27201pif 九、發明說明: 【贅明所屬之技術領域】 入方法。 【先前技術】 先前’在對設置於銀行、信用合作社(⑶仙 =等金.滅構的支料⑼自純員機(Aut〇mjic Teller Machine : ATM) ^ (Cash Dispenser : CD) # 自動交易裝置進行操作,來進行存款、取款、過戶、轉帳、 匯款等金融交易的情況下,由顧客使用現金卡(咖^⑷ 等卡並輪人個人腿密碼。而且,在餐飲店、商店等店鋪 内進行消費費用的核算的情況下,利用轉帳卡(如池 card)、信时(credit eani)等卡進行核算時由顧客使 用卡’並且對設置在店鋪的收銀機(cashregister)處的銷 售點(Point of Sales,POS )終端.、信用卡終端等終端或者 其附屬設備進行操作,來輸入個人認證密碼。 而且,上述自動交易裝置及終端,將金額等資訊與自 卡所讀取到的卡資訊及所輸入的個人認證密碼一併發送至 經由通仏線路而連接的主電腦(h〇st compUter)等上級裝 置(higher-level device),來執行金融交易、核算交易等交 易的處理。在此情況下,若不進行加密處理,亦即以明碼 方式將個人認證密瑪發送至上級裝置.,則有可能被第三者 根據通信内容而解析出個人認證密碼。 27201pif 藉此’近年來’採用被稱作密碼輸入器(Pinpad)的 裝置’來作為對所輸入的個人認證密碼進行加密處理的個 人認證密碼輸入裝置。可藉由將密碼輸入器連接或者裝入 上述自動父易裝置及終端,而可將經加密處理的個人認證 密碼發送至上級裝置,因此不會出現第三者根據通信内容 而解析出個人認證密碼的情況。 而且’眾所周知的是,密碼輸入器加密時必需用到密 錄(key) ’作為密鑰的處理標準,規定有美國國家標準協 會(AmericanNational Standard Institute,ANSI) 9.24。根 據該標準’為了生成作為最上位密錄的主密錄_(master key) ’而必須輪入多個被稱作密鑰分量的數字行、亦即分 量(component),並對該分量進行運算來生成主密鑰。而 且’支付卡行業(payment Card Industry,PCI)標準中規 定’為了確保高安全級別,用以生成主密鑰的分量的方法 是’以密封信件(sealed letter)的方式來傳送多個輸入者 各自所輸入的資料,並根據輸入資料而自密碼輸入器輸入 (例如,參照非專利文獻1以及2)。 [非專利文獻1] http://partneraetwork.visa.com/dv/pin/main.jsp [非專利文獻2] http://www.ecom.jp/qecom/about_wg/wg05/cr-swg/code -4.html 然而,在上述先前的使用著密碼輸入器的自動交易裝 置及終端中,在輸入分量的情況下,僅提供了只用以輸入 27201pif 數字行的輸入者引導機構,而並無對別人所輸入的情況加 ^明確的機構1此,例如,即便是同—個人輸入多個分 畺亦有可月b生成主密輸,從而存在無法讀保安全性的問題。 .【發明内容】 f發明為解決上述先前的問題,提供一種交易裝置以 f該交易裝置的資料輸人方法,可藉由對輸人用以生成主 貝料(master data)的分量資料的各輸入者進行個人認證, 而僅在不_多個輸人者輸人了各個分量資料時生成主資 料,從而可確保高安全性。 因此,本發明的交易裝置包括:個人認證密碼輸入裝 置,其中包含輸入個人認證密碼的輸入機構、以及對藉由 該輸入機構而輸人的個人認證密碼進行加密的加密處理機 構;個人認證資訊取得裝置,可自ID (identification,識 別>)卡中取得個人認證¥訊;以及記憶裝置,記憶著該個 人涊證資訊取得裝置所取得的個人認證資訊,上述交易裝 置將經加_個人認證密碼發送至上級裝置而進行交易,、 於自上述輸入機構輸入用以生成個人認證密碣的加密用的 ^資料的多個分量資料的情況下’在輸人各分量資料之 前,藉由上述個人認證資訊取得裝置而自各分量資料的輸 入者=ID卡中取得個人認證資訊並記憶於上述記憶裝置 中’當根據上述個人認證資訊而判斷出輸入者不同時,允 許進行上述分量資料的輸入。 本發明的其他交易裝置包括:個人認證密碼輸入裝 置,其中包括輸入個人認證密碼的輸入機構、以及對藉^ 1373738 27201pif 該輪入機構而輸入的個人認證密碼進行加密的加密處理機 構’生物認證(biometric identification)資訊取得裝置, 可取得生物認證資訊;以及記憶裝置’記憶著該生物認證 貢訊取得裝置所取得的生物認證資訊,上述交易裝置將經 加密的個人認證密碼發送至上級裝置而進行交易。於自上 述輸入機構輸入用以生成個人認證密碼的加密用的主資料 的多個分量資料的情況下,在輸入各分量資料之前,藉由 上述,物認證資訊取得裝置而取得各分量資料的輸入者的 生物認證資訊並記憶於上述記憶裝置中,當根據上述生物 ίΞί訊㈣斷出輸人者不同時,允許進行上述分量資料 邱it:的再其他交易裝置中,更包括發行憑據的列印 量資:而m2量資料的輸入,且根據所輸入的分 不同的内容發行列印著各分量資料的輸入者 外部交ί裝置中’更包括可將資料輸出至 且根據;輸入的分量資有分量資料的輸入, 資料的輸入者不同的内宠的t叶呀將表不各分1 憶裝置。 I的讀的資料輸出至上述外部記 本發明的再其他交易裝置中 的機構,當允許進行所有 ^括了發送電子郵件 各 的分量資料而生成主資料時件輪入 分量資料的輪人者不_内容的^子郵件來發送表示. 9 27201pif 本發明的資料輸入方法是交易裝置的資料輸入方法, 該父易裝置包括.個人認'證密碼輸入裝置,包括輸入個人 認證密碼的輸入機構、以及對藉由該輸入機構而輸入的個 人認證密碼進行加密的加密處理機構;個人認證資訊取得 裝置,可自ID卡中取得個人認證資訊;以及記憶裝置, 記憶著該個人認證資訊取得裝置所取得的個人認證資訊, 該交易裝置將經加密的個人認證密碼發送至上級裝置而進 行父易,於自上述輸入機構輸入用以生成個人認證密瑪的 加密用的主資料的多個分量資料的情況下,在輸入各分量 資料之前,藉由上述個人認證資訊取得裝置而自各分量資 料的輸入者的ID卡中取得個人認證資訊並記憶於上述記 憶裝置中,當根據上述個人認證資訊而判斷出輸入者不同 時’允許進行上述分量資料的輸入。 本發明的其他資料輸入方法是交易裝置的資料輸入方 法,該交易裝置包括:個人認證密碼輸入裝置,包括輸入 個人認證密碼的輸人機構、以及對藉由該輸人機構而輸入 的個人認證密敬行加密的加密處理機構;生物認證資訊 取仔裝置’可取得生物認證資訊;以及記憶裝置,記憶著 該生物認證魏取得裝置所特的生触證纽,該交易 裝置將經加密的個人認證密碼發送至上級裝置而進行交 易’於自上述輸人機構輸人用以生成個人認證密瑪的加密 用的主資料的多個分量資料的㈣下,在輸人各分量資料 之前,藉由上述生物認證資訊取得裝置而取得各分量資料 的輸入者的生物認證資訊並記憶於上述記憶裝置中,當根 丄 27201pif 據上述生物認證資訊而判斷&輸人者不同時,允許進行上 述分量資料的輸入。 [發明之效果] _根據本發明.,交易裝置對輪入用以生成主資料的分量 資料的各輸入者進行個人認證。藉此,僅在不同的多個輸 入者分別輸入了分量資料時生成主資料,因此可確保高安 全性。 為讓本發明之上述和其他目的、特徵和優點能更明顯 易懂,下文特舉較佳實施例,並配合所附圖式詳細說明如 下: 【實施方式】 以下,參照圖式對本發明的實施形態進行詳細的說明。 圖1是本發明的第1實施形態的交易裝置的方塊圖。 圖1中’ 10是本實施形態的交易裝.置,例如,是設置 在銀行、信用合作社、郵局等金融機構的支行等處的 ATM、CD等自動交易裝置;設置在便利商店( convenience store)、超市、百貨商店等商店的店舖、地下街等處,具有 訂票功能、商品購買申請功能、信用卡的信用額度(credit limit)確認功能、設施資訊提示功能等的公共資訊查詢站 (KIOSK)終端之類的多功能終端;以及設置在餐館、酒 吧等餐飲店或商店的店鋪中的收銀機處的P〇S终端、信用 卡終端等終端,只要是在使用現金卡、轉帳卡、信用卡等 卡來進行存款、取款、過戶、轉帳、匯款等金融交易或消 費費用的核算之類的各種交易時,有輸入個人認證密碼而 11 1373738 2720lpjf ,行居證的裝置’财可為設置在任意場所的任意種類的 裝置。 此處,交易裝置10包括控制部u、顯示部12、作為 個人,證密瑪輸人裝置的密瑪輸人器13、作為個人認證資 訊取得裝置的讀卡部M、以及作為記憶裝置的記憶部15, 經由電話線路網、區域網路(L〇cal Area Netw〇rk,LAN )、 内〇卩網路(intranet)、線上網路(on_iine netw〇rk)、網際 網路等各種通信線路網,而連接於未圖示的主電腦等上級 裝置。而且,一併將金額等資訊以及從卡所具備的IC (Integrated Circuit ’ 積體電路)、磁條(magnetic stripe) 等所讀取到的卡資訊及所輸入的個人認證密碼發送至上級 裝置’以執行金融交易、核算交易等交易的處理。 上述控制部11是一種電腦,包括中央處理單元 (Central Processing Unit,CPU )、微處理單元(Micr〇27201pif IX. Description of the invention: [Technical field to which Yu Ming belongs] Entry method. [Prior Art] Previously 'in the pair of banks, credit cooperatives ((3) 仙=等金. 灭建的(9)自纯机(Aut〇mjic Teller Machine : ATM) ^ (Cash Dispenser : CD) # 自动交易When the device is operated to perform financial transactions such as deposit, withdrawal, transfer, transfer, remittance, etc., the customer uses the cash card (Caf^(4) card and the person's personal leg password. Moreover, in the restaurant such as restaurant, store, etc. In the case of accounting for consumption expenses, the card is used by the customer when using a card such as a debit card (such as a pool card) or a credit eani, and the point of sale at the cash register (stored at the store) ( Point of Sales, POS) terminal, credit card terminal, etc., or its accessory device, to input a personal authentication password. Moreover, the above-mentioned automatic transaction device and terminal, the information such as the amount and the card information read from the card and The entered personal authentication password is sent to a higher-level device such as a host computer (h〇st compUter) connected via an overnight line to execute the gold. Dealing with transactions such as transactions and accounting transactions. In this case, if the encryption process is not performed, that is, the personal authentication key is transmitted to the superior device in a clear manner, it is possible for the third party to analyze the individual according to the communication content. Authentication password. 