WO2006033161A1

WO2006033161A1 - Paying-in/paying-out system

Info

Publication number: WO2006033161A1
Application number: PCT/JP2004/013966
Authority: WO
Inventors: Koji Kouda; Yuu Koyama; Takashi Yamaguchi; Natsuko Kato
Original assignee: Koji Kouda; Yuu Koyama; Takashi Yamaguchi; Natsuko Kato
Priority date: 2004-09-24
Filing date: 2004-09-24
Publication date: 2006-03-30

Abstract

[PROBLEMS] To provide a method for adding a biometric authentication function to a magnetic card system for identifying the banc account by a card number and identifying a user by a password without complicated modification. [MEANS FOR SOLVING PROBLEMS] A biometric sensor and an IC chip are mounted on a system using a magnetic card based on the online authentication regardless whether a magnetic strip card is mounted on the composite card. By recording at least a password and biometric data on the IC chip, the pass word can automatically be transmitted to a host computer only by performing the biometric authentication. By mounting the biometric sensor having the authentication function on the composite card, it is possible to provide a biometric authentication service without reconstructing an ATM terminal or modifying a host computer system. Moreover, the user need not input a password. Thus it is possible to improve the user-friendliness and promote effective operation of the ATM device.

Description

Specification

Deposit / withdrawal system

Technical field

The present invention relates to a deposit / withdrawal system in a magnetic and Z or IC card system using biometrics authentication. Here, the deposit / withdrawal referred to in the present invention includes operations such as balance inquiry, remittance, etc. performed and obtained by ATM.

Background art

[0002] In the early stage when bank cards were used, there was a time when a PIN was also recorded on the magnetic stripe. Because it is easy to steal passwords, now only the card number is recorded on the magnetic stripe, and the password is entered manually by the user each time a deposit or withdrawal is made.

[0003] However, magnetic cards are still easy to duplicate, and many counterfeit cards are distributed, and there are many examples where a strong PIN is easily set using a birthday or a phone number. Crimes such as spoofing are unending. Financial institutions, etc., call to change their PINs frequently, but it is cumbersome to remember their numbers, so there are few users who actually change their crimes. There is an increasing trend.

[0004] In order to increase security, an existing magnetic card is used and a voiceprint listening mechanism is used, so that the voiceprint data of the user himself / herself and the password are preliminarily connected to the host computer (central processing unit CPU). Technology that allows the user to confirm the identity of the user by inputting the voice into the voiceprint listening mechanism and verifying the identity of the person by registering the voiceprint data on the display. Has also been proposed. (Patent Literature 1)

[0005] Furthermore, when entering a user ID or password, characters such as bank ATMs are not easily guessed by looking at the operation of a finger even with a simple four-digit password. You can freely lay out the key positions without using a keyboard with a fixed position.Input a button image on a touch panel that is randomly arranged by selecting it with a pointing device. Change placement to However, a specific image is stored on the server, and only the operation information of the mouse, that is, the coordinates, which is not sent to the server as it is with the user ID and password character string, is transmitted to the third party via the network. Also disclosed is a technique for preventing the above-mentioned influence. (Patent Literature 2)

[0006] In addition, fingerprint data is recorded on an IC card or a magnetic card and then stored in an ATM or a store. The fingerprint data recorded on the card using a fingerprint reader is compared with the fingerprint data recorded on the host computer. By doing so, a technology to determine whether the card that is about to be used is the correct card has also been released. (Patent Document 3)

[0007] Furthermore, fingerprint data of multiple fingers is recorded on an IC card, and the fingerprint is used properly depending on the service, the authentication level is changed using multiple fingerprints, and the sensor area is divided into one sensor. A method of extracting and using a plurality of divided fingerprint data is also disclosed. (Patent Document 4)

Patent Document 1: Japanese Patent Laid-Open No. 05-006481

Patent Document 2: JP 2004-102460 A

Patent Document 3: US Patent US2002 / 0163421

Patent Document 4: US Application 20040151353

Disclosure of the invention

Problems to be solved by the invention

[0008] Conventionally, even if the card user is confirmed by the biometrics information such as fingerprints, the host computer can only accept the PIN, so the user must always enter the PIN. It becomes the input system.

However, in such a system, if the user forgets the security code (a user who has updated the security code due to security concerns may forget the updated security code), or If you enter a wrong password for a specified number of times (which is often the case when an elderly person, etc.), you will not be able to accept it, go to the bank office you are in charge of, and if you do not reissue, a new password will be issued. If the bank counter is out of business hours, you will have to wait until the next business day. Can't do In other words, changing the security code can be a big risk for users.

[0009] To increase security, it is safest to replace the entire magnetic card system with, for example, an IC card system. If the password is always the same four digits, it will be misused if the card is lost. There is a high possibility that In addition, when an IC card is used, it is necessary to change the entire system including the host computer, and problems that are extremely difficult both technically and in terms of cost occur. Bull case proves.

Furthermore, Patent Documents 1 to 14 proposed for solving the problems of the current system have the following problems.

[0010] In Patent Document 1, a method for safely managing a personal identification number by biometrics authentication (voiceprint authentication) by utilizing an existing magnetic card system that does not introduce a new system. Is disclosed. Although the existing magnetic card system can be used, since the data is managed on the system side, it is necessary to set up a database for biometric authentication on the host computer. Therefore, since it is necessary to change the host computer and ATM system, there are problems that the introduction cost becomes high and switching cannot be performed unless the system is stopped. In addition, when voiceprint data is stored on an ATM terminal or host computer, privacy issues will arise if it cannot be managed properly to prevent personal information from leaking.

[0011] In Patent Document 2, since the key position is variable in the input means and only the position data of the pressed key is sent to the host computer, the key 酉 S 歹 U is randomly changed. Even if the data is picked up on the network, it is safe, but the key layout data must be stored in the host computer (server)! Therefore, it is expensive to update the host computer, and when changing the system, Since it is necessary to stop the host computer, there is a risk of causing the same problems related to the host computer as during interbank system integration.

[0012] Patent Document 3 discloses a technology for recording fingerprint data on an ATM card (IC card or large-capacity magnetic card) to upgrade the current magnetic stripe. Yes. However, since only fingerprint data is stored on the card, the current magnetic card with the card number recorded cannot be used, and the fingerprint data is registered in the host computer instead of the current 4-digit password. Since it is necessary to update the host computer database itself, it is necessary to purchase a new host computer.

[0013] In Patent Document 4, in fingerprint authentication used for inquiries such as ATM, a plurality of fingers are recorded on an IC card or the like, and each finger has a different function. A possible technique is disclosed. In addition, even for a single fingerprint, the fingerprint data can be divided by dividing the sensor itself into multiple pieces, so that the number of authentication combinations can be increased. However, in this case as well, it is necessary to save the fingerprint data for inquiry on the host computer. In other words, a host computer using an existing magnetic card cannot be used, but at least the database must be renewed, and a new host computer must be purchased.

