after a constant time passes. At present, in 15-30min before the starting of a transaction, a password number is inputted from an input part 20 of the IC card. Then, excluding a part of a non-volatile memory in a RAM 23 in the IC card, a memory is cleared and a hardware is reset. When four digits of the password number are inputted, the password number is written into a password number registering area 23A. Thereafter,, an internal time counter 23B is cleared and counting is started. After a password number input, when a prescribed time is reached, an MPU 22 clears the password number registering area 23A.

Description

[Detailed Description of the Invention] [Industrial Application Field] The present invention relates to a transaction system for cash transactions using cards such as cash cards and credit cards, and particularly to a transaction system that is convenient and crime-proof. Regarding.

[Prior art]

In a transaction method using this type of card, there is a technique disclosed in Japanese Patent Application Laid-open No. 123070/1983 that improves security. With this technology, when requesting an agent to process a transaction, the transaction person sets a temporary PIN number in the card's memory using a data entry machine, informs the agent of the temporary PIN number, and then enters the PIN number. The transaction is processed on behalf of the client.

However, no consideration is given to the handling of temporary PIN numbers after transactions are processed on behalf of the user, and this may pose a problem in terms of crime prevention. That is, in the conventional example, after one proxy transaction is completed, the transaction person who is the client instructs the card to confirm the proxy transaction using a computer or the like.

The transaction results in the transaction result storage area of the RAM in the card
It is structured so that it can be read by RT, etc.

In principle, it is not advisable for a card to be handed over to someone other than the cardholder, as there is a possibility that an agent or a third party could illegally read the information on the card using a computer if a transaction is requested or the card is lost. It's something that doesn't exist. In addition, in the conventional case, if the card is in the agent mode and the temporary PIN is leaked from one agent to a third party and used fraudulently by the third party, the third party also becomes the agent. Since transactions can be made in confession mode, even if it is temporary, it still has the function of a PIN number, and it is still not desirable for crime prevention to transmit the temporary PIN number to others.

[Problem that the invention seeks to solve]

The above-mentioned conventional technology does not take into account fraudulent transactions when the card is separated from the cardholder, and even if the card is handed over to a third party, the cardholder's personal authentication information remains. There was a problem with safety.

In view of the above drawbacks, the present invention aims to:
A card system, a transaction system that uses IC cards, has excellent reliability and safety. The goal is to develop a transaction method that can prevent fraudulent transactions.

[Means for solving problems]

The above objective can be achieved according to K by configuring the IC card itself to be configured such that a temporary PIN number is input and registered from the input section and the IC card itself can automatically erase the registered PIN number after a predetermined procedure has been completed. be done.

A specific example of "after the prescribed procedure has passed" is "after a certain period of time". In this case, the fixed time period is set so that the card can only exist as a valid card within a short period of time with sufficient security compared to the amount of time a third party would spend committing fraud. Equipped with invalidation function.

Another specific example of after the predetermined procedure has passed is "after the card transaction is completed". In this case, the card itself has a function to immediately deactivate the card by erasing the PIN upon completion of the transaction, and even after the card is deactivated, it can be restored as a valid card at any time if the owner of the IC card is the same person. It has a function.

In the case of someone else, the above-mentioned purpose can be achieved by providing a function that prevents the card from being restored to a valid card.

[Effect]

A password as personal authentication information is input from the input section provided on the IC card. As a result, the password is registered in the nonvolatile memory of the IC card.

The control unit of the IC card monitors the procedure, and after a certain period of time or when the transaction with the transaction device is completed, the PIN information in the nonvolatile memory is automatically erased by the IC card itself. This prevents others from knowing the personal identification number directly from the IC card, thereby preventing fraudulent transactions.

[Embodiments of the invention]

An embodiment of the present invention will be described below in detail with reference to the drawings. FIG. 1 shows an external front view of an automatic cash dispensing device showing one embodiment of the card system of the present invention, and in FIG. 6, l indicates the main body of the device.

2 is a handling display unit that displays the handling status of the device; 3 is a card insertion unit 0 for importing an IC card as a handling medium;
．． 4 is a cash dispensing unit 0.5 is an operation unit consisting of a plurality of operation keys, 6 is a display unit consisting of a display means such as a CRT for displaying customer operation guidance, etc., and 7 is a front opening for use during maintenance and inspection. Door part that can be done.

8 is an axle that supports the main body of the device.