27201pif uses 'in recent years' as a device called a password input device (Pinpad) as a personal authentication password input device for encrypting the input personal authentication password. By connecting the password input device Alternatively, the automatic parenting device and the terminal are loaded, and the encrypted personal authentication password can be sent to the superior device, so that the third party does not analyze the personal authentication password according to the communication content. The password input device must use the key (key) as the key processing standard, which is defined by the American National Standards Institute (ANSI) 9.24. According to the standard, in order to generate the master as the top secret _ (master key) 'and must have multiple digits called key components, also Component, and operate on the component to generate a master key. And the 'payment card industry (PCI) standard specifies 'in order to ensure a high security level, the method used to generate the component of the master key is The data input by each of the plurality of input persons is transmitted in the form of a sealed letter, and is input from the password input device based on the input data (for example, refer to Non-Patent Documents 1 and 2). [Non-Patent Document 1] http://partneraetwork.visa.com/dv/pin/main.jsp [Non-Patent Document 2] http://www.ecom.jp/qecom/about_wg/wg05/cr-swg/code -4.html However, in the above-mentioned automatic transaction apparatus and terminal using the password input device, in the case of inputting components, only the input guide mechanism for inputting only the 27201pif digital line is provided, and there is no The situation that is input by others is added to the clear organization. For example, even if the same person inputs multiple branches, the main secret transmission may be generated for the month b, and there is a problem that security cannot be read. SUMMARY OF THE INVENTION In order to solve the above problems, the present invention provides a transaction device for the data input method of the transaction device, which can be used to generate component data of the master data by inputting The input person performs personal authentication, and the master data is generated only when no multiple input persons input each component data, thereby ensuring high security. Therefore, the transaction apparatus of the present invention includes: a personal authentication password input means including an input means for inputting a personal authentication password, and an encryption processing means for encrypting a personal authentication password input by the input means; and obtaining personal authentication information The device may obtain a personal authentication from the ID (identification) card, and a memory device that memorizes the personal authentication information obtained by the personal authentication information obtaining device, and the transaction device will be authenticated by the personal authentication password. Sending to a higher-level device for transaction, and inputting a plurality of component data of the data for encryption used for generating the personal authentication key from the input means, 'before inputting each component data, by the above-mentioned personal authentication The information acquisition device acquires the personal authentication information from the input person=ID card of each component data and memorizes it in the memory device. When it is determined that the input person is different based on the personal authentication information, the input of the component data is permitted. The other transaction device of the present invention includes: a personal authentication password input device including an input mechanism for inputting a personal authentication password, and an encryption processing mechanism for encrypting the personal authentication password input by the wheeling mechanism of the 1373738 27201pif The biometric identification device can obtain the biometric authentication information; and the memory device memorizes the biometric authentication information obtained by the biometric authentication credit obtaining device, and the transaction device transmits the encrypted personal authentication password to the superior device for transaction. . When a plurality of component data of the main data for encryption for generating the personal authentication password is input from the input means, the input of each component data is obtained by the object authentication information acquisition means before the input of each component data. The biometric authentication information is stored in the above-mentioned memory device, and when the biometric error (4) is broken according to the above-mentioned biometrics (4), the other sub-transaction devices that allow the above-mentioned component data Qiu: are included, and the printing of the issuance credential is also included. Quantitative: and m2 amount of data input, and according to the input of different content, the input of the input of the component data is externally