Means for solving the problem

[0014] In order to solve the above problems, the first invention of the present application provides a host computer as a personal information data storage means, an ATM as a cash deposit / withdrawal means, a biometric sensor and a magnetic as a data carrier means. In a deposit / withdrawal system including a composite card equipped with a stripe and an IC chip, a password and biometric information are recorded on the IC chip, and a transmission / reception device with a host computer is recorded on the ATM, A magnetic stripe reader and IC chip reader / writer are provided. The biometric data detected by the biometric sensor is compared with the biometric data pre-registered in the IC chip. When the ATM is recorded on the IC chip from the ATM to the host computer Performs automatic sending of the PIN number you are, and to One by ATM of operation becomes possible such as the operation of the deposit and withdrawal after the inquiry of the personal identification number by the host computer.

[0015] As a result, the ATM service can be received as long as the biometrics authentication is received. Since users can use the service in a short time, the utilization rate of ATM is also increased. [0016] The second invention of the present application includes a host computer as a personal information data storage means, an ATM as a cash deposit / withdrawal means, a magnetic stripe and an IC chip as a noometric sensor and a data carrier means. In a deposit / withdrawal system including a composite card equipped with a personal identification number and biometrics information are recorded in the IC chip, and the ATM includes a personal identification number generator, a transmission / reception device with a host computer, and a personal identification number. A display device, a personal identification number input device, a magnetic stripe reader, and an IC chip reader / writer are provided, and biometric data detected by the biometric sensor and pre-registered in the IC chip, If these data are matched, the PIN code display device The latest PIN is entered and recorded on the IC chip, and after the PIN is inquired by the host computer, ATM operations such as deposit and withdrawal operations are enabled, and after the deposit and withdrawal operations are completed. The personal identification number is updated by the personal identification number creating device, the updated personal identification number is written in the IC chip by the reader / writer, and the updated personal identification number is transmitted to the host computer via the transmission / reception device.

[0017] As a result, even if you do not remember the B phone number, you can use the ATM by entering the PIN displayed on the screen as long as you receive biometrics authentication. Use is promoted. Note that the PIN code may be updated at any timing before the composite card is discharged from the ATM device. As a result, the user does not need to remember the password, and even if someone else sees the screen displaying the password, the password is updated at the end of the job, so the old password is Not available.

[0018] Further, the third invention of the present application relates to a host computer as personal information data storage means, ATM as cash deposit / withdrawal means, a magnetic stripe and IC chip as a nanometric sensor and data carrier means. In a deposit / withdrawal system comprising a composite card equipped with a personal identification number and biometrics information, the ATM chip records a personal identification number, a transmission / reception device with a host computer, a personal identification number. A display device, a password input device, a magnetic stripe reader, and an IC chip reader / writer are provided, and biometric data detected by the biometric sensor and the previous The PIN code that is pre-registered in the IC chip and collated with the metric data, and if these data match, the ATM power is also recorded in the IC chip to the host computer. The ATM is enabled to perform ATM operations such as deposit and withdrawal operations after the host computer inquires the PIN, and the PIN number is updated and updated by the PIN code generator after the deposit and withdrawal operations are completed. The personal identification number is written into the IC chip by the reader / writer, and the updated personal identification number is transmitted to the host computer via the transmission / reception device.

[0019] As a result, if the user receives biometrics authentication without having to remember the password, the password is automatically transmitted, and the password is updated each time ATM is used. Even if the host computer is attacked, the PIN number is not fixed, so it will not be repeatedly spoofed.

[0020] Further, the fourth invention of the present application is a composite card equipped with a host computer as personal information data storage means, ATM as cash deposit / withdrawal means, a nanometric sensor and an IC chip as data carrier means. In the deposit / withdrawal system, a card number, a personal identification number, and biometric information are recorded in the IC chip, and the ATM includes a transmission / reception device with a host computer and an IC chip reader / writer. The biometric data detected by the biometric sensor is collated with the biometric data registered in advance in the IC chip. The card number and password recorded on the IC chip are automatically sent to the host It was as ATM of operation becomes possible such as the operation of the deposit and withdrawal after the inquiry of personal identification numbers by computer.

[0021] As a result, as long as the user receives biometrics authentication, the user can save time and effort to enter the security code, and the user can use it in a short time. ATM hardware can be used almost without modification.

[0022] Further, the fifth invention of the present application is a composite in which a host computer as personal information data storage means, ATM as cash deposit / withdrawal means, a nanometric sensor and an IC chip as data carrier means are mounted. In a deposit / withdrawal system comprising a card, the IC chip Card number, PIN number, and biometrics information are recorded in the ATM. The ATM includes a PIN number creating device, a transmission / reception device with a host computer, a PIN number display device, a PIN number input device, and an IC chip reader / writer. The biometric data detected by the biometric sensor is compared with biometric data pre-registered in the IC chip, and when these data match, the PIN display device displays the IC chip. The latest security code recorded on the card is input, and the entered security code and card number are sent to the sending / receiving device host computer to check the security code. Make it possible to operate ATMs such as money operations, and complete deposit and withdrawal operations. The personal identification number is updated by the personal identification number generation device later, the updated personal identification number is written to the IC chip by the reader / writer, and the updated personal identification number is transmitted to the host computer via the transmission / reception device. .

[0023] This makes it possible to use a conventional ATM for a magnetic card almost as it is and use it as an ATM having a biometrics authentication function. In addition, even if the user does not remember the password, as long as the user receives a metric, the ATM can be used by entering the password displayed on the screen. Use is promoted. Note that the PIN code may be updated at any timing before the composite card is ejected from the ATM device. As a result, the user does not need to remember the security code, and even if someone else sees the screen displaying the security code, the security code is updated at the end of the job, so the old security code can be used. Nah ...

[0024] Further, the sixth invention of the present application is a composite equipped with a host computer as personal information data storage means, ATM as cash deposit / withdrawal means, a nanometric sensor and an IC chip as data carrier means. In a deposit / withdrawal system equipped with a card, a card number, a password and biometrics information are recorded on the IC chip, and a password generating device, a transmission / reception device with a host computer, a password are stored in the ATM. A number display device, PIN code input device, and IC chip reader / writer are provided, and the biometric data detected by the biometric sensor is compared with biometric data pre-registered in the IC chip. If the data matches, from the ATM The card number and personal identification number recorded on the IC chip are automatically sent to the host computer so that ATM operations such as deposit and withdrawal operations can be performed after the personal computer inquires about the personal identification number. After the operation is completed, the personal identification number is updated by the personal identification number creating device, the updated personal identification number is written to the IC chip by the reader / writer, and the updated personal identification number is further transmitted to the host computer via the transmission / reception device. I sent it.