FIG. 2 shows a control block diagram of the transaction device of FIG. 1, and since the same reference numerals are used for the same parts as in FIG. 1, redundant explanation will be omitted. In the figure, reference numeral 9 denotes a card slip unit that transports the IC card, reads the stored contents of the IC card, writes output information from the processing control unit 11, and issues a statement slip to the customer. Reference numeral 10 denotes a banknote dispensing unit that dispenses cash at the time of a payment transaction. Reference numeral 11 denotes a processing control unit of this transaction device, which inputs information on each block as shown in Figure 1, and also issues commands to each block according to control means of a control program stored in a second storage device 13, which will be described later. It outputs and performs various controls. A first storage device 12 and a second storage device 13 are connected to this processing control unit 11, and specifically, 12 is a readout device,
It is a writable memory (hereinafter referred to as RAM), and 13 is a read-only memory (hereinafter referred to as ROM) that stores programs, various control information, and control constants necessary for performing various controls of this device. be. Reference numeral 14 denotes a line control unit, which controls data transmission and reception between the processing control unit 11 and the center 15, which is a central processing unit that stores all information necessary for customer transaction operations. be. The above configuration has been described in detail for the case where the present invention is applied to an automatic cash dispensing device, but it can also be applied to an automatic teller machine that can also deposit banknotes, so the configuration will be omitted and the description will be given to the automatic cash dispensing device. Also, the case where it is applied to an automatic cash dispensing device will be explained in detail. FIG. 3 shows the configuration of an IC card, which is the gist of the present invention.
6 is an IC card, 17 is a control unit called an IC chip, 18 is a display unit consisting of buttons such as liquid crystal elements,
Reference numerals 19 and 20 are input sections constituted by switches such as thin piezoelectric elements, and 21 is a contact section for transmitting and receiving input/output signals.

FIG. 4 shows a control block diagram of the IC card 170 mainly consisting of the IC chip 17, and 22 is a main control section (hereinafter referred to as
(referred to as MPU), which includes a portion of lower volatile memory 2.
A RAM 23 as an information storage section composed of 3A is connected to a ROM 24 that stores a control program, control constants, and the like. Furthermore, the input sections 19 and 20 and the display section 18. A contact portion 21 is connected to the MPU 221C. All of these are configured to receive commands from the MPU 22 and perform transmission and reception in direction No. 1 as shown in FIG.

The operation of the present invention having the above configuration will be explained based on the operation flowchart of FIG. In FIG. 5, reference numerals 30 refer to the input sections 19 and 20 shown in FIG. 113 described above regarding the IC card used in the present invention. Specifically, it shows an operation for inputting information to a card using a thin key made of a piezoelectric element or the like or an input means such as a touch panel, and will be explained below in numerical order. After a certain period of time, the IC card used in the present invention automatically stores the PIN number etc. on the card itself.
Since it is characterized by having a function to erase personal identification information, input operations to the card after 30 in Figure 5 should be performed within, for example, 15 to 30 minutes before the start of the transaction. This is an essential condition and is intended to prevent fraudulent transactions. The above mentioned time 15-3
0 minutes is not a limitation.

It goes without saying that this can be freely agreed upon between the dealer and the customer, but it is natural that it is better to set the time to the minimum in terms of crime prevention. The owner of the above-mentioned IC card (hereinafter referred to as the card) must use the transaction device IV shown in FIG.
When making a transaction using C, before inserting the card into the card insertion slot 3, insert the IC card 1 shown in FIG.
The input custard key 2OA of the input section 2o of 6 is pressed as 3 of Fig. 5.
When pressed at step 1, the card is initialized at step 32.

Except for some nonvolatile memory in the RAM 23, which will be described later, the memory is cleared to 00 and the hardware is reset, thereby performing a so-called initial recovery. Needless to say, this is done by the MPU 22 shown in FIG. 4 issuing commands to each block. Input section 19 located below the card 16 at 33. Specifically, it is a numeric key from 0 to 9,
By pressing this, for example, four digits in succession, the password is pressed. At this time, a correction key (
(number not shown), it is possible to correct the password during the process. In this embodiment, since it is undesirable for crime prevention to display the password input every time a key is pressed on the display unit 18, no password is displayed at all. In this embodiment, the control program in the ROM 24 is configured so that when the correction key is pressed, the consecutive 4-digit input after the correction key is pressed is determined to be the password, but this is not limited to this embodiment. do not have. At step 34, it is determined whether the password has been completely entered. The password is stored in a key manual data area (not shown) consisting of a plurality of bytes in the RAM 23 shown in FIG. 4 while being shifted each time a key is pressed. When it is determined in step 34 that the four-digit password has been input and completed, the password is retrieved from the key data area mentioned above in step 35 and stored in the RAM.
A password is written in a password registration area 23A K constituted by a non-volatile memory in 23. After that, 3
At step 6, the internal time counter 23B is cleared to 00.

