WO2006043585A1 - Authentication system - Google Patents

Authentication system Download PDF

Info

Publication number
WO2006043585A1
WO2006043585A1 PCT/JP2005/019186 JP2005019186W WO2006043585A1 WO 2006043585 A1 WO2006043585 A1 WO 2006043585A1 JP 2005019186 W JP2005019186 W JP 2005019186W WO 2006043585 A1 WO2006043585 A1 WO 2006043585A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
regular
balance
combination
deposit
Prior art date
Application number
PCT/JP2005/019186
Other languages
French (fr)
Japanese (ja)
Inventor
Makoto Tsuyuzaki
Original Assignee
Makoto Tsuyuzaki
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Makoto Tsuyuzaki filed Critical Makoto Tsuyuzaki
Publication of WO2006043585A1 publication Critical patent/WO2006043585A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/202Depositing operations within ATMs
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/207Surveillance aspects at ATMs
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/211Software architecture within ATMs or in relation to the ATM network

Definitions

  • a combination of a plurality of identifiers such as an ID and a password is used to access specific data or acquire specific data, and according to the data, product purchase, deposit withdrawal and other processing are possible. Is related to the system.
  • Authentication systems that use passwords, such as bank cash cards, credit cards, and computer logins, verify the identity by a combination of user ID (ID) and password (password), and withdraw cash. Is authenticating. In such a system, in many cases, authentication is not performed if the ID or password is different, and erroneous input and illegal input are dealt with by stopping the execution of the processing (Japanese Patent Laid-Open No. 2003-23488, (See paragraph 0106, Figure 10).
  • one password is usually set for one ID.
  • Japanese Patent Laid-Open No. 2002-32279 although there are those that set multiple IDs for each user according to the course of use, one user has multiple passwords for the same object, V, even if a misplaced password is used, it is processed (not excluded!), There is no one! ,.
  • the present invention allows a plurality of settings (for example, a password) among a combination of identifiers for authentication, and the other (for example, a cash card)
  • a user's profile card can be easily accepted as a dummy number and a password that can be easily inferred (without eliminating errors).
  • the user of the dummy number is given the authority of the legitimate user by allowing the legitimate user to perform a process that gives a profit limited to the profit that the legitimate user should receive, or making an emergency call. It is intended to protect the property and avoid the danger of the owner's life.
  • the first invention relates to an authentication processing system that acquires individual data by a combination of a plurality of identifiers set for each individual and executes processing based on the acquired data. Then, as the individual data, normal data based on normal content and other data different from the normal data are provided, and a normal combination capable of acquiring normal data and other data are acquired as a combination of the plurality of identifiers. If an illegal combination is used, the execution process based on the regular data is performed.If the illegal combination is used, the execution process based on other data is performed. It is characterized by being possible.
  • the "combination of a plurality of identifiers" includes the same kind of combination such as two passwords that are not only a different kind of combination such as an ID and a password.
  • “Individual data” is data that can be obtained or accessed by a combination of a plurality of identifiers, and is mainly assumed to be data related to the property owned by the person to be authenticated (customer, user). This includes, for example, deposit account balance data and online stock trading holdings data.
  • regular data is data that directly represents the contents of individual data (such as deposit balance), and “other data” is so-called dummy data that does not represent the contents of individual data. .
  • Other data may be determined in advance regardless of the content of the individual data, or may be set based on the content of the individual data. Taking a deposit account as an example, for example, regular data is actual deposit balance data, and other data includes deposit balance 0 data.
  • execution process based on regular data is a normal process, and for example, cash can be withdrawn by inputting a cash card and a personal identification number.
  • the “execution process based on other data” is not an ordinary process, but is an execution process that does not involve exclusion such as the process being interrupted or stopped due to the use of an illegal combination. Should be a process that gives a limited profit and authority rather than a profit and authority that the certifier should receive in the execution process based on regular data. For example, the operation itself involves handling errors, not accepting it, but making sure that the deposit balance is zero and cash cannot be withdrawn, or that only a small amount can be withdrawn.
  • a combination of a plurality of identifiers is an illegal combination
  • a process not based on regular data is executed, and a limited benefit is given to a specific user, for example, an unauthorized user. It is possible to give only authority.
  • illegal combinations themselves are not excluded, for example, if an illegal combination is presented when dealing with threats, personal risks can be avoided with minimal loss.
  • an authentication processing system that acquires individual data by a combination of a plurality of identifiers set for each individual, and executes processing based on the acquired data.
  • Processing means that can create force data that can be modified to normal data based on the contents of the Possible illegal combinations are set, execution processing based on regular data is performed when regular combinations are used, and execution processing based on machining data is possible when illegal combinations are used It is characterized by that.
  • the present invention has a function of processing data based on regular data.
  • a processing method of the processing means for example, when the regular data is a numerical value, a predetermined calculation process can be performed to obtain the cache data. According to the present invention, it is possible to provide appropriate dummy data according to the contents of data.