delivered to the device, and the data is output to and according to; the input component is The input of the component data, the input of the data, the different pets of the inner leaf will not be divided into 1 memory device. The information read by I is output to the above-mentioned mechanism of the other transaction device of the external invention, and when all the component data of the e-mail is allowed to be generated and the main data is generated, the person who turns in the component data does not The message input method of the present invention is a data input method of the transaction device, and the parent-friendly device includes a personal identification password input device, including an input mechanism for inputting a personal authentication password, and An encryption processing unit that encrypts a personal authentication password input by the input unit; the personal authentication information acquisition device can obtain personal authentication information from the ID card; and a memory device that memorizes the obtained by the personal authentication information acquisition device Personal authentication information, the transaction device transmits the encrypted personal authentication password to the superior device for parental use, and enters a plurality of component data for generating the main data for encryption of the personal authentication key from the input institution , before inputting each component data, by means of the above personal authentication information acquisition device Resource importer component material acquires the ID card and the personal authentication information memorized to the memory means, based on the personal authentication information when the input is judged by different 'component allows the above data input. Another data input method of the present invention is a data input method of a transaction device, the transaction device comprising: a personal authentication password input device, including an input institution for inputting a personal authentication password, and a personal authentication key input by the input institution. The encryption authentication mechanism of the definite encryption; the biometric authentication information device can obtain the biometric authentication information; and the memory device memorizes the biometric authentication device of the biometric authentication device, and the transaction device will be authenticated by the encrypted personal authentication device. The password is sent to the superior device for the transaction 'under the above-mentioned input organization to generate a plurality of component data of the main data for encrypting the personal authentication MU, (4), before the input of each component data, by the above The biometric authentication information acquisition device acquires the biometric authentication information of the input device of each component data and memorizes it in the memory device, and when the root device 27201pif determines that the input person is different according to the biometric authentication information, the component data is allowed to be performed. Input. [Effects of the Invention] According to the present invention, the transaction device performs personal authentication for each of the input persons who have entered the component data for generating the master data. Thereby, the master data is generated only when different component inputs are input by different input persons, so that high security can be ensured. The above and other objects, features and advantages of the present invention will become more <RTIgt; The form is described in detail. Fig. 1 is a block diagram showing a transaction apparatus according to a first embodiment of the present invention. In Fig. 1, '10 is a transaction device of the present embodiment, for example, an automatic transaction device such as an ATM or a CD installed at a branch of a financial institution such as a bank, a credit cooperative, or a post office; and is installed in a convenience store (the convenience store) In the shops, underground streets, etc. of supermarkets, department stores, etc., there are public information inquiry stations (KIOSK) terminals such as a ticket booking function, a product purchase application function, a credit limit credit limit confirmation function, and a facility information presentation function. a multi-function terminal of the class; and a terminal such as a P〇S terminal or a credit card terminal installed at a cash register in a restaurant such as a restaurant, a bar, or the like, as long as the card is used by using a card such as a cash card, a debit card, or a credit card. In the case of various transactions such as deposits, withdrawals, transfer, transfer, remittance and other financial transactions or consumption expenses accounting, there is a personal authentication password 11 11373738 2720lpjf, the device of the residence permit can be any type set in any place. s installation. Here, the transaction device 10 includes a control unit u, a display unit 12, a MME device 13 as an individual, a cryptographic device, a card reader M as a personal authentication information acquisition device, and a memory as a memory device. Department 15, via telephone line network, regional network (L〇cal Area Netw〇rk, LAN), intranet (intranet), online (on_iine netw〇rk), Internet and other communication lines And connected to a host device such as a host computer (not shown). In addition, the information such as the amount of money and the card information read from the IC (Integrated Circuit) and magnetic stripe provided in the card and the entered personal authentication password are transmitted to the upper device. To perform transactions such as financial transactions, accounting transactions, etc. The control unit 11 is a computer including a central processing unit (CPU) and a micro processing unit (Micr〇).