Naturally, this internal time counter 23B is also composed of nonvolatile memory. MPU2 shown in Figure 4
2 has a timer interrupt function by hardware, so the control program stored in the ROM 24 detects that this timer interrupt signal is activated cyclically and creates a timer in software. The value of the internal time counter 23B is set to 37 every time.
As shown below, <+i is added. This internal time counter 2
It goes without saying that 3B is composed of multiple bytes so that it can hold for a long time of 5 hours. At step 38, the value of the internal time counter 23B is determined, and it is determined whether a certain period of time has elapsed since the password was input. For example, if the elapsed time is set to 20 minutes, 2
Since the counter value of the internal time corresponding to 0 minutes is known in advance at the time of program creation, it is compared with this constant, and when the value of the internal time counter 23B reaches the above constant, K is set so that it can be determined that a certain period of time has elapsed. ing. At 38.

If the card is not inserted into the card insertion slot of the transaction device even after a certain period of time has elapsed, the process moves to step 42, and the MPU 22 clears the PIN number registration area 23A to OO.

The PIN code registered on the card has been deleted. after that,
In step 43, it is determined whether the input custard key has been pressed,
If the formula custard key is pressed again, it will move to 45,
If the above-mentioned PIN input operation can be repeated again and the input custard key is not pressed -04
6, and the addition of the internal time and the deletion of the password are repeated again. If the predetermined time has not been reached at step 38, it is determined at step 39 whether or not the card has been inserted into the transaction device and a transaction is in progress. This is because the contact section 21 shown in FIGS. 3 and 4 sends a signal during a transaction via a card league (not shown) configured inside the transaction device 1 to the main body of the device shown in FIG. The card side MPU 22 receives this from the processing control unit 11 of the card, and the card side MPU 22 detects it. If there is no transaction in 39, 44
, and when the input custard key is not pressed,
The process returns to step 37 to continue updating the internal time counter. If a transaction is in progress at step 39, a slightly longer time delay is taken at step 40, and it is determined again at step 41 whether or not the transaction is in progress, but it is determined whether or not the transaction has been completed. If the transaction is in progress, it returns to 40 and waits for the transaction to end. Therefore, during a transaction, the internal time counter is not updated and maintains the same value. When the transaction is completed, the card is returned, and since no transaction signal is received in the contact section 21, it is determined at step 41 that the transaction is complete, and the process moves to step 42, where the 4-digit PIN area is cleared to 00 using the method described above. , the PIN number will be deleted. Therefore, the PIN number registered on the card is erased by the card itself after a certain period of time if no transaction is in progress, or immediately after the transaction is completed. 5
0 indicates the operation on the transaction device side, and the explanation of each block is as shown in the figure and will be omitted, but only the blocks that are the gist of the present invention will be explained. When the IC card of the present invention is loaded into the device, the card data is read by a card reader (not shown) in the card slip section shown at 9 in FIG.
At this point, the password in the password registration area 23A of the card is read and it is determined whether or not it is invalid. This means that if all four digits of the PIN number read are 00, you may have forgotten to register your PIN number.
This means that the transaction was left unused for a certain period of time after the PIN was registered.

In this embodiment, it is determined that the card is invalid, and the process moves to 67, indicating that the attendant's ejection has ended abnormally. If the 4-digit PIN is not OO, the process moves to 63 where central communication is performed with the center 15 shown in FIG. It is determined whether the information such as date of birth, address, blood type, etc. all match the personal authentication information stored in the center 15, and only when it is determined to be normal in the center 15, the conventional transaction can be carried out. It is now possible. Although a description of conventional transactions will be omitted, it goes without saying that in order to completely prevent fraudulent transactions, a password is entered into the device and checked. If they do not match, it is determined that the transaction person is not the card owner, and the process moves to step 47, where the card is collected and a staff member is called, resulting in abnormal termination. Therefore, according to the present invention, even if the card is stolen and the password is entered haphazardly, the card will be reliably invalidated at step 63, and fraudulent transactions can be prevented. Furthermore, since the time period during which the card itself becomes valid for transactions is extremely short, even if the card itself is stolen or lost, the time it takes for the card itself to become invalid is quick, making it extremely effective in terms of crime prevention. In the present invention, the fixed time for erasing the PIN number is fixed in the range of 15 to 30 minutes, but the input section 2 of the IC card 16 shown in FIG.
It is easily conceivable that an erasure time variable key 20B is provided on either of the cards 0 and 20 so that the card owner can arbitrarily set the above-mentioned time, and that the time can be arbitrarily set using the numeric keys 19. or.