[0025] Thereby, a conventional ATM for a magnetic card can be used as it is, and can be used as an ATM having a biometrics authentication function. In addition, since it is not necessary for the user to remember the password, the password is automatically transmitted as long as the biometric authentication is received, and the password is updated each time ATM is used. Even if the computer receives an attack, the password is not fixed, so it will not be repeatedly spoofed.

[0026] Furthermore, since passwords including alphabets, katakana, and special characters in addition to passwords that only consist of numbers can be used as passwords, the number of combinations that can be used increases, and even if there is a mischief by others, the error rate is high. Therefore, a psychological suppression effect can be expected.

In addition, a non-contact IC chip can be used as the IC chip in consideration of convenience and durability. This improves the usability by protecting the data in the IC chip even in harsh environments where the composite card gets wet with water, or the card body gets dirty with rainwater or sludge.

[0028] Furthermore, as biometric authentication, fingerprint, retina, iris (iris), facial appearance, blood vessel shape, palm shape, auricle, voice print, signature, keystroke, gene information DNA is a single authentication or a combination of multiple The identity was confirmed by modal authentication. For example, in the case of a bank card, a troublesome person is required to have a PIN reissued, and a stamp is required. For biometrics authentication, it is necessary to carry a seal to carry out a secure and reliable identification. Since there is no such thing, the adoption of a biometrics authentication system will lead to a reduction in bank counter operations.

[0029] In addition, biometrics authentication data for multiple people is registered in one IC chip. I did it. As a result, even when multiple users such as corporate cards are assumed, it is possible to use any registered user by setting up multiple users, which improves operational efficiency. When storing biometrics authentication data for multiple people, a large amount of memory is required, so if there is a link between some IC chip and biometrics authentication data, the storage location is encrypted. You can save the data in a data storage location other than the IC chip after checking the data.

[0030] In addition to the element that automatically transmits the PIN to the ATM host computer or the element that updates the PIN, only the component that registers biometrics authentication data for multiple people on the IC chip. But it is well worth using.

The invention's effect

[0031] The personal identification number management system of the present invention is a system using a magnetic card based on online authentication. Security and convenience are provided by adding a PIN code recording and reading function using iometric authentication.

[0032] According to the invention of claim 1, if the user is authenticated by biometrics while inheriting the host computer system constructed with the conventional magnetic card, the ATM automatically transmits the password. Therefore, there is no need for the user to input the password, and there is no possibility of an input error. There is no need to memorize and write down the password, and it is possible to save the input. From the host computer's perspective, ATM power is sent in the same way as before, so there is no need to change the system and no extra costs are incurred.

[0033] According to the invention of claim 2, while inheriting the host computer system constructed with the conventional magnetic card, the user can obtain the password by the authentication by the biometric sensor mounted on the composite card. Can be displayed on the screen. You can authenticate the host computer by entering this PIN into the ATM using a numeric keypad. Since an action to confirm and enter the personal identification number is entered, the human interface can be used to give a psychological sense of security that everything is not left to the machine. According to the invention of claim 3, in addition to the effect of the invention of claim 1, the password is automatically updated after the password is automatically transmitted and the password is inquired by the host computer. Even if there is an attack on the host computer from other than ATM, the security level is improved because it can prevent repeated spoofing.

[0035] According to the invention of claim 4, since the card number is stored in the IC chip, the data integrity is superior to that of the magnetic stripe, and the card user is only authenticated by the nanometrics. This eliminates the need to enter a password, thus preventing input errors, eliminating the need to memorize and write down passwords, and saving input. From the host computer's perspective, the PIN is sent from the ATM, so there is no change to the system.

[0036] According to the invention of claim 5, since the card number is stored in the IC chip, the data integrity is superior to that of the magnetic stripe, and the user can obtain the password by using biometrics authentication. Since it can be displayed on the screen and the data can be transmitted after confirming by entering the personal identification number, there is a psychological sense of security through the combined use of the human interface.

[0037] According to the invention of claim 6, since the card number is stored in the IC chip, the data integrity is superior to that of the magnetic stripe, and in addition to the effect of the invention of claim 4, the personal identification number Is automatically sent and the PIN is automatically updated after the inquiry of the host computer is completed. This automatic update function improves the security level by preventing repeated spoofing even if an attack to a host computer other than ATM is possible.

[0038] According to the invention of claim 7, by using a combination of alphabets or special characters instead of numbers, for example, numbers and alphabets are used as compared with the case of using only 4 numbers (10 candidates). Since there are 34 candidates for each digit, more than 1.3 million combinations (1, 336, 336) can be combined in total, which is more than 130 times the current level, and the current magnetic card system continues to use a 4-digit password. Even if it is used, impersonation by a magnetic card counterfeit group becomes very difficult.

[0039] According to the invention of claim 8, by using the IC chip as a non-contact IC chip, there is no terminal exposed to the outside like a contact type chip, so the durability as an IC card is improved. In addition, it will be stronger against unauthorized access by external force. [0040] According to the invention of claim 9, by adopting an IC chip having a memory capacity capable of storing biometrics authentication data, various biometrics authentications can be used alone or in combination. It can be handled even under level or environmental restrictions.

[0041] According to the invention of claim 10, when a single card is used by a plurality of users, for example, in the case of a corporate card or the like, a plurality of people to be used are limited and all of them are used. By storing biometrics data individually on an IC chip, any registrant can be certified alone. If only one person can register biometric data to be linked to a card, each person must go to the ATM every time he / she wants to use the card at an ATM, and multiple cards (one for each) Issuing biometric data) makes card management and issuance cost burdens difficult. However, if biometrics data for multiple people is stored in a single composite card, multiple people can share a single card safely, improving work efficiency.

[0042] Furthermore, in the present invention, biometrics data that is subject to privacy protection is stored on an IC chip of a composite card that is carried by an individual user rather than being stored on a host computer, and the biometrics authentication is also established. Otherwise, the PIN code recorded on the IC chip cannot be taken out of the card, and the biometric data does not come out of the card at all because the nanometric sensor itself is integrated with the IC card. It can be operated with peace of mind from the point of information protection. Further, since the above-mentioned noometric data is stored in a composite card carried by the user, it is not necessary to provide a new customer database to the ATM terminal, so the maintainability is excellent.

[0043] Since biometric authentication is performed using a biometric sensor integrated with an IC card, the host computer's online system does not need to be changed, although there are some changes to the ATM terminal. If you switch only ATM while operating, you can easily change the system, and if you use not only numbers but also alphabets for personal inquiries, the combination of passwords will increase and the effect of suppressing impersonation crime will be great.