Processing Unit ’ MPU)等運算機構;半導體記憶體、磁 碟等記憶機構;以及通信介面等。並根據程式來進行動作, 對包含顳示部12、密瑪輸入器13、讀卡部ι4以及記憶部 15的動作在内的交易裝置整體的動作進行統一控制。 而且’上述顯示部12包括陰極射線管(cath〇de_ray tube,CRT)、液晶顯示器、發光二極體(Light Emitting Diode,IJED)顯示器等’根據控制部11的指示,而顯示 顧客進行交易所需的操作的晝面。進而,較理想的是,上 述顯示部.12是兼具有作為輸入機構的功能的觸摸面板 等,可進行輸入。 12 1373738 27201pif 而且,上述密碼輸入器13是由顧客操作來輸入個人認 證密瑪的裝置,具有:數字小鍵盤,作為用以輸入個人認 證密碼的輸入機構;以及加密處理機構,對所輸入的個人 認證密碼進行加密處理並發送經加密的個人認證密碼。另 外,上述密碼輸入器13可裝入交易裝置1〇内,亦可與交 易裝置10分開構成’並經由通信電纜等連接於交易裝置 10。 、、A computing unit such as a processing unit ’ MPU; a memory device such as a semiconductor memory or a magnetic disk; and a communication interface. The operation of the program is performed in accordance with the program, and the overall operation of the transaction device including the operations of the display unit 12, the grammar input unit 13, the card reading unit ι4, and the memory unit 15 is collectively controlled. Further, the display unit 12 includes a cathode ray tube (CRT), a liquid crystal display, a light emitting diode (IJED) display, etc., and displays a customer's request for trading according to an instruction from the control unit 11. The face of the operation. Further, it is preferable that the display unit .12 is a touch panel or the like having a function as an input means, and can be input. 12 1373738 27201pif Moreover, the above-mentioned password input device 13 is a device operated by a customer to input a personal authentication key, having a numeric keypad as an input mechanism for inputting a personal authentication password, and an encryption processing mechanism for the input individual The authentication password is encrypted and an encrypted personal authentication password is sent. Further, the password input unit 13 may be incorporated in the transaction device 1 or may be formed separately from the transaction device 10 and connected to the transaction device 10 via a communication cable or the like. ,
而且’上述密碼輸入器13依據「先前技術」項中所說 明的作為密碼輸入器的標準的ANSI9.24。因此,為了生成 ,上位密鑰即作為主資料的主密鑰,而必須輸入作為分量 ^料的多個分量來生成主賴。而且,由於上述密碼輸入 器13亦依據PCI標準,故多個分量必須是由不同的多個 輪入者對密碼輸入器13進行操作而輪入的。 从進而’上述讀卡部14是讀取輸人上述分量的輸入者所 ^ID卡的㈣的裝置,絲讀_存於上述卡所具Further, the above-mentioned password input device 13 is based on the standard ANSI 9.24 as a password input device as described in the "Prior Art" section. Therefore, in order to generate, the upper key is used as the master key of the master data, and a plurality of components as components must be input to generate the master. Moreover, since the above-described password input device 13 is also in accordance with the PCI standard, a plurality of components must be rotated by the operation of the password input unit 13 by a plurality of different wheelers. Further, the above-mentioned card reading unit 14 is a device for reading (4) of the input card of the above-mentioned component, and the silk reading_ is stored in the card.
= 1C、磁條等中的個人認證資訊。另外’上述讀卡部Η 亦可用於讀取顧客所持的卡的卡資訊。 成,^先體'磁碟等而構 本實施形態中,於自密碼輸入^ ^ ^ ^ ^ ==^:密_分量 中取得個:認===量的輸入者的仍卡 證資訊而判斷出輸入者不同時。,-二中分錢' 13 27201pif 接著,對上述構成的交易裝置的動作進行說明。此 處,僅對生成主密鑰的情況下的動作進行說明。 圖2是表示本發明的第i實施形態中的交易裝置的動 作的流程圖。 此處,輸入者是指第1輸入者以及第2輸入者此兩人, 所輸入的分量為第丨分量以及第2分量此兩個分量。 首先’控制部11進行分量輸入完成狀況的確認,向密 碼輸入器13詢問分量的輸入完成狀況,並根據詢問的結果 來對是否未輪入第1分量進行判斷。 而且’於未輸入第1分量的情況下,控制部U使顯示 部12顯示提醒進行ID卡讀取的晝面,請求讀取第1輸入 者的ID卡。隨後,第1輸入者使讀卡部14讀取自己所持 的1D卡的資料。如此,當讀取第1輸入者的ID卡時’控 制部11將讀卡部14自第1輸入者的ID卡所讀取到的個 人認證用的資料記憶於記憶部15中。 接著’進行第1分量的輸入,第1輸入者對密碼輸入 器13進行操作以輸入第1分量。 而且’當完成第1分量的輸入後,控制部11對是否未 輸入第2分量進行判斷。另外,於對是否未輸入第1分量 進打判斷後而得知已輸入第1分量的情況下,直接對是否 未輸入第2分量進行判斷。而且,於已輸入第2分量的情 況下,控制部U直接結束主密鑰生成處理。 .而且’於未輪入第2分量的情況下,控制部11使顯示 部12顯示提醒進行ID卡讀取的畫面,請求讀取第2輸入 27201pif 後’第2輸人者使讀卡部Μ取自己所持 的ID卡的-貝料。如此,當讀取第2輸入者扔 部11將讀^部14自第2輸入者的1D卡所讀取到的:人 遇證用的資料纪憶於記憶部15中。 而且,控制部11對記憶於上述記憶部15中的第〗輪 入者的ro卡的個人認證用的資料、與第2輸入者的仍^ 的個人認證用的資料進行比較’來對第1輪入者與第2耠 入者是否為不同的人進行判斷。 a 此處,於第1輸人者與第2輸人者林_人的情況 =控制部U使顯示部12顯示提醒輸入第2分 =未第2輸入者輸入第2分量。接著,進行第2分量的輸 八旦Ϊ第2輸人者對密碼輸人器13進行操作以輸入第2 :里¥,密碼輸人器13確認到已輸人了全部所需分量後, 生成主密鑰。藉此,主密鑰生成處理結束。 另-方面’於對第丨輸人者與第2輸人者是否為 =進行觸後崎知第1輸人者鮮2輸人者並非為不 ^的人的情況下,控制部u對是否必須進行再試(r卿) ==斷°而且’於必須進行再試的情況下,使顯示部12 者id +讀取的晝面’請求讀取第2輸入 密進行再試的情況下一 ’=無須進行再試而結束分量輸入 况,亦可能再次進行主密敝錢理賴況。 接著,對流程圖進行說明。 15 27201pif 步驟S2 2?分量輸入完成狀況的確認。 第1分量的是否未輸人第1分量進行判斷。於未輸入 況下進入步‘S5T進入步驟幻,而於已輸入第1分量的情 進行第1輸人者ID卡讀取。 步驟弘輪入第i分量。 第2分旦mi姆是否未輸入第2分量進行判斷。於未輸入 況下結1處^况下進入步驟S6,而於已輸入第2分量的情 步驟S6進行第2輸人者的ID卡讀取。 、隹— ΓιΖ S7對第1輸人者與第2輸人者是否為不同的人 ^^。於第1輸人者與第2輸人者為不_人的情況 二騍別,而於第1輸入者與第2輸入者並非為不同 的人的情況下進入步驟S10 » 步驟S8輪入第2分量。 步驟S9生成主密鑰,結束處理。 _步驟Sl〇對是否必須再試進行判斷。於必須進行再 試的情況下返回至步驟S6,而於無須進行再試的情況下結 束處理。 如此,本實施形態中,在輸入第i分量之前讀取第i 輸入^的ID卡,將上述10卡的資料保存於記憶部15中 並進灯第1分量的輸入,在輸入第2分量之前讀取第2輸 入者的ID卡,將上述ID卡的資料保存於記憶部15中。 而且,於根據保存於記憶部15中的ID卡的資料,而判斷 2720Ipif 出第1輪入者與第2輸入者為不同的人的情況下,由第2 輸入者進行第2分量的輸入,而於判斷出第1輸入者與第 2輸入者並非為不同的人的情況下,則不進行由第2輪入 者來輸入第2分量。 