  • the plurality of identifiers are: D and password, which are a combination of a regular ID and a regular password as a regular combination, and a combination of a regular ID and a parallel password as an illegal combination.
  • the present invention limits the types of identifiers.
  • the fourth invention relates to an automatic cash payment system in which deposit and savings account data is accessed by an authentication number recorded on a record carrier and an externally entered personal identification number, and cash can be paid and dispensed within the range of the deposit and savings balance. Then, as savings and savings account data of the savings and savings, regular balance data based on the regular deposit and saving amount and limit balance data set to an amount lower than the regular balance data are provided, and the regular balance data is accessed as the PIN. Provide a valid PIN and a parallel PIN that can access the restricted balance data. If a regular record carrier and a regular PIN are used, the cash is paid based on the balance of the regular balance data. When a regular record carrier and a parallel PIN are used, cash can be paid and taken out based on the balance of the restricted balance data.
  • the present invention is limited to an automatic cash payment system as an authentication processing system, and corresponds to the first invention.
  • the “record carrier” includes a magnetic card such as a cash card or a credit card.
  • a number that can be easily estimated as a parallel password is registered as a parallel password, and even if the cash card is stolen, the parallel password can be easily used to minimize the number. It can be done with damage.
  • the fifth aspect of the invention is a system for automatic cash payment that allows access to deposit and savings account data by using an authentication number recorded on a record carrier and an externally entered personal identification number, and pays and issues cash within the range of the deposit and savings balance.
  • the processing unit is provided with processing means capable of creating processing balance data that has been processed into an amount that is lower than the amount of the regular balance data by modifying the regular balance data based on the regular deposit and savings amount of the depositor. If a regular record carrier and regular PIN are used, a regular PIN that can access regular balance data and a parallel PIN that can access processed balance data are provided. Based on The cash can be paid out based on the balance of the processed balance data processed by the above-mentioned manufacturing method when the cash is paid out and the regular record carrier and the parallel password are used. And
  • the present invention is limited to an automatic cash payment system as an authentication processing system, and corresponds to the second invention.
  • the present invention is configured as described above, when an unauthorized user uses an unauthorized combination for authentication, processing different from when an authorized combination for authentication is used. To protect the authority and property of legitimate users and thus avoid the danger of the owner's life.
  • FIG. 1 is a block diagram showing an outline of an automatic cash payment system according to an embodiment of the present invention.
  • FIG. 2 is a flowchart showing an outline of the operation of the automatic cash payment apparatus according to the embodiment of the present invention.
  • FIG. 3 is a block diagram showing another example of the automatic cash payment system according to the embodiment of the present invention.
  • Fig. 1 is a block diagram showing the outline of the automatic cash payment system
  • Fig. 2 is a flowchart showing the outline of the operation of the automatic cash payment apparatus
  • Fig. 3 is a block diagram showing another example of the automatic cash payment system.
  • the automatic cash payment system is a host computer by inserting a cash card or credit card and inputting a password from an automatic cash payment apparatus 1 such as ATM or CD.
  • the deposit management device 2 can access the V, deposit balance data, and withdraw cash from the deposit account. It is what.
  • the deposit management device 2 is for managing deposits and withdrawals for each deposit account. As shown in FIG. 1, at least an ID set for each customer and a plurality of PINs determined by the customer ( And a table that stores deposit balance data provided corresponding to each PIN.
  • one password indicated by “PW1” is a regular password, and constitutes a regular combination by combination with an ID.
  • the other personal identification number indicated by “PW2” is a parallel personal identification number, and constitutes an illegal combination by combination with the ID. This corresponds to limit balance data set in advance so that the deposit balance becomes lower than the regular deposit content.
  • the restricted balance data for example, “0” or “5000” can be set.
  • the limit balance may be set to an amount desired by the customer. It is also possible to set multiple parallel PINs and make them correspond to multiple restricted balance data.
  • the deposit balance data is appropriately rewritten according to the withdrawal and deposit of the deposit. Of these, it is natural that the regular balance data is rewritten, but the restricted balance data can be kept unchanged. Alternatively, the limited balance data may be rewritten only when a deposit is withdrawn using “PW2”.
  • the automatic teller machine 1 has an external input unit 10, a process determination unit 20, and a process execution unit 30.
  • the automatic cash payment apparatus 1 may have a configuration other than the above.
  • the external input unit 10 is an operation unit that can input a combination of identifiers for authentication, and includes a card slot 11 and a numeric input unit 12 force. When a cash card or credit card is inserted into the card slot 11, the ID recorded on them is read out.
  • the number input unit 12 is a numeric keypad or a liquid crystal touch panel, and can input a password. . The number input unit 12 can also input the amount to be paid out and other necessary items numerically.
  • the process determination unit 20 is for determining a process based on the input authentication number, and includes a determination unit 21 and an output unit 22.
  • the determination unit 21 determines the validity of the ID read from the card and the entered PIN, determines which deposit balance data of the deposit management device 2 is accessed, and applies the corresponding deposit Balance data is acquired.