In the present invention, the data to be deleted is limited to only the PIN number, but it is easily possible to delete other personal authentication information such as name and date of birth at the same time, but the more data to be deleted, the more It goes without saying that it is necessary to make the best possible arrangement between the card handling store and the customer, as the information must be entered at the time of transaction, which improves security but makes handling difficult.

In another embodiment of the present invention, as shown in FIG. 6 (α), the PIN number is 8 digits, the first 4 digits are the PIN between the cardholder and the card, and the last 4 digits are the PIN number between the cardholder and the card. Configure it as a conventional PIN number, enter 8 digits from the input section, make sure that only the first 4 digits disappear after a predetermined time after entering, but the last 4 digits do not disappear, and the device side verifies the 8 digits of the PIN number. Another possible method is to increase the accuracy of personal authentication by increasing the number of digits to be verified.

FIG. 6(b) shows a case where the above method is further changed to a 12-digit password; in this case, the password is made up of six digits each. It goes without saying that the settings for the first four digits and the last four digits may be interchanged. Furthermore, in the present invention, since IC cards are much more expensive than magnetic cards, etc., as shown in FIG.
Many cards are always stored in the card storage case 75 and removed from the card storage case when in use. Therefore, in the present invention, when the IC card 16 and the card storage case are stored as a pair, data such as a password is retained.

It is also conceivable that after a predetermined period of time has elapsed after the IC card is removed from the card storage case, data such as the PIN number will be erased by the IC card itself, rendering the IC card invalid.

Naturally, the IC card and the card storage case must be combined as a pair to hold data, and the data holding means is a charging body that engages with each unique contact, as shown by the broken line 76 in FIG. There may be a device built into the card storage case 75 side and provided with a power receiving section (not shown) that engages with the IC card 16 side, a device that detects changes in capacitance, and various other devices. As another example, as shown in the operation flowchart of FIG. 8, if the card holder makes a mistake in entering the card or someone else uses it illegally, the IC card becomes invalid.
The device side issues an instruction to invalidate all data to erase all personal authentication information data to the IC card side, and the IC card side issues an instruction after a predetermined period of time.

It is also possible to erase all of the above data and make the card completely invalid. Operation flow 8 in Figure 8 (A)
7 and subsequent parts are inserted into the chain double-dashed line section 87 in FIG. If the cardholder makes some kind of input error and performs a transaction without realizing it and the card becomes invalid, the cardholder must go to the bank etc. within the specified time and prove his/her identity. .

8 in (α) in Fig. 8 by notifying the equipment side using a special key (not shown) K provided by the staff on the equipment side.
In block 2, it is possible to prevent all data from being erased on the IC card side by instructing the IC card to make all data valid, thereby preventing the IC card from being invalidated. The above-mentioned embodiments are as follows.

It goes without saying that various applications and modifications can be made without departing from the gist of the present invention, with the aim of improving the security of the IC card. In addition, although the embodiment of the present invention is limited to an IC card, the method of the present invention may be applied to other transaction media having a built-in microprocessor, as well as to a leather card (also referred to as an optical card) in the future. Needless to say, it is easy.

In all of the embodiments described so far, the IC card itself automatically erases the personal authentication information, mainly the PIN number, after a certain period of time, so that the personal authentication information is not directly known to a third party. , a method of supplying invalid information even if a third party repeatedly commits an unauthorized act, but one application example of the present invention is as follows.
Furthermore, when the control program in the IC card is illegally read by a third party as shown in Figure 9, the control program itself inserts a dynamic stop program that jumps to the address it is currently running. It is also conceivable to use the control program itself to deal with fraudulent transactions, such as non-response. Furthermore, instead of the dynamic stop described above, it is easily possible to combine a soft timer and long-time calculations to delay the response time to about one month to prevent fraudulent transactions. In addition, when reading from the memory is performed after detecting the elapse of a certain period of time in the control program, the MP
It is also conceivable that a separate circuit for stopping the U function is driven to stop the MPU using hardware and control the MPU so that it does not respond. Furthermore, as a method for preventing fraudulent transactions while leaving the PIN data without erasing it, it is possible to respond in a long period of time when a series of commands are issued.

An example thereof is shown in FIG. In the figure, memory 200
A 4-byte 4-digit PIN code 0, for example 1234, stored in the 4-byte PIN number, 8 bits from the last digit, a response of a certain response time 0, eg 100M5 is set, and checked against a specific counter 203.

If they match, the above-mentioned comparison check is performed for the value set by the counter 204, and this is executed for the number of digits of the PIN number.
If you insert the IC card into the card's control program (and if the IC card is handed over to someone other than the card holder and a command to read the PIN data is issued, you must first enter the PIN to confirm your identity from the input section of the IC card). If you are prompted and enter it appropriately.

Since the PINs do not match, a long PIN verification check begins. In the example, if the response time for 1-bit verification is set to 100M5, the response time to complete the check of the 4-digit PIN number will vary slightly depending on the difference in the PIN number, but the response time will be at least 2 months or more. The counter 204 is set as follows. During this period, cardholders and banks will be able to take sufficient measures against fraudulent transactions.

In Figure 11, after the 4-digit verification check is completed.

An IC card can be even more effective if it emits an electronic sound so that it can be immediately recognized that it is an invalid card. In the git diagram, if a certain period of time has elapsed after the person entered the PIN, the card can be used again as a valid card by successfully inputting the PIN. Furthermore, as another example, if the cardholder himself/herself enters the wrong PIN due to forgetting the PIN, misunderstanding, or operational error,
The 12th
As shown in Figure 13 (if a correct password is entered within a specified time, e.g. 1 minute, after a password entry error, the control ends normally), or as shown in Figure 13 (IJ ) It goes without saying that various applications and modifications can be considered, such as a method that determines the number of runs and controls such that the process ends normally if the number of runs is within a specified number of runs, or a combination of both.

〔Effect of the invention〕

According to the present invention, it is possible to provide a transaction method that is highly reliable and safe and can prevent fraudulent transactions in a transaction system using an IC card.

[Brief explanation of drawings]

FIG. 1 is an external view of an automatic cash dispensing device showing one embodiment used in the transaction system of the present invention, FIG. 2 is a control block diagram of the device shown in FIG. 1, and FIG. IC
4 is a control block diagram inside the IC card shown in FIG. 3, FIG. 5 is an operation flowchart showing the operation of the present invention, and FIG. 6 is a diagram of another embodiment of the card. FIG. 7 is a state diagram showing the operation of the IC card according to another embodiment. The figure is an operation flowchart showing another embodiment. 16...Transaction medium (IC card). 22...control unit. 23A, 23B...Memory (non-volatile memory). 19, 20...Human resources department, l...Transaction device. 5...Operation section. 11... Processing control unit of the transaction device. 15...Center, 20B...Erase time variable key.

Claims (1)

[Claims] 1. A transaction medium comprising a control unit and a memory is provided with an input unit for registering a PIN number as personal authentication information, and after inputting the PIN number from the input unit and registering it in the memory, A transaction in which a transaction medium is read by a transaction device and a transaction is processed based on a PIN number in the memory, and a control unit of the transaction medium is configured to invalidate the PIN number in the memory after a predetermined procedure has passed. Trading method by medium. 2. The transaction method using a transaction medium according to claim 1, wherein the control unit is configured to invalidate the PIN number in the memory after a certain period of time has passed after inputting the PIN number as a predetermined procedure has progressed. 3. A transaction method using a transaction medium according to claim 2, wherein a fixed time variable key is provided in the input section of the transaction medium so that the fixed time can be arbitrarily set. 4. Claim 2, wherein the control unit is configured to determine, after a certain period of time has elapsed, that a command to read the PIN number from the memory has been issued, and thereafter prohibit the output of the PIN number. Trading method using the listed trading medium. 5. The control unit is configured to invalidate the personal identification number in the memory after the transaction processing by the transaction medium is completed in the transaction device as a predetermined procedure progresses.
Transaction method using the transaction medium described in section.