Brief Description of Drawings [0044] [Fig. 1] Conceptual diagram of deposit / withdrawal system in Example 1 using fingerprint authentication

[Figure 2] Flowchart in Example 1 using fingerprint authentication

[Figure 3] Diagram of deposit / withdrawal system in Example 2 using fingerprint authentication

[Fig.4] Flowchart in Example 2 using fingerprint authentication

[Figure 5] Deposit / withdrawal system diagram in Example 3 using fingerprint authentication

[Figure 6] Flowchart in Example 3 using fingerprint authentication

[Figure 7] Conceptual diagram of deposit / withdrawal system in Example 4 using fingerprint authentication

[Figure 8] Flowchart in Example 4 using fingerprint authentication

[Fig.9] Deposit / withdrawal system diagram in Example 5 using fingerprint authentication

[Figure 10] Flowchart in Example 5 using fingerprint authentication

[Fig.11] Deposit / withdrawal system diagram in Example 6 using fingerprint authentication

[Fig.12] Flowchart in Example 6 using fingerprint authentication

BEST MODE FOR CARRYING OUT THE INVENTION

FIG. 1 and FIG. 2 for Example 1 of the present invention, FIGS. 3 and 4 for Example 2, FIG. 5 and FIG. 6 for Example 3, and FIG. 7 for Example 4 FIG. 8 shows Example 5 in FIG. 9 and FIG. 10, and Example 6 shows in FIG. 11 and FIG.

Example 1

In FIG. 1, the composite card 7 includes a fingerprint sensor 18 mounted on a plastic body, a magnetic stripe 8 and an IC chip 9, and an IC card antenna 10 connected to the IC chip 9. . A card number is recorded on the magnetic stripe 8, and the internal memory of the IC chip 9 has an authentication key code 11, a personal identification number 12, biometrics data 13, and a spare memory area 14.

[0047] The user inserts the composite card 7 into a predetermined place of the ATM device. Then, in the case of a contact IC card, the biometric sensor 18 is driven by the input terminal of the contact IC card coming into contact with the power supply terminal on the ATM device side, and in the case of a non-contact IC card, the ATM device side The biometrics sensor 18 is driven by entering the operating frequency region of the high-frequency oscillator provided in FIG. Then, when the finger specified according to the guidance is applied to the sensor, fingerprint data 1 is read from the reading device, and the fingerprint that is preliminarily stored in the IC chip 9 is stored. Matched with data 13. If the biometric sensor 18 of the composite card authenticates the fingerprint data of the person, the password is stored in the IC chip 9 and sent to the host computer 5 via the ATM device 4. The host computer 5 compares the PIN number 12 sent to the PIN number stored in the customer database 6, and if it is verified that it is correct V ヽ PIN number, the ATM job ( Allow processing (such as deposits and withdrawals).

In the first embodiment, since personal authentication is performed using the fingerprint data 13 stored in the IC chip 9, the personal identification number 12 is not sent to the host computer 5 except for the user. Therefore, it is not necessary to change the PIN 12 in the normal case, but if the physical structure of the IC chip 9 can be rewritten, it can be changed to the IC chip 9 and the database 6 of the host computer at the request of the user. It is possible to change the stored PIN 12. Also, the biometrics (fingerprint) data 13 can be updated as necessary as long as the physical structure of the IC chip 9 can be rewritten, and some protection may be applied.

Example 2

In FIG. 3, the IC chip module 9 stores an authentication key code 11, a personal identification number 12, and fingerprint data 13.

[0050] It is preferable to use an authentication key code 11 that is difficult to tamper with, such as a hierarchical authentication key code that generates an irreversible key. Here, the hierarchical structure authentication key code is uniquely determined electronic data used for mutual authentication between the IC chip and the reader / writer. Master Module Power A derived hierarchical authentication key code that cannot be changed is ported from the master module to the IC chip module irreversibly by inter-module transfer, and the IC chip module has the same hierarchical authentication key code. It means something that can only communicate with the card reader / writer module!

[0051] When the composite card 7 is inserted into the card slot 15, the radio wave emitted from the reader antenna 16 adjacent to the card slot 15 is received by the card antenna 10, and the carrier radio wave is rectified inside the IC chip 9. The drive power is supplied to the IC chip 9 by being rectified by the circuit, the IC chip 9 starts to operate, and the circuit inside the chip is shut down. Is reset, and response data is sent to the IC card reader / writer 17. Thereafter, the IC chip 9 and the module of the IC card reader / writer 17 mutually authenticate using the authentication key code 11. When this mutual authentication is completed, the user is required to place a finger on the fingerprint sensor 18 mounted on the composite card 7 in order to receive biometrics authentication, and the fingerprint of the finger is authenticated as the user's own. Then, the password 12 stored in the IC chip module 9 is displayed on the ATM display screen 21 as the password 23 read from the IC chip 9.

[0052] The ATM user receives the inquiry from the host computer 5 by inputting the same number as the password displayed on the screen also using the numeric keypad input unit 19. The host computer 5 retrieves the corresponding personal identification number from the customer data base 6 and matches it with the personal identification number sent from the ATM card. Give instructions to accept user jobs (such as deposits and withdrawals).

[0053] In the above, when the user inputs the personal identification number from the numeric keypad input unit 13, by changing the color or font of the input number and the non-input number, what number should be input next? If the display is easily identifiable, the convenience of the user will be improved.

[0054] For the password 12 read from the IC chip 9, it may be possible to change the font size so that, for example, a large font can be selected for the elderly. The password displayed on this screen is automatically updated during the operation, and when a predetermined operation is completed and a force is sent, the password 12 written on the IC chip 9 becomes a new password. Because it is updated, even if the security code is seen by someone else during the operation, the same security code can not be used next time, so you can operate the ATM with confidence.

[0055] Furthermore, when online communication is used, even if the communication network 25 is intercepted, it may be possible to perform an arithmetic process on the personal identification number using an algorithm that does not send in plain text. For example, if the ATM power is also sent by performing a calculation process such as complementing the code when the binary number is displayed, the intercepted number will be different from the PIN stored in the host computer 5 So if someone else impersonates you and enters your PIN from ATM4, it becomes invalid, and the ATM card itself is a compound card with an IC chip 9 7 However, if the system is only accepted, spoofing will not be established even if the network is intercepted.

FIG. 4 is a flowchart for fingerprint authentication according to the present invention. The operation starts when the user touches the ATM screen (start).

[0057] When the composite card 7 is inserted into the card slot 15 (card insertion), the magnetic head starts reading the magnetic data from the magnetic stripe 8 of the composite card 7 (reading data from the magnetic card). The controller 20 sends the card number to the host computer 5 via the communication network 25 (communication with the host computer is started). The host computer 5 searches the customer database 6 for the corresponding card number.

[0058] After retrieving the customer file, the host computer 20 displays an instruction to input a password from the ATM control unit 20 via the communication network 25 on the screen 24 (a password from the host). Number input guidance).

[0059] On the other hand, when the composite card 7 is inserted into the ATM device (card insertion), an instruction to touch the finger is given to the fingerprint sensor 18 provided on the composite card. The crest data 1 is sent to the ATM control unit 20 (biometrics authentication). Next, when the metric data 13 stored in the IC chip 9 is read out and fingerprint verification is performed, the password stored in the IC chip 9 is read out (read out from the IC chip). This security code is displayed on the ATM composition screen (information on the security code read by the IC chip card).

[0060] In response to the password input instruction 24, the ATM user looks at the password guidance screen read from the IC chip and displays it on the same screen (password input guidance from the host). Enter your PIN from.

[0061] The password entered from the numeric keypad input unit 19 is transmitted to the host computer 5 by the ATM control unit 20 via the communication network 25, and verified with the password stored in the customer database 6 (host Computer verification).

[0062] When the inquiry of the personal identification number input by the user by the host computer 5 is completed, job processing such as deposit / withdrawal in ATM is executed (execution of processing).

[0063] When the job processing by the host computer 5 is completed, the ATM terminal performs the following processing.

5o 1. Generate a new PIN

2. Register a new PIN on the host computer

3. Write new PIN to IC chip 9

[0064] When the update of the password is completed, the ATM ends the operation and returns to the initial screen (end).

[0065] In the above embodiment, fingerprints are used for biometrics authentication. However, in addition to fingerprints, there are retinas, irises, facial features, blood vessel shapes, palms, etc. Multi-modal authentication can be considered, either single authentication or combination of multiple forms, ear pines, voiceprints, signatures, keystrokes, genetic information DNA, and authentication security by combining with public key authentication infrastructure PKI, elliptic function, etc. It is possible to strengthen this.

[0066] Also, in Fig. 3, the display screen of the password read from the IC chip module and the password (number not displayed) input from the numeric key input unit are displayed on the same screen. If so, separate screens may be used.

[0067] Further, as a means for guiding the input of a personal identification number, guidance by voice just by displaying a screen may be used. When entering the security code, it may be possible to give voice guidance to the number assigned to the key when touching the touch panel screen or keyboard. At that time, if the force is strong, use a combination of voice and beep sound, etc. so that the difference in finger pressure is recognized. It is convenient because you can enter the desired number without fail.

Example 3

FIG. 5 illustrates a third embodiment of the present invention. The composite card 7 includes a fingerprint sensor 18 mounted on a plastic body, a magnetic stripe 8, an IC chip 9, and an IC card antenna 10 connected to the IC chip 9. A card number is recorded in the magnetic stripe 8, and an authentication key code 11, a password number 12, biometrics data 13, and a spare memory area 14 are stored in the internal memory of the IC chip.

[0069] When the user inserts the composite card 7 into a predetermined place of the ATM device and applies a finger to the fingerprint sensor 18 according to the guidance, the fingerprint data 1 is read from the fingerprint sensor 18 and pre-loaded onto the IC chip 9. The stored fingerprint data 13 is verified. Here is the fingerprint data of the person Is stored in the IC chip 9 and the password 12 is sent to the host computer 5 via the ATM device 4. The host computer 5 compares the PIN number 12 sent to the PIN number stored in the customer database 6, and if it is verified that the PIN number is correct, the ATM job (payment / withdrawal) Etc.)

When the job processing by the ATM terminal 4 is completed according to the instruction from the host computer 5, the ATM terminal 4 performs the following processing.

1. Generate a new PIN

2. Register a new PIN on the host computer

3. New! /, Write the PIN to the IC chip module 9

[0071] When the update of the password is completed, the ATM ends the operation and returns to the initial screen. At this stage, the personal identification number 12 registered in the IC chip 9 is automatically updated, so that it is safe even if a hacker accesses the host computer 5 by any chance.

[0072] In the case of the third embodiment, since the personal identification number 12 is automatically transmitted, it is not displayed on the ATM screen. No.

[0073] Furthermore, even if monitored on the communication network 25, the PIN 12 is automatically updated the next time the composite card 7 is used, so there is no possibility of damage caused by spoofing many times. ,.

Example 4

In FIG. 7, the composite card 7 includes a fingerprint sensor 18 and an IC chip 9 mounted on a plastic body, and an IC card antenna 10 connected to the IC chip 9. A card number is recorded on the IC chip 9, and an authentication key code 11, a personal identification number 12, biometrics data 13, and a card number 14 are stored in the internal memory of the IC chip.

[0075] When the user inserts the composite card 7 into a predetermined place of the ATM device and places a specified finger on the sensor 18 on the composite card 7 according to the guidance, the fingerprint data 1 is read by the reading device power, and the IC chip 9 is collated with the fingerprint data 13 pre-saved at 9. When the IC chip 9 authenticates the user's fingerprint data, it is stored in the IC chip 9 and The certificate number 12 is sent to the host computer 5 via the ATM device 4. The host computer 5 compares the PIN number 12 sent to the PIN number stored in the customer database 6 and if it is verified that it is the correct PIN number, the ATM job (payment / withdrawal etc.) ) Permit processing.

Further, since the person is authenticated by the fingerprint data 13 stored in the IC chip 9, the personal identification number 12 is not sent to the host computer 5 except for the person. Therefore, it is not necessary to change the personal identification number 12 in the normal case. However, if the physical structure of the IC chip 9 can be rewritten, the IC chip 9 and the host computer database 6 can be requested at the request of the user. It is possible to change the password 12 stored in the memory. Also, if the metric data (fingerprint) data 13 can be rewritten in terms of the physical structure of the IC chip 9, it can be updated as needed, and some protection may be applied. It is done.

Example 5

In FIG. 9, the IC chip module 9 stores an authentication key code 11, a password number 12, fingerprint data 13, and a card number 26.

[0078] As the authentication key code 11, it is preferable to use a non-reversible key generation that is irreversible key generation, such as a hierarchical structure authentication key code. Here, the hierarchical structure authentication key code is uniquely determined electronic data used for mutual authentication between the IC chip and the reader / writer. Master Module Power A derived hierarchical authentication key code that cannot be changed is ported from the master module to the IC chip module irreversibly by inter-module transfer, and the IC chip module has the same hierarchical authentication key code. It means something that can only communicate with the card reader / writer module!

[0079] When the composite card 7 is inserted into the card slot 15, the radio wave emitted from the reader antenna 16 adjacent to the card slot 15 is received by the card antenna 10, and the carrier radio wave is rectified inside the IC chip 9. The drive power is supplied to the IC chip 9 by being rectified by the circuit, and the IC chip 9 starts to operate, and an initial reset is applied to the circuit inside the chip, to the IC card reader / writer 17. Send response data. After that, the IC chip 9 and the IC card reader / writer 17 module use the authentication key code 11. Authenticate each other. When this mutual authentication is completed, the user is required to place the guided fingertip on the fingerprint sensor 18 to receive biometrics authentication, and when the fingerprint of the finger is authenticated, the IC When the card number 26 stored in the chip module 9 is read out and sent from the ATM to the host computer 5 and the password inquiry command is sent from the host computer to the ATM, the password read from the IC chip 9 is read. Numbers 2 and 3 are displayed on the ATM display screen 21.

[0080] The ATM user receives the inquiry from the host computer 5 by inputting the same number as the password displayed on the screen also using the numeric keypad input unit 19. The host computer 5 retrieves the corresponding personal identification number from the customer data base 6 and matches it with the personal identification number sent from the ATM card. Give instructions to accept user jobs (such as deposits and withdrawals).

[0081] In the above, when the user inputs the personal identification number from the numeric keypad input unit 13, it is possible to input which number next by changing the color or font of the entered number and the unentered number. If the display is easily identifiable, the convenience of the user will be improved.

[0082] For the password 12 read from the IC chip 9, it may be possible to change the font size so that, for example, a large font can be selected for the elderly. The password displayed on this screen is automatically updated during the operation, and when a predetermined operation is completed and a force is sent, the password 12 written on the IC chip 9 becomes a new password. Because it is updated, even if the security code is seen by someone else during the operation, the same security code can not be used next time, so you can operate the ATM with confidence.

[0083] Furthermore, when online communication is used, even if the communication network 25 is intercepted, it may be possible to perform an arithmetic process on the personal identification number using an algorithm that does not send in plain text. For example, if the ATM power is also sent by performing a calculation process such as complementing the code when the binary number is displayed, the intercepted number will be different from the PIN stored in the host computer 5 So, if someone else impersonates you and enters your PIN from ATM4, it will be invalid, and only ATM card 7 with IC chip 9 will be accepted. Not established Yes.

FIG. 10 is a flowchart for fingerprint authentication according to the present invention. The operation starts when the user touches the ATM screen (start).

[0085] When the composite card 7 is inserted into the card slot 15 (card insertion), the IC chip is authenticated and reading of the card number 26 stored in the IC chip 9 is started (IC card power Data reading), the card number is sent by the ATM controller 20 to the host computer 5 via the communication network 25 (communication with the host computer is started). The host computer 5 searches the customer database 6 for the corresponding card number.

[0086] After searching the customer file, the host computer 20 displays an instruction to input a password to the user on the screen 24 from the ATM control unit 20 via the communication network 25 (a password from the host). Number input guidance).

[0087] On the other hand, when the composite card 7 is inserted into the ATM device (card insertion), an instruction to touch the finger is given to the fingerprint sensor 18 integrated with the IC card. When the finger is touched, the fingerprint sensor 18 13 is sent to the IC chip (biometrics authentication). Next, when the biometrics data 13 stored in the IC chip 9 is read out and fingerprint verification is performed, the password stored in the IC chip 9 is read out (read out from the IC chip). This PIN is displayed on the ATM composite screen (information on the PIN code read by the IC chip).

[0088] In response to the password input instruction 24, the ATM user looks at the password guide screen read from the IC chip while viewing the same screen (password input guidance from the host). Enter your PIN from.

The personal identification number input from the numeric keypad input unit 19 is transmitted to the host computer 5 by the ATM control unit 20 via the communication network 25 and is collated with the personal identification number stored in the customer database 6 (host Computer verification).

When the inquiry of the password entered by the user by the host computer 5 is completed, job processing such as deposit / withdrawal in ATM is executed (execution of processing).

[0091] When the job processing by the host computer 5 is completed, the ATM terminal performs the following processing.

1. Generate a new PIN 2. Register a new PIN on the host computer

3. Write new PIN to IC chip 9

[0092] When the update of the password is completed, the ATM ends the operation and returns to the initial screen (end).

[0093] Also, in FIG. 9, the display screen of the security code read from the IC chip module and the security code input from the numeric key input unit (the number is not displayed) are displayed on the same screen. If so, separate screens may be used.

[0094] Further, as a means for guiding the input of a personal identification number, it is also possible to use voice guidance just by displaying the screen. When entering the security code, it may be possible to give voice guidance to the number assigned to the key when touching the touch panel screen or keyboard. At that time, if the force is strong, use a combination of voice and beep sound, etc. so that the difference in finger pressure is recognized. It is convenient because you can enter the desired number without fail.

Example 6

FIG. 11 illustrates a sixth embodiment of the present invention. The composite card 7 includes a fingerprint sensor 18 mounted on a plastic body, a magnetic stripe 8, an IC chip 9, and an IC card antenna 10 connected to the IC chip 9. The internal memory of the IC chip has an authentication key code 11, a password number 12, biometrics data 13, and a card number 26.

[0096] When the user inserts the composite card 7 into a predetermined location of the ATM device and applies a finger to the fingerprint sensor 18 according to the guidance, the fingerprint data 1 is read from the fingerprint sensor 18 and pre-loaded onto the IC chip 9. The stored fingerprint data 13 is verified. Here, if it is authenticated that it is the user's fingerprint data, it is stored in the IC chip 9! And the personal identification number 12 is sent to the host computer 5 via the ATM device 4. The host computer 5 compares the PIN number 12 sent to the PIN number stored in the customer database 6, and if it is verified that the PIN number is correct, the ATM job (payment / withdrawal) Etc.)

When the job processing by the ATM terminal 4 is completed according to the instruction from the host computer 5, the ATM terminal 4 performs the following processing. 1. Generate a new PIN

2. Register a new PIN on the host computer

3. New! /, Write the PIN to the IC chip module 9

[0098] When the password update is completed, the ATM ends the operation and returns to the initial screen. At this stage, the personal identification number 12 registered in the IC chip 9 is automatically updated, so that it is safe even if a hacker accesses the host computer 5 by any chance.

[0099] Also, since the personal identification number 12 is automatically transmitted, it is not displayed on the ATM screen! /, So even if the ATM screen is displayed, the personal identification number is not known.

[0100] Furthermore, even if it is monitored on the communication network 25, the PIN 12 is automatically updated the next time the composite card 7 is used, so there is no possibility of damage caused by spoofing many times. ,.

[0101] In the above embodiment, fingerprints are used for biometric authentication. However, in addition to fingerprints, the biometrics authentication can use the retina, iris (iris), facial appearance, blood vessel shape, palm, etc. Multi-modal authentication can be considered, either single authentication or combination of multiple forms, ear pines, voiceprints, signatures, keystrokes, genetic information DNA, and authentication security by combining with public key authentication infrastructure PKI, elliptic function, etc. It is possible to strengthen this.

[0102] Card numbers, metric data, passwords, etc. written to the IC chip are encrypted in plaintext, for example, RSA encryption based on the prime factorization problem or discrete logarithm problem as a public key encryption algorithm. The DSAZECDSA encryption, etc., may be used, and it is also possible to use a public key authentication infrastructure PKI that uses electronic signatures.

[0103] If security measures against access or tampering with other powers can be taken by updating the security code immediately after the security code is inquired, the security code can be used for the purpose of improving the convenience of the user. It is also conceivable to provide a screen or voice guidance for the password entered by keystroke or character selection on the input screen. In particular, in the case of voice guidance, there is both a function that guides one character at a time when each character is input and a function that guides all the digits before sending after completing the input, and repeatedly guides at the request of the input person It is preferable. This is convenient because even visually impaired people can input characters while checking whether they are correct one by one. [0104] Furthermore, when accessing the host computer from the PC other than ATM, for example, via the Internet, the IC chip reader / writer may be connected to the PC and the personal identification number recorded on the composite card may be used. Possible power Even in an environment where the composite card cannot be accessed, a password that can be used in combination with a reliable external authentication such as a mobile phone number, fixed phone number (caller ID display function) or electronic certificate is renewed. If you register it in the host computer first, you can access it from other than ATM, such as a mobile phone or the Internet, without using a composite card PIN.

[0105] It should be noted that the cellular phone is equipped with a biometric sensor and an IC chip as a data carrier means, and the IC chip is configured to record a card number, a password, and biometric information, and the cellular phone is placed at a predetermined location of the ATM. When set, use a communication method other than the call method used by the mobile phone so that the mobile phone itself can function as a bank card.

[0106] Further, it is conceivable to leave an update history of the password on the IC chip. Even if a communication failure occurs during the communication between the ATM terminal and the host computer and the PIN code is not completely updated and the old PIN code remains, an inquiry is made about the past history of the host computer. be able to.

[0107] It is also conceivable to improve security without significant system changes by managing the binary code of the password stored in the host computer in bit units. For example, in the case of a host computer that uses 4-digit password data, each password is assigned a memory space of 4 bytes. This is not 4 bytes representing 4 characters. Breaking it down into bits, 4 bytes can be thought of as 4 times 8 bits, or 32 bits of data. If you represent a password of 4 bytes in 32 bits, you can theoretically have 4,294,967,296 combinations, and you can combine more than 420,000 times the current 4-digit password (10,000). Become. This 32-bit binary code can be recorded as binary data on the IC chip as it is. In this case, it is difficult to manually input 32-bit data such as a keyboard. For example, when the password is proposed on the screen, it is a copy that is generally used by a word processor or the like for the screen controller of the ATM terminal. Copy the security code data that has been provided with the & paste function and read the IC chip power. One can think of automating password entry by pasting it on the input screen to the host computer. It is also conceivable to send the password data that has been read from the IC chip power directly to the host computer.

[0108] As an individual identification method for storing and operating fingerprints for multiple people on a single IC chip, a user number is stored in pairs with fingerprint data, and a switch is provided on the card, for example, when used. It can be selected, or it can be a method of saving personally identifiable data such as user number and name paired with fingerprint data and selecting it from an input means such as an ATM numeric keypad when using it, or other than fingerprints Biometrics authentication (retina, iris (iris), facial appearance, blood vessel shape, palmar shape, auricle, voice print, signature, keystroke, genetic information DNA has any single authentication or multi-modal authentication combined ) May be applied for personal identification.

[0109] When storing the card number, PIN, and biometric data in the IC chip without using the magnetic stripe, first the card number is also read out from the IC chip power and sent to the host computer from the ATM transceiver. The ATM can receive a PIN number inquiry command from the host computer, send the PIN number after biometrics authentication with the IC chip, and increase the load on the host computer! In an offline state, the IC chip may first perform biometrics authentication, verify the identity, and communicate with the host host to send the card number and PIN simultaneously or separately.

[0110] The embodiment of the present invention is based on the online, and the password is also stored on the IC chip for the online authentication. Separately, it is also possible to store an offline password on the same IC chip. When a biometric sensor is mounted on a composite card, it is safe because it can be used offline. When using offline, save the transaction data on an IC chip and use it at an ATM that can be online at a later date. After logging in to the host computer using the online PIN, the offline transaction data is stored. It is possible to collate with offline transaction data sent to the host computer separately from the offline terminal. [0111] Also, as a backup means when a fingerprint cannot be read, it is preferable that the ATM can be operated by entering a personal identification number. At this time, the PIN code may be read from the IC card after it has been authenticated by the PIN number, etc., or the host computer power data will be received by using the authentication function of a security communication terminal such as a mobile phone. It is exempted from taking.

[0112] When the IC chip 9 mounted on the composite card 7 uses a contact-type module, the IC chip 9 is energized with only half of the card 7 mounted on the IC card reader / writer inserted into the IC card reader / writer. It is conceivable that the biometric sensor is operated while the IC chip 9 is energized by arranging the biometric sensor in the remaining half of the area. In addition, it is possible to make the ATM usable by inserting the composite card into the ATM with the power turned on by installing the power in the composite card and receiving authentication in the composite card before inserting the card into the ATM. . In this case, it is possible to set a valid time for biometric authentication using an IC chip, and for example, if the composite card 7 is not inserted into the ATM within 10 seconds, the authentication becomes invalid.

[0113] When a non-contact IC chip module is used for the composite card 7, for example, the composite card 7 is placed on the antenna 16 with the fingerprint sensor 18 (biometric sensor) facing up. It is possible to receive biometrics authentication by placing the finger on the fingerprint sensor 18 while the fingerprint sensor 18 is enabled by supplying power from the antenna 16 to the IC chip 9. If the card 7 has a built-in power supply, or if power is supplied from the outside while touching the fingerprint sensor 18 integrated with the composite card 7, the IC chip 9 can be held with the composite card 7 in hand. It is also possible to receive biometrics authentication by, and then insert the card into the ATM and receive the prescribed ATM service. Also, in this case, some selection means such as a small mechanical switch or touch switch or touch panel liquid crystal screen is mounted on the composite card 7 so that ATM functions can be selected on the composite card. You can also think about doing it.

Furthermore, in the previous embodiment, the force using the IC chip 9 driven by electricity The driving source of the IC chip is not limited to electricity. For example, an optically driven IC chip may be used. In this case, the communication between the IC card reader / writer 17 and the composite chip uses light. It is possible to use an optical sensor in place of the card, and when the power is built into the composite card 7 or when external power is supplied while holding the card, the fingerprint integrated with the card While the sensor 13 is in contact with the IC card reader / writer 1 7 from the compound card 7 to the light receiving element of the IC card, the IC card sends light to establish communication, so the compound card 7 is held in the hand. It is also possible to receive biometrics authentication at the same time, and then insert the composite card 7 into the ATM device 4 to receive a predetermined ATM service. Also in this case, it is conceivable that some selection means, for example, a switch means such as a touch panel liquid crystal screen is mounted on the composite card 7 so that ATM function selection can be performed on the composite card 7.

Industrial applicability

Carrying personal information protected by noometric authentication by yourself and receiving the biometric authentication, you can confirm your identity, and then you can automatically send and display your PIN at ATM, so you often forget your PIN Can be used with peace of mind by elderly people. In addition, the service provider also reduces the burden on bank counters, eliminates the need for extra personnel, and maintains the current host computer, increasing the security of the system without making a large investment. It will also improve the management of credit companies.

Claims

The scope of the claims

[1] I / O equipped with a host computer as a personal information data storage means, ATM as a cash deposit / withdrawal means, and a composite card equipped with a biometrics sensor and a magnetic stripe and IC chip as a data carrier means In the gold system, a security code and biometric information are recorded on the IC chip, and the ATM is provided with a transmission / reception device to / from a host computer, a magnetic stripe reader, and an IC chip reader / writer. The biometric data detected by the biometric sensor and the biometric data pre-registered in the IC chip are collated, and if these data match, the ATM force is also recorded on the IC chip to the host computer. The password is automatically sent and the host computer A deposit / withdrawal system that enables ATM operations, such as deposit / withdrawal operations, after a PIN is inquired.

[2] I / O equipped with host computer as personal information data storage means, ATM as cash deposit / withdrawal means, and composite card equipped with biometrics sensor and magnetic stripe and IC chip as data carrier means In the gold system, a security code and biometrics information are recorded on the IC chip. A security code generator, a transmission / reception device with a host computer, a security code display device, and a security code input are stored in the ATM. Device, a magnetic stripe reader, and an IC chip reader / writer. The biometrics data detected by the biometric sensor and biometric data pre-registered in the IC chip are collated. If they match, they are recorded on the IC chip on the password display device. You will be guided to enter the latest security code, and will be able to perform ATM operations such as deposit / withdrawal after inquiring the security code by the host computer. A deposit / withdrawal system, wherein the updated password is written to the IC chip by the reader / writer, and the updated password is transmitted to the host computer via the transmission / reception device.

[3] I / O equipped with host computer as personal information data storage means, ATM as cash deposit / withdrawal means, and composite card with biometrics sensor and magnetic stripe and IC chip as data carrier means For the gold system, the IC chip The ATM is recorded with a personal identification number generator, a transmission / reception device with a host computer, a personal identification number display device, a personal identification number input device, a magnetic stripe reader, and an IC chip reader / writer. The biometrics data provided by the biometric sensor and the biometrics data pre-registered in the IC chip are collated, and when these data match, the ATM power is sent to the host computer. The PIN code recorded on the IC chip is automatically sent so that the ATM can be operated such as deposit / withdraw after the PIN code is inquired by the host computer. Update the security code and send the updated security code to the reader / writer. The depositing / withdrawing system is characterized in that the IC card is written to the IC chip and the updated password is transmitted to the host computer via the transmitting / receiving device.

[4] A deposit / withdrawal system comprising a host computer as a personal information data storage means, ATM as a cash deposit / withdrawal means, and a composite card equipped with a biometric sensor and an IC chip as a data carrier means. The IC chip stores a card number, a password, and biometric information, and the ATM includes a transmission / reception device with a host computer and an IC chip reader / writer. Thus, the detected metric data and the metric data pre-registered in the IC chip are collated, and when these data match, the ATM records the data in the IC chip to the host computer. The card number and password are automatically sent, and the password is set by the host computer. Withdrawal system characterized in that it becomes possible to ATM operations such as depositing and dispensing operation after the query.

[5] A deposit / withdrawal system comprising a host computer as a personal information data storage means, ATM as a cash deposit / withdrawal means, and a composite card equipped with a biometric sensor and an IC chip as a data carrier means. In the IC chip, a card number, a password, and biometric information are recorded. In the ATM, a password generator, a transmission / reception device with a host computer, a password display device, a password input device, An IC chip reader / writer is provided,

Biometric data detected by the biometric sensor and the IC chip The biometrics data that has been pre-registered is collated, and if these data match, the latest PIN number recorded on the IC chip is guided to the PIN number display device. The entered PIN number and card number are sent from the transceiver to the host computer and the PIN number is inquired. After the PIN number is inquired by the host computer, ATM operations such as deposit and withdrawal operations can be performed. After completion of the gold operation, the personal identification number is updated by the personal identification number creation device, the updated personal identification number is written to the IC chip by the reader / writer, and the updated personal identification number is transmitted to the host computer via the transmission / reception device. A deposit / withdrawal system characterized by

[6] A deposit / withdrawal system comprising a host computer as a personal information data storage means, ATM as a cash deposit / withdrawal means, and a composite card equipped with a biometric sensor and an IC chip as a data carrier means. In the IC chip, a card number, a password, and biometric information are recorded. In the ATM, a password generator, a transmission / reception device with a host computer, a password display device, a password input device, An IC chip reader / writer is provided,

The biometric data detected by the biometric sensor is pre-registered with the IC chip and collated with the biometric data, and when these data match, the ATM records the data on the IC chip from the ATM to the host computer. The card number and personal identification number are automatically transmitted so that the ATM can be operated after depositing / withdrawing after the host computer inquires about the personal identification number. A deposit / withdrawal system, wherein a password is updated by a creation device, the updated password is written to the IC chip by the reader / writer, and the updated password is transmitted to a host computer via the transmission / reception device. .

7. The deposit / withdrawal system according to any one of claims 1 to 6, wherein the personal identification number includes an alphabet, katakana and special characters in addition to numbers.

8. The deposit / withdrawal system according to any one of claims 1 to 7, wherein the IC chip is a non-contact IC chip.

[9] The deposit / withdrawal system according to any one of claims 1 to 8, wherein the biometrics For task authentication, fingerprint, retina, iris (iris), facial appearance, blood vessel shape, palm shape, auricle, voice print, signature, keystroke, genetic information Characteristic deposit / withdrawal system.

10. The deposit / withdrawal system according to any one of claims 1 to 9, wherein the metric authentication data for a plurality of persons is registered in one IC chip.