  • the output unit 22 outputs the acquired deposit balance data to the processing execution unit 30 based on the determination of the determination unit 21, and outputs the cash withdrawal processing information from the processing execution unit 30 to the deposit management device 2. It is.
  • the processing execution unit 30 is for causing processing related to cash payout and other processing based on the determination of the processing determination unit 20, and includes at least an image display processing unit 31, a cash payout processing unit 32, and an emergency call processing unit. 33.
  • the processing execution unit 30 may have a configuration other than the above.
  • the image display processing unit 31 is for displaying an image relating to payout such as a deposit balance and an input screen on a liquid crystal screen or the like.
  • the cash withdrawal processing unit 32 performs processing for cash withdrawal based on the acquired deposit balance data. Specifically, the cash withdrawal processing unit 32 performs cash withdrawal processing within the range of the deposit balance data amount, and if the input withdrawal amount is larger than the deposit balance data, the cash withdrawal processing unit 32 performs the withdrawal. Instead, the image display processing unit 31 displays a predetermined display. When the cash payout process is performed, the payout amount data is output to the deposit management device 2 and the deposit balance data is rewritten.
  • the emergency call processing unit 33 is for making a predetermined report to a police, a security company, a financial institution or the like in a given case.
  • the predetermined case can be a case where a parallel password is used, but whether or not to report in this case should be made when the customer wants to set the notification in advance. Can do. Also, if you receive a predetermined report, you can identify the user of the parallel PIN with a surveillance camera, or use the card after that. You can take action to disable it.
  • step 100 when a card is inserted into the card slot 11, it is determined in step 100 whether or not the ID is authenticated. That is, it is determined whether or not the ID of the registered customer is registered. If the ID is not registered, predetermined error processing such as returning a card is performed. If ID is authenticated, go to the next step 101.
  • step 101 it is determined whether or not a password has been entered. If no password is entered, the process returns to step 101. If the security code is entered, go to the next step 102.
  • step 102 it is determined whether or not the input is a regular password. If it is a regular password, go to the next step 103.
  • step 103 it is determined whether or not there is a balance display instruction (for example, operation of a balance inquiry button). If there is a balance display instruction, the process proceeds to the next step 104.
  • a balance display instruction for example, operation of a balance inquiry button.
  • step 104 the regular balance is displayed. For example, if the deposit balance is 100,000 yen, 100,000 yen is displayed. Then go to step 108. If there is no balance display instruction in step 103, the process proceeds to step 108.
  • step 102 If it is determined in step 102 that the entered password is not a regular password, the process proceeds to step 105.
  • step 105 it is determined whether or not the input is a parallel password. If it is not a parallel security code, the process proceeds to step 111 to perform error handling as an input error. If it is a parallel PIN, go to the next step 106.
  • step 106 it is determined whether there is a balance display instruction. If there is a balance display instruction, the process proceeds to the next step 107.
  • step 107 a correction screen is displayed. That is, the amount of restricted balance data corresponding to the parallel password is displayed. For example, even if the deposit balance is 100,000 yen, a preset amount such as “0 yen” or “5,000 yen” is displayed. Then the next step 108 Proceed to If there is no balance display instruction in step 106, the process proceeds to step 108.
  • step 108 it is determined whether or not a payout amount has been input. If there is no input of the amount to be paid out, the cash-out process is terminated on condition of “cancel” or “end” instruction (button operation, etc.). If a payout amount has been entered, proceed to the next step 109.
  • step 109 it is determined whether or not the input value is within the deposit balance range.
  • automatic cash payment device 1 recognizes as “deposit balance”, and if the regular PIN is used, it is the amount of regular balance data (in the above example, 100,000 yen). Yes, if a parallel PIN is used, it is the amount of limit balance data (0 yen or 5,000 yen in the above example). If the input value exceeds the deposit balance, a message indicating that the deposit balance is insufficient is displayed and error processing is performed.
  • step 110 a cash payout process is performed according to the input value of the payout instruction. And cash-out processing is ended.
  • the payout amount data is output to the deposit management apparatus 2, and the deposit balance data is rewritten accordingly.
  • the regular balance data will be 97,000 yen, which is subtracted 3,000 yen from 100,000 yen (considering fees, etc.).
  • 3,000 yen is withdrawn using a parallel password, there are the following two processing methods.
  • the normal balance data is 97,000 yen, which is a deduction of 3,000 yen from the 100,000 yen force, and the remaining limit data (5,000 yen) can be left unchanged.
  • the other is that the regular balance data is ⁇ 97,000, which is subtracted ⁇ 3,000 from ⁇ 100,000, and the restricted balance data is ⁇ 2,000, which is subtracted ⁇ 3,000 from ⁇ 5,000. According to the latter, the balance of the payment statement is displayed and the balance when the next cash is withdrawn is 2,000 yen, and since there is reality, it is difficult to detect dummy data with a parallel PIN. There are advantages. [0026] Furthermore, if the emergency notification is set to be used when the parallel password is used, the emergency notification process is performed simultaneously with the cash payout process.