藉此,可僮於不同的多個輸入者分別輸入了分量資料 時生成主密鑰,從而可期待分量輸入的安全性較高的效果。 接著’對本發明的第2實施形態進行說明。另外,對 具有與第1實施形態相同的構成的部分附上相同的符號, 藉此省略其說明。而且,對與上述第丨實施形態相同的動 作以及相同的效果亦省略其說明。 圖3疋本發明的第2實施形態中的交易裝置的方塊圖。 胃本實施形態中的交易裝置1〇,具有作為生物認證資訊 取侍裝置的掃描儀部16,來代替上述第丨實施形態中所說 明的讀卡部14,取得輸入者的生物認證資訊後,根據該生 物認證資訊’來對多個輸人者是否為不同的人進行判斷。 上述生物認證資訊為例如虹膜(iris)、指紋、手掌靜脈圖 案、手指靜脈圖案等,但只要是能利用生物學上的特徵來 確⑽本人的生物統计學(bj〇metries)認證資訊、亦即生物 認證資訊,則可為任意種類的資訊,此處,是使掃描儀部 16取得手掌靜脈圖案或者手指靜脈圖案。 本實施形態中,於自密碼輸入器13輸入用以生成個人 認證密碼的加密用的主密鑰的多個分量的情況下,在輸入 各分量之前,藉由掃描儀部16而取得各分量的輸入者的生 物認證資訊並記憶於記憶部15中,當根據生物認證資訊而 17 27201pif 判斷出輸入者不同時,允許輸入分量。 另外’關於其他構成,與上述第1實施形態相同,因 此省略其說明。 接著’對本實施形態中的交易裝置10的動作進行說 明。此處’僅對生成主密綠的情況下的動作進行說明。 圖4是表示本發明的第2實施形態中的交易裝置的動 作的流程圖。 此處’輪入者是指第1輸入者以及第2輸入者此兩人, 所輸入的分量為第1分量以及第2分量此兩個分量。 首先,控制部11進行分量輸入完成狀況的確認,向密 碼輸13詢問分量的輸入完成狀況,並根據詢問的結果 來對是否未輸入第1分量進行判斷。 a而且L於未輸入第1分量的情況下,控制部11使顯示 部12顯示提醒取得生物認證資訊的晝面,請求取得第工 輸=者的生物認證資訊。隨後,第1輸入者使掃描儀部16 取传自己的手掌靜脈圖案或手指靜脈圖案。如此,當取得 第1 ^入者的生物認證資訊時,控制部11使掃描儀部16 所取得的第1輸入者的生物認證資訊記憶於記憶部15中。 00接著,進行第1分量的輸入,第1輸入者對密碼輪入 盗13進行操作以輸入第1分量。 而且,第1分量的輸入完成後,控制部u對是否未輸 —第2刀量進行判斷。另外,於對是否未輸入第1分量進 行甸斷後,而得知已輸入第1分量的情況下,直接對是否 未輸入第2分量進行判斷。而且,於已輸入第2分量的情 1373738 27201pif 況卜 炫邵11 1接結采主密鑰生成處理。 而於未輸入第2分量的情況下,控制部u使顯示部 12顯不提醒取得生物認證資訊的晝面,請求取得第2輸入 ί = 3資訊。隨後’第2輸入者使掃描儀部16取得 自己的手旱靜脈圖案或者手指靜脈圖案。如此, 資訊時’控制部11使掃描儀;16所 取付=2輸入者的生物認證資訊記憶於記憶部15中。 接者’控制部u將記憶於上述 證資訊、與第2輪入者的生物認:= ::來對第1輸入者與第2輸入者是否為不同 控制二第提:入者:不同人的情況下, 求第2輸八者輪八第量的畫面,請 形態相同,因此省略其說明/下的動作與上述第1實施 接著,對流程圖進行說明。 ί=,量輪入完成狀況的確認。 :广量的情況分量第; 的情況下進入步驟S25。 而於已輸入第1分量 =::以者的生物認證資訊。 入第2分量的情第2分量進行判斷。於未輪 卜進入步驟S26,而於已輸入第2分量 1373738 2?2〇lpif 的情況下結束處理。 •步驟S26取得第2輪 步驟S2"♦第1輪入者盘第 人進行判斷。於第i輪入第2輸入者是否為不同的 況下進入步驟似,入者為不同的人的情 不同的人的情況下進入步帮S3〇^與第2輸入者並非為 步驟S28輪入第2分量。 步驟S29生成主密输,結束處理。 為對是否必須再試進行_。㈣m 返回至步规S26,而於無須進行再試 如此’本實施形態中,在輪 中的生物認 7下,*心a ^與第輸人者為不同的人的情 1輸入者斑第二Ϊ仃第2分量的輸入,而於判斷出第 行―輸入者二二 =同的人的情況下’則不進 去组i t即ί在未持有ID卡的情況下亦可對第1輸入 不同的人進行判斷,從而除了上述 外’還可期待有助於輸入者輪入分 20 27201pif 接著,對本發明的第3實施形態進行說明。另外,對 具有與第1以及第2實施形態相同的構成的部分附上相同 符乘,藉此省略其說明。而且,對與上述第1以及第2實 施形態相同的動作以及相同的效果,亦省略其說明。 圖5是本發明的第3實施形態的交易裝置的方塊圖, 圖6是表示本發明的第3實施形態的交易裝置所發行的憑 據的示例的圖。 本實施形態的交易裝置10,於主密鑰生成處理結束之 後,如圖6所示,列印並發行表示各分量是由不同的人輸 入的内谷的憑據19。因此,交易裝置1〇,除了具有顯示部 12、密碼輸入器13、讀卡部14以及記憶部15之外,還具 有列印部17。 該列印部17是在主密繪生成處理結束之後列印並發 行憑據19的裝置,且具備喷墨(ink jet)方式、熱敏 (thermosensitiv〇 方式、電子照像(electrophotographic) f式等各種列印方式的列印頭。而且,上述憑據19中列印 著對如下進行證明的内容,即,已輸入各分量、已完成主 密鑰的生成、各分量的輸入者、以及各分量的輸入者為不 同的人。 _另外,其他方面的構成及動作與上述第丨實施形態相 同’因此省略其說明。 一如此,本實施形態中,於主密鑰生成處理結束之後發 行憑據19,該憑據19剌各分量是由各別輸人者所輸入 ^/3738 2720lpif 藉此,可獲得證實已正常進行主密 明,除了具有上述第i實施形態的,生成處理的證 量的輪入者能獲得更高的信賴的又一效果。卜,還可期待分 另外,上述第1〜第3實施形態中, 盗13而輸入的分量數為兩個的情況進行了視明密碼輸入 的分量數並未限定為兩個。 ^月’但所輸入 例如,上述第!實施形態中,於輸入 下,就第3分量而言亦進行圖2所示的流程=里的情況 以及S8的動作,並且就第3輸入者步戰S5 及S7的動作,藉此可獲得相同的效果/進仃步戰S6以 然而,於步驟S7的動作中,不僅 第1輸入者是轉不同的人進行判斷,還U =者與 與第2輸人者是否為不同的人進行判斷^ 、认者 而且,上述第3實施形態中,於有 分量的輸入者以St 而且上述第3實施形態中,對交易 第1實施形態中所說_交易裝置1G中追^ $ 的情況進行了說明,但上述第3本 了蚵卜卩17 二亦可在上述第2實施形態^明的^裝=3 加了列印部17。 习衣至川甲迫 入器^,/入^〜第3實施形態中,對在操作密媽輸 用由各輸人者來輸人各分量的處理 進灯了說H未錢定於分量的輸人, 部14或掃描儀部16的裝置,便可根據安全性方面的清兄 22 2720lpif 在各輪入者必須實施多種處理的情況下,可利 入者實施了各處理的證明機構。 … 而且,上述第3實施形態中,對列印並發行憑據19 障不例進行了說明,但只要是具有可將資料輸出至外部記 憶裝置的機能的交易裝置1〇,便可藉由向外部記憶裝 出與列印的内容相同的内容的資料而獲得相同的效果。^ 且’即便是在註冊著憑據19的傳送目標位址而以電子郵件 方式進行傳送的情況下,亦可獲得相同的效果。 6雖然本發明已以較佳實施例揭露如上,然其並非用以 #疋本發、月任何熟習此技藝者在不脫離本發明之精神和 乾圍内’當可作些許之更動與潤飾,因此本發明之保護範 圍當視後附之申請專利保護範圍所界定者為準 【圖式簡單說明】 圖本發明的第1實施形態中的交易裝置的方塊圖。 圖2是表示本發明的第1實施形態中的交易裝置的動 作的流程圖β 圖31本發明的第2實施形態中的交易裝置的方塊圖。 圖4是表示本發明的第2實施形態中的交易裝置的動 作的流程圖。 圖51本發明的第3實施形態中的交易裝置的方塊圖。. 一圖6是表示本發明的第3實施形態中的交易裝置所發 行的憑據的示例的圖。. 23 1373738 27201pif 【主要元件符號說明】 10 :交易裝置 11 :控制部 12 :顯示部 13 :密碼輸入器 14 :讀卡部 15 :記憶部 16 :掃描儀部 17:列印部 19 :憑據= 1C, personal identification information in magnetic strips, etc. In addition, the above card reading unit 亦可 can also be used to read the card information of the card held by the customer. In the embodiment, the input of the ^ precursor "disk", etc., is obtained from the password input ^ ^ ^ ^ ^ ==^: dense_component: the input card of the === amount is still the card information Determine when the input is different. - - 二中分钱' 13 27201pif Next, the operation of the above-described transaction device will be described. Here, only the operation in the case of generating the master key will be described. Fig. 2 is a flow chart showing the operation of the transaction apparatus in the i-th embodiment of the present invention. Here, the input person refers to both the first input unit and the second input unit, and the input component is the second component and the second component. First, the control unit 11 confirms the completion status of the component input, and inquires of the password input unit 13 about the completion status of the component input, and determines whether or not the first component has not been rotated based on the result of the inquiry. Further, when the first component is not input, the control unit U causes the display unit 12 to display a face for reminding the ID card to read, and requests to read the ID card of the first input person. Subsequently, the first input person causes the card reading unit 14 to read the data of the 1D card held by itself. When the ID card of the first input person is read, the control unit 11 stores the data for personal authentication read by the card reading unit 14 from the ID card of the first input person in the storage unit 15. Next, the input of the first component is performed, and the first input operator operates the password input device 13 to input the first component. Further, when the input of the first component is completed, the control unit 11 determines whether or not the second component has not been input. Further, when it is determined whether or not the first component has been input, and it is determined that the first component has been input, it is determined whether or not the second component is not input. Further, when the second component has been input, the control unit U directly ends the master key generation processing. Further, when the second component is not inserted, the control unit 11 causes the display unit 12 to display a screen for reminding the ID card to read, and requests to read the second input 27201pif, and then the second input person makes the card reading unit. Take the ID card of your own ID card. In this manner, when the second input person throwing unit 11 reads the read portion 14 from the 1D card of the second input person, the data for the person's identification is recorded in the storage unit 15. Further, the control unit 11 compares the data for personal authentication of the ro card of the ninth wheeled person stored in the storage unit 15 with the data for personal authentication of the second input person. Whether the wheeled person and the second intruder are judged by different people. a Here, in the case of the first input person and the second input person Lin_person = The control unit U causes the display unit 12 to display the reminder input second minute = the second input person inputs the second component. Next, the second component is input to the second input. The second input operator operates the password input device 13 to input the second: ¥, and the password input device 13 confirms that all the required components have been input, and then generates Master key. Thereby, the master key generation process ends. In the case of the person in the case of the person in the case of the person in the case of the person in the case of the person in the case of the person in the case of the It is necessary to retry (rqing) == break ° and 'when it is necessary to retry, the display unit 12 id + read 昼 face' request to read the second input key and retry the test' = no need If you try again and end the component input, you may also be able to re-do the main secret. Next, the flowchart will be described. 15 27201pif Step S2 2? Confirmation of the completion of the component input. It is judged whether or not the first component is not input to the first component. When the input is not entered, the step s5T enters the step phantom, and when the first component has been input, the first input ID card is read. The step is to enter the i-th component. It is judged whether or not the second component is not input to the second component. In the case where the input is not input, the process proceeds to step S6, and in the case where the second component has been input, step S6 is performed to read the ID card of the second input person.隹 Γ Ζ Ζ Ζ 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 When the first input person and the second input person are not the same as the second person, and the first input person and the second input person are not different, the process proceeds to step S10. 2 components. Step S9 generates a master key and ends the process. _Step S1 〇 Whether or not it is necessary to try again. If it is necessary to perform the retry, the process returns to step S6, and the process is terminated without retrying. As described above, in the present embodiment, the ID card of the i-th input is read before the input of the i-th component, and the data of the ten cards is stored in the storage unit 15 and input into the first component of the lamp, and is read before the second component is input. The ID card of the second input person is taken, and the data of the ID card is stored in the storage unit 15. Further, when it is determined that the second rounder and the second input are different from each other based on the data of the ID card stored in the storage unit 15, the second input is input by the second input. On the other hand, when it is determined that the first input person and the second input person are not different, the second round is not input by the second round. Thereby, the master key can be generated when a plurality of different input persons input the component data, and the effect of the component input can be expected to be high. Next, a second embodiment of the present invention will be described. The same components as those in the first embodiment are denoted by the same reference numerals, and the description thereof will be omitted. Further, the same operations and the same effects as those of the above-described third embodiment will be omitted. Fig. 3 is a block diagram showing a transaction apparatus in a second embodiment of the present invention. The transaction device 1 in the present embodiment has a scanner unit 16 as a biometric authentication information server, and instead of the biometric authentication information described in the above-described third embodiment, the biometric authentication information of the input person is obtained. According to the biometric authentication information, it is judged whether or not a plurality of indifferent persons are different persons. The above biometric authentication information is, for example, an iris, a fingerprint, a palm vein pattern, a finger vein pattern, etc., but as long as it is capable of using biological characteristics to confirm (10) biometric (bj〇metries) authentication information, That is, the biometric authentication information may be any type of information. Here, the scanner unit 16 is configured to obtain a palm vein pattern or a finger vein pattern. In the present embodiment, when a plurality of components of the master key for encryption for generating the personal authentication password are input from the password input unit 13, the scanner unit 16 acquires each component before inputting each component. The biometric authentication information of the input person is memorized and stored in the storage unit 15, and when the input is different according to the biometric authentication information, the 2727201 pif is allowed to input the component. The other configuration is the same as that of the above-described first embodiment, and thus the description thereof will be omitted. Next, the operation of the transaction device 10 in the present embodiment will be described. Here, the operation in the case where the main dense green is generated will be described. Fig. 4 is a flow chart showing the operation of the transaction apparatus in the second embodiment of the present invention. Here, the "rounder" refers to both the first input and the second input, and the input components are the first component and the second component. First, the control unit 11 confirms the completion status of the component input, and inquires of the password input 13 about the completion status of the component input, and determines whether or not the first component has not been input based on the result of the inquiry. a and L When the first component is not input, the control unit 11 causes the display unit 12 to display a face prompting the acquisition of the biometric authentication information, and requests the acquisition of the biometric authentication information of the first worker. Subsequently, the first inputter causes the scanner unit 16 to take its own palm vein pattern or finger vein pattern. As described above, when the biometric authentication information of the first participant is obtained, the control unit 11 causes the biometric authentication information of the first input person acquired by the scanner unit 16 to be stored in the storage unit 15. 00 Next, the input of the first component is performed, and the first input operator operates the cipher wheel thief 13 to input the first component. When the input of the first component is completed, the control unit u determines whether or not the second tool amount has not been input. Further, when it is determined whether or not the first component has not been input, and it is known that the first component has been input, it is directly judged whether or not the second component is not input. Moreover, in the case where the second component has been input, 1373738 27201pif, the Hyun Shao 11 1 is connected to the master key generation process. On the other hand, when the second component is not input, the control unit u causes the display unit 12 to display the second authentication ί = 3 information. Subsequently, the second input device causes the scanner unit 16 to obtain its own hand vein pattern or finger vein pattern. In this way, the information-time control unit 11 causes the biometric authentication information of the scanner/16 to be paid by the scanner to be stored in the storage unit 15. The receiver's control unit u will memorize the above information and the second round of the creature's recognition: =:: Whether the first input and the second input are different controls: Incoming: Different people In the case of the screen of the second and eighth rounds, the form is the same. Therefore, the operation of the explanation/lower and the first embodiment will be omitted. Next, the flowchart will be described. ί=, the quantity is confirmed by the completion status. : In the case of a large amount of the case component, the process proceeds to step S25. The biometric authentication information of the first component =:: has been entered. The second component of the second component is judged. The process proceeds to step S26, and the process is terminated when the second component 1373738 2?2〇lpif has been input. • Step S26 is taken to the second round. Step S2" ♦ The first round of the entrant is judged. In the case where the second input of the second input is different, the entry procedure is similar, and if the entry is different for different people, the entry step S3〇 and the second input are not rounded in step S28. The second component. Step S29 generates a primary secret transmission and ends the processing. For the need to try again _. (4) m returns to step S26, and there is no need to retry. In this embodiment, in the creature of the wheel, the heart is a different from the first person.仃The input of the second component, and in the case of judging the first line - the input person is the same person, the user does not enter the group ie ί can also be different for the first input if the ID card is not held. In addition to the above, the person can be expected to contribute to the input of the input to the 20th 20, 2011pif. Next, the third embodiment of the present invention will be described. In addition, the same components as those of the first and second embodiments are denoted by the same reference numerals, and the description thereof will be omitted. Further, the same operations and the same effects as those of the first and second embodiments described above will be omitted. Fig. 5 is a block diagram of a transaction apparatus according to a third embodiment of the present invention, and Fig. 6 is a diagram showing an example of a certificate issued by the transaction apparatus according to the third embodiment of the present invention. In the transaction apparatus 10 of the present embodiment, after the completion of the master key generation processing, as shown in Fig. 6, the credential 19 indicating that each component is an inner valley input by a different person is printed and issued. Therefore, the transaction device 1 has a print unit 17 in addition to the display unit 12, the password input unit 13, the card reading unit 14, and the memory unit 15. The print unit 17 is a device that prints and issues the credential 19 after the main imprint generation process is completed, and includes various ink jet (ink jet) methods, thermal (thermosensitiv method, electrophotographic f-type, etc.). The printing head of the printing method. Further, the above-mentioned credential 19 prints the contents of the following, that is, the input of each component, the generation of the completed master key, the input of each component, and the input of each component. The configuration and operation of the other aspects are the same as those of the above-described third embodiment. Therefore, the description thereof is omitted. In the present embodiment, the credential 19 is issued after the completion of the master key generation process. 19剌 Each component is input by each individual input ^/3738 2720lpif, whereby it can be confirmed that the main secret has been normally performed, and in addition to the above-described i-th embodiment, the wheeled person who generates the processed certificate can obtain In addition, in the first to third embodiments, the number of components input by the thief 13 is two, and the password input is performed. The number of components is not limited to two. ^月' However, in the above-described embodiment, for example, in the third embodiment, the third component is also subjected to the flow of the flow shown in FIG. 2 and the operation of S8. And the third input person steps S5 and S7, thereby obtaining the same effect/step S6. However, in the operation of step S7, not only the first input person is a different person to judge. Further, in the third embodiment, the U============================================================================================ In the first embodiment, the case where the transaction device 1G is chased is described. However, the third book may be added to the second embodiment. In the third embodiment, in the case of the operation of the Mama, the input of each component is input to each other. The device that is assigned to the component of the input, the part 14 or the scanner unit 16 can be based on the security aspect of the brother 22 22720lpif In the case where the wheeled person has to perform a plurality of types of processing, the applicant can implement the certification mechanism for each process. Further, in the third embodiment, the printing and issuing of the certificate 19 is described as an example, but The transaction device having the function of outputting the data to the external memory device can obtain the same effect by externally storing the data of the same content as the printed content. ^ And 'even if it is registered The same effect can be obtained in the case where the transmission destination address of the credential 19 is transmitted by e-mail. 6 Although the present invention has been disclosed in the preferred embodiment as above, it is not used for any of the present inventions. Those skilled in the art can make some modifications and refinements without departing from the spirit and scope of the present invention. Therefore, the scope of the present invention is defined by the scope of the appended claims. A block diagram of a transaction device in the first embodiment of the present invention. Fig. 2 is a flowchart showing the operation of the transaction apparatus according to the first embodiment of the present invention. Fig. 31 is a block diagram showing the transaction apparatus according to the second embodiment of the present invention. Fig. 4 is a flow chart showing the operation of the transaction apparatus in the second embodiment of the present invention. Figure 51 is a block diagram of a transaction device in a third embodiment of the present invention. Fig. 6 is a view showing an example of the credentials issued by the transaction device in the third embodiment of the present invention. 23 1373738 27201pif [Description of main component symbols] 10 : Trading device 11 : Control unit 12 : Display unit 13 : Password input device 14 : Card reader 15 : Memory unit 16 : Scanner unit 17 : Printing unit 19 : Credentials