  • a parallel PIN a number that can be used to estimate the profile power, such as the date of birth, address, and telephone number of a legitimate account holder, is set, and in the unlikely event that the cash card is against the owner's will ( Even if it is in the hands of others, the use of the card and the parallel PIN number will display a false deposit balance and can only withdraw cash less than that amount. Damage can be minimized. This is especially useful if your life is dangerous if you are threatened and don't give your real PIN. Also, not only in such a troubled situation, for example, a parallel PIN is provided for children, and limit balance data is set to 5,000 yen or 10,000 yen so that the child cannot withdraw a large amount of cash. It can be used for educational purposes.
  • predetermined limit balance data is stored as deposit balance data, and the limit balance data can be accessed by using a card and a parallel password, but the deposit balance data Stores only the regular balance data, and when the card and parallel PIN are used, the regular balance data is processed as appropriate so that payment and withdrawal processing can be performed based on the processed balance data. Oh, it is a thing.
  • the deposit management device 2 stores an ID, a plurality of passwords, and regular balance data.
  • the processing determination unit 20 of the automatic cash payment apparatus 1 is provided with a processing unit 23.
  • the processing unit 23 is used to create processing balance data by modifying the acquired deposit balance data (regular balance data) when using a parallel password.
  • the process execution unit 30 performs the image display process and the cash payout process based on the processed balance data!
  • the processing unit 23 creates the processed balance data by performing a predetermined calculation based on the regular balance data so that the amount is lower than the regular balance. For example, 1% of the amount of regular balance data is used as processed balance data (regular balance X O. 01), and the amount less than the regular balance data by a fixed amount (n yen) is used as processed balance data (regular balance data).
  • the normal balance data may be processed by the deposit management device 2.
  • a processing unit is provided in the deposit management device 2, and the processing judgment unit 20 of the automatic cash payment device 1 outputs a data processing request signal to the deposit management device 2 when the parallel password is used, and based on this. If the processing unit of the deposit management device 2 processes the regular balance data, and the processing determination unit 20 acquires the processed balance data.
  • the emergency call processing unit 33 is provided in the cash automatic payment apparatus 1, but the installation location of the emergency call processing unit 33 is not limited to this. It may be provided in the computer.
  • any of these modes may be used alone, or a plurality of modes may be used in combination.
  • the present invention can be applied to other than the automatic cash payment system.
  • the regular data can be accessed with a combination of the regular ID and the regular password.
  • a combination of a regular ID and a parallel password can be used to access dummy data.
  • the present invention can be used in an automatic cash payment system. It can also be used in online banking that does not use physical media such as cash cards, and in computer network systems that can access specific data using IDs and passwords.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The rights and properties of authenticated users are protected even if combinations of authentication identifiers comes usable by other persons against the users, and the danger of lives of the possessors can be avoided. As combinations of identifiers, a normal combination for acquiring normal data and a false combination for acquiring other data than the normal data are determined. The post-processing contents of when the normal combination is used is different from those of when the false combination is used.

Description

明 細 書  Specification
認証処理システム  Authentication processing system
技術分野  Technical field
[0001] この発明は、 IDとパスワードなどの、複数の識別子の組み合わせにより特定のデー タにアクセス又は特定のデータを取得し、そのデータに従って、商品購入、預金の引 き出しその他の処理が可能なシステムに関するものである。  [0001] In the present invention, a combination of a plurality of identifiers such as an ID and a password is used to access specific data or acquire specific data, and according to the data, product purchase, deposit withdrawal and other processing are possible. Is related to the system.
背景技術  Background art
[0002] 銀行のキャッシュカードやクレジットカード、コンピュータへのログインなど、暗証を利 用する認証システムでは、利用者番号 (ID)や暗証番号 (パスワード)の組み合わせ により本人確認を行い、キャッシュの引き出しなどを認証している。このようなシステム においては、多くの場合、 IDやパスワードが違えば認証されず、誤入力、不正入力 に関しては、処理の実行を停止することで対処している(特開 2003— 23488号公報 、段落 0106、図 10参照)。  [0002] Authentication systems that use passwords, such as bank cash cards, credit cards, and computer logins, verify the identity by a combination of user ID (ID) and password (password), and withdraw cash. Is authenticating. In such a system, in many cases, authentication is not performed if the ID or password is different, and erroneous input and illegal input are dealt with by stopping the execution of the processing (Japanese Patent Laid-Open No. 2003-23488, (See paragraph 0106, Figure 10).
このため、 IDやパスワードが違えば認証されず、個人の財産や個人情報を保護で きる反面、 IDとパスワードさえ一致すれば、本人以外であっても認証されてしまうとい う欠点がある。例えば、キャッシュカードを盗まれた場合、暗証番号を解読 (生年月日 などカゝら類推)され預金を引き出されることもある。また、近年は凶悪犯罪も増加して おり、強盗に脅迫されて正し 、暗証番号 (入力してもエラーにならな 、)を教えな 、と 命が危な 、と 、う場合もありうる。  For this reason, if the ID and password are different, authentication is not possible, and personal property and personal information can be protected. However, if only the ID and password match, there is a drawback that even if the ID and password are not matched, authentication is possible even for anyone other than the person. For example, if a cash card is stolen, the PIN may be decrypted (by analogy such as date of birth) and a deposit may be withdrawn. In recent years, the number of violent crimes has increased, and it is possible that the threat of a robber will correct you and give you a password (you will not get an error even if you enter it).
[0003] 一方、従来のシステムでは、通常ひとつの IDに対して一つのパスワードが設定され ている。特開 2002— 32279号公報のように、利用コースに応じてユーザ一一人に対 して複数の IDを設定するものはあるものの、一人のユーザーが同一対象について複 数のパスワードを有し、 V、ずれのパスワードを用いても処理 (排除でな!、)がなされる t 、つたものは存在しな!、。  On the other hand, in conventional systems, one password is usually set for one ID. As described in Japanese Patent Laid-Open No. 2002-32279, although there are those that set multiple IDs for each user according to the course of use, one user has multiple passwords for the same object, V, even if a misplaced password is used, it is processed (not excluded!), There is no one! ,.
発明の開示  Disclosure of the invention
[0004] そこで、本願発明は、認証のための識別子の組み合わせのうち、一方 (例えば暗証 番号)について複数の設定を認め、他方 (例えばキャッシュカード)が所有者の意に 反して他人の手に渡った場合でも、例えば利用者のプロフィールカゝら容易に類推可 能なノ スワードや暗証番号をダミー番号としてわざと積極的に受けいれ (エラー排除 せず)、その代わりに、ダミー番号の使用者には、認証により正当な利用者が本来受 けるべき利益よりも制限された利益を与える処理を行わせたり、非常通報などを行うこ とにより、正当な利用者の権限、財産等を保護し、ひいては所有者の生命の危険も 回避しょうとするものである。 [0004] Therefore, the present invention allows a plurality of settings (for example, a password) among a combination of identifiers for authentication, and the other (for example, a cash card) On the other hand, even if it goes into the hands of others, for example, a user's profile card can be easily accepted as a dummy number and a password that can be easily inferred (without eliminating errors). The user of the dummy number is given the authority of the legitimate user by allowing the legitimate user to perform a process that gives a profit limited to the profit that the legitimate user should receive, or making an emergency call. It is intended to protect the property and avoid the danger of the owner's life.
[0005] 下記の各発明は、上記した目的を達成するためになされたものである。  [0005] The following inventions have been made to achieve the above-described object.
(第 1の発明)  (First invention)
第 1の発明は、個人毎に設定された複数の識別子の組み合わせによって個別デー タを取得し、当該取得したデータに基づ 、て処理を実行する認証処理システムに係 る。そして、前記個別データとして、正規の内容に基づく正規データと、正規データと は異なる他のデータを設け、前記複数の識別子の組み合わせとして、正規データを 取得可能な正規組み合わせと、他のデータを取得可能な不正組み合わせとを設け、 正規組み合わせが使用された場合には、正規データに基づ 、た実行処理を行 ヽ、 不正組み合わせが使用された場合には、他のデータに基づいた実行処理を可能と したことを特徴とする。  The first invention relates to an authentication processing system that acquires individual data by a combination of a plurality of identifiers set for each individual and executes processing based on the acquired data. Then, as the individual data, normal data based on normal content and other data different from the normal data are provided, and a normal combination capable of acquiring normal data and other data are acquired as a combination of the plurality of identifiers. If an illegal combination is used, the execution process based on the regular data is performed.If the illegal combination is used, the execution process based on other data is performed. It is characterized by being possible.
[0006] ここで、「複数の識別子の組み合わせ」とは、 IDと暗証番号のような異種組み合わ せだけでなぐ二つのパスワードのような同種組み合わせも含む。また、「個別データ 」とは、前記複数の識別子の組み合わせにより取得又はアクセス可能なデータであつ て、主として、認証を受ける者 (顧客、ユーザー)が所有する財産に関するデータを想 定している。例えば預金口座の残高データや、オンライン株取引の持ち株データな どを含む。  [0006] Here, the "combination of a plurality of identifiers" includes the same kind of combination such as two passwords that are not only a different kind of combination such as an ID and a password. “Individual data” is data that can be obtained or accessed by a combination of a plurality of identifiers, and is mainly assumed to be data related to the property owned by the person to be authenticated (customer, user). This includes, for example, deposit account balance data and online stock trading holdings data.
またここで、「正規データ」とは、個別データの内容 (預金残高など)をそのまま表す データであって、「他のデータ」とは、個別データの内容を表さない、いわゆるダミー データである。「他のデータ」は、個別データの内容に関わりなく予め定められていて もよいし、個別データの内容に基づいて設定されるものであってもよい。預金口座を 例にすると、例えば正規データが現実の預金残高データで、他のデータは預金残高 0のデータとすることを含む。 [0007] さらに、「正規データに基づいた実行処理」とは、通常の処理のことであって、例え ばキャッシュカードと暗証番号の入力で現金の引き出しができるといったものである。 一方、「他のデータに基づいた実行処理」とは、通常の処理ではないが、不正組み合 わせの使用そのものによって処理が中断、中止されるなどの排除を伴わない実行処 理であり、好ましくは、正規データに基づいた実行処理で認証者が受けるべき利益、 権限よりも、制限された利益、権限を与える処理とするのがよい。例えば操作そのも のはエラー扱 、とせず受け入れるが預金残高がゼロで現金を引き出せな 、ようにす るとか、少額しか引き出せないようにすることを含む。 Here, “regular data” is data that directly represents the contents of individual data (such as deposit balance), and “other data” is so-called dummy data that does not represent the contents of individual data. . “Other data” may be determined in advance regardless of the content of the individual data, or may be set based on the content of the individual data. Taking a deposit account as an example, for example, regular data is actual deposit balance data, and other data includes deposit balance 0 data. Furthermore, “execution process based on regular data” is a normal process, and for example, cash can be withdrawn by inputting a cash card and a personal identification number. On the other hand, the “execution process based on other data” is not an ordinary process, but is an execution process that does not involve exclusion such as the process being interrupted or stopped due to the use of an illegal combination. Should be a process that gives a limited profit and authority rather than a profit and authority that the certifier should receive in the execution process based on regular data. For example, the operation itself involves handling errors, not accepting it, but making sure that the deposit balance is zero and cash cannot be withdrawn, or that only a small amount can be withdrawn.
[0008] 本発明によれば、複数の識別子の組み合わせが不正組み合わせの場合には、正 規のデータに基づかない処理が実行され、特定の利用者、例えば不正利用者には、 制限された利益、権限しか与えないことが可能である。また、不正組み合わせそのも のが排除される訳ではな 、ので、例えば脅迫などに対処する場合に不正組み合わ せを提示すれば、最低限の損失で身の危険を回避できる。 [0008] According to the present invention, when a combination of a plurality of identifiers is an illegal combination, a process not based on regular data is executed, and a limited benefit is given to a specific user, for example, an unauthorized user. It is possible to give only authority. In addition, since illegal combinations themselves are not excluded, for example, if an illegal combination is presented when dealing with threats, personal risks can be avoided with minimal loss.
(第 2の発明)  (Second invention)
第 2の発明は、個人毎に設定された複数の識別子の組み合わせによって個別デー タを取得し、当該取得したデータに基づ 、て処理を実行する認証処理システムにお いて、前記個別データの正規の内容に基づく正規データに改変をカ卩えた力卩ェデ一 タを作成可能な加工手段を備え、前記複数の識別子の組み合わせとして、正規デー タを取得可能な正規組み合わせと、加工データを取得可能な不正組み合わせとを設 け、正規組み合わせが使用された場合には、正規データに基づいた実行処理を行 い、不正組み合わせが使用された場合には、加工データに基づいた実行処理を可 能としたことを特徴とする。  According to a second aspect of the present invention, there is provided an authentication processing system that acquires individual data by a combination of a plurality of identifiers set for each individual, and executes processing based on the acquired data. Processing means that can create force data that can be modified to normal data based on the contents of the Possible illegal combinations are set, execution processing based on regular data is performed when regular combinations are used, and execution processing based on machining data is possible when illegal combinations are used It is characterized by that.
[0009] 本発明は、正規データを基にデータを加工する機能を持たせたものである。加工 手段の加工方法としては、例えば正規データが数値の場合には所定の演算処理を 施してカ卩ェデータを取得することができる。本発明によれば、データの内容に応じて 適切なダミーデータを提供することができる。 The present invention has a function of processing data based on regular data. As a processing method of the processing means, for example, when the regular data is a numerical value, a predetermined calculation process can be performed to obtain the cache data. According to the present invention, it is possible to provide appropriate dummy data according to the contents of data.
(第 3の発明)  (Third invention)
第 3の発明は、上記第 1又は第 2の発明の特徴点に加え、前記複数の識別子は、 I Dとパスワードであり、正規組み合わせとして、正規 IDと正規パスワードの組み合わ せ、不正組み合わせとして、正規 IDと並列パスワードの組み合わせを設けたことを特 徴とする。 In a third invention, in addition to the features of the first or second invention, the plurality of identifiers are: D and password, which are a combination of a regular ID and a regular password as a regular combination, and a combination of a regular ID and a parallel password as an illegal combination.
[0010] 本発明は、複数の識別子の種類を限定したものである。  [0010] The present invention limits the types of identifiers.
(第 4の発明)  (Fourth invention)
第 4の発明は、記録担体に記録された認証番号と外部入力される暗証番号により 預貯金口座データにアクセスし、預貯金残高範囲内で現金を払 、出し可能な現金 自動払いシステムに係る。そして、預貯金者の預貯金口座データとして、正規の預貯 金額に基づく正規残高データと、正規残高データよりも低い金額に設定された制限 残高データとを設け、前記暗証番号として、正規残高データにアクセス可能な正規 暗証番号と、制限残高データにアクセス可能な並列暗証番号とを設け、正規の記録 担体と正規暗証番号が使用された場合には、正規残高データの残高に基づいて現 金を払い出し、正規の記録担体と並列暗証番号が使用された場合には、制限残高 データの残高に基づ!/、て現金の払 、出しを可能としたことを特徴とする。  The fourth invention relates to an automatic cash payment system in which deposit and savings account data is accessed by an authentication number recorded on a record carrier and an externally entered personal identification number, and cash can be paid and dispensed within the range of the deposit and savings balance. Then, as savings and savings account data of the savings and savings, regular balance data based on the regular deposit and saving amount and limit balance data set to an amount lower than the regular balance data are provided, and the regular balance data is accessed as the PIN. Provide a valid PIN and a parallel PIN that can access the restricted balance data. If a regular record carrier and a regular PIN are used, the cash is paid based on the balance of the regular balance data. When a regular record carrier and a parallel PIN are used, cash can be paid and taken out based on the balance of the restricted balance data.
[0011] 本発明は、認証処理システムとして、現金自動払いシステムに限定したものであり、 第 1の発明に対応するものである。ここで、「記録担体」とは、キャッシュカード、クレジ ットカードなどの磁気カードを含む。 The present invention is limited to an automatic cash payment system as an authentication processing system, and corresponds to the first invention. Here, the “record carrier” includes a magnetic card such as a cash card or a credit card.
本発明によれば、例えば並列暗証番号として、利用者のプロフィール力 容易に類 推できる番号を登録しておき、キャッシュカードが盗難にあった場合でも並列暗証番 号を容易に使用させて最低限の被害で済ませることができる。  According to the present invention, for example, a number that can be easily estimated as a parallel password is registered as a parallel password, and even if the cash card is stolen, the parallel password can be easily used to minimize the number. It can be done with damage.
(第 5の発明)  (Fifth invention)
第 5の発明は、記録担体に記録された認証番号と外部入力される暗証番号により 預貯金口座データにアクセスし、預貯金残高範囲内で現金を払 、出し可能な現金 自動払!、システムであって、預貯金者の正規の預貯金額に基づく正規残高データに 改変を加えて、正規残高データの金額よりも低!ヽ金額に加工された加工残高データ を作成可能な加工手段を備え、前記暗証番号として、正規残高データにアクセス可 能な正規暗証番号と、加工残高データにアクセス可能な並列暗証番号とを設け、正 規の記録担体と正規暗証番号が使用された場合には、正規残高データの残高に基 づいて現金を払い出し、正規の記録担体と並列暗証番号が使用された場合には、前 記カ卩工手段により加工された加工残高データの残高に基づいて現金の払い出しを 可能としたことを特徴とする。 The fifth aspect of the invention is a system for automatic cash payment that allows access to deposit and savings account data by using an authentication number recorded on a record carrier and an externally entered personal identification number, and pays and issues cash within the range of the deposit and savings balance. The processing unit is provided with processing means capable of creating processing balance data that has been processed into an amount that is lower than the amount of the regular balance data by modifying the regular balance data based on the regular deposit and savings amount of the depositor. If a regular record carrier and regular PIN are used, a regular PIN that can access regular balance data and a parallel PIN that can access processed balance data are provided. Based on The cash can be paid out based on the balance of the processed balance data processed by the above-mentioned manufacturing method when the cash is paid out and the regular record carrier and the parallel password are used. And
[0012] 本発明は、認証処理システムとして、現金自動払いシステムに限定したものであり、 第 2の発明に対応するものである。  [0012] The present invention is limited to an automatic cash payment system as an authentication processing system, and corresponds to the second invention.
[0013] 本願発明は、以上のように構成されているので、不正使用者が認証のための不正 組み合わせを使用した場合には、認証のための正規な組み合わせが使用された場 合と異なる処理を行い、正当な利用者の権限、財産等を保護し、ひいては所有者の 生命の危険ち回避することができる。 [0013] Since the present invention is configured as described above, when an unauthorized user uses an unauthorized combination for authentication, processing different from when an authorized combination for authentication is used. To protect the authority and property of legitimate users and thus avoid the danger of the owner's life.
図面の簡単な説明  Brief Description of Drawings
[0014] [図 1]本発明の実施の形態であって、現金自動払いシステムの概略を示すブロック図 である。  FIG. 1 is a block diagram showing an outline of an automatic cash payment system according to an embodiment of the present invention.
[図 2]本発明の実施の形態であって、現金自動払い装置の作動の概略を示す流れ 図である。  FIG. 2 is a flowchart showing an outline of the operation of the automatic cash payment apparatus according to the embodiment of the present invention.
[図 3]本発明の実施の形態であって、現金自動払 、システムの他の例を示すブロック 図である。  FIG. 3 is a block diagram showing another example of the automatic cash payment system according to the embodiment of the present invention.
発明を実施するための最良の形態  BEST MODE FOR CARRYING OUT THE INVENTION
[0015] 本発明の好適な実施の形態を、現金自動払 ヽシステムを例に、図面に基づき説明 する。 A preferred embodiment of the present invention will be described with reference to the drawings, taking an automatic cash payment system as an example.
(図面の説明)  (Explanation of drawings)
図 1乃至図 3は、本発明の実施の形態を示すものである。  1 to 3 show an embodiment of the present invention.
図 1は現金自動払いシステムの概略を示すブロック図、図 2は現金自動払い装置の 作動の概略を示す流れ図、図 3は現金自動払いシステムの他の例を示すブロック図 である。  Fig. 1 is a block diagram showing the outline of the automatic cash payment system, Fig. 2 is a flowchart showing the outline of the operation of the automatic cash payment apparatus, and Fig. 3 is a block diagram showing another example of the automatic cash payment system.
本実施の形態における現金自動払いシステムは、図 1に示すように、 ATMや CDな どの現金自動払い装置 1から、キャッシュカード又はクレジットカードの投入及び暗証 番号の入力をすることによりにより、ホストコンピュータの預金管理装置 2が保持して V、る預金残高データにアクセスし、預金口座力 の現金引き出しができるようになつ ているものである。 As shown in FIG. 1, the automatic cash payment system according to the present embodiment is a host computer by inserting a cash card or credit card and inputting a password from an automatic cash payment apparatus 1 such as ATM or CD. The deposit management device 2 can access the V, deposit balance data, and withdraw cash from the deposit account. It is what.
[0016] (預金管理装置 2)  [0016] (Deposit Management Device 2)
預金管理装置 2は、預金口座ごとの出入金を管理するためのものであり、図 1に示 すように、少なくとも、顧客ごとに設定された IDと、顧客により決定された複数の暗証 番号(図中 PWで示す)、及び各暗証番号に対応して設けられた預金残高データを 記憶したテーブルを有して 、る。  The deposit management device 2 is for managing deposits and withdrawals for each deposit account. As shown in FIG. 1, at least an ID set for each customer and a plurality of PINs determined by the customer ( And a table that stores deposit balance data provided corresponding to each PIN.
ここで、複数の暗証番号のうち、「PW1」で示す一の暗証番号は、正規暗証番号で あって、 IDとの組み合わせにより正規組み合わせを構成する。そしてこれは、正規の 預金内容を表す正規残高データに対応している。一方、「PW2」で示す他の暗証番 号は、並列暗証番号であって、 IDとの組み合わせにより不正組み合わせを構成する 。そしてこれは、正規の預金内容よりも預金残高が低くなるよう予め設定された制限 残高データに対応している。  Here, among the plurality of passwords, one password indicated by “PW1” is a regular password, and constitutes a regular combination by combination with an ID. This corresponds to regular balance data representing regular deposit details. On the other hand, the other personal identification number indicated by “PW2” is a parallel personal identification number, and constitutes an illegal combination by combination with the ID. This corresponds to limit balance data set in advance so that the deposit balance becomes lower than the regular deposit content.
[0017] 制限残高データとしては、例えば「0」や「5000」に設定することができる。また、制 限残高を顧客の希望する金額に設定できるようにしてもよい。なお、並列暗証番号を 複数設定し、複数の制限残高データと対応させるようにしてもょ ヽ。 As the restricted balance data, for example, “0” or “5000” can be set. In addition, the limit balance may be set to an amount desired by the customer. It is also possible to set multiple parallel PINs and make them correspond to multiple restricted balance data.
預金残高データは、預金の引き出し、入金に応じて適宜書き換えられる。このうち、 正規残高データが書き換えられるのは当然であるが、制限残高データは変更されな いようにすることができる。あるいは、「PW2」を用いて預金の引き出しが行われた場 合に限り、制限残高データが書き換えられるようにしてもよい。  The deposit balance data is appropriately rewritten according to the withdrawal and deposit of the deposit. Of these, it is natural that the regular balance data is rewritten, but the restricted balance data can be kept unchanged. Alternatively, the limited balance data may be rewritten only when a deposit is withdrawn using “PW2”.
(現金自動払い装置 1)  (Cash automatic payment device 1)
現金自動払い装置 1は、図 1に示すように、外部入力部 10、処理判定部 20、処理実 行部 30を有している。なお、現金自動払い装置 1としては、上記以外の構成を有して いても構わない。  As shown in FIG. 1, the automatic teller machine 1 has an external input unit 10, a process determination unit 20, and a process execution unit 30. The automatic cash payment apparatus 1 may have a configuration other than the above.
[0018] (外部入力部 10) [0018] (External input unit 10)
外部入力部 10は、認証のための識別子の組み合わせを入力可能な操作部であり、 カード揷入口 11と数字入力部 12力も成る。そして、カード揷入口 11にキャッシュカード やクレジットカードを挿入すると、それらに記録された IDが読み出される。また数字入 力部 12は、テンキーや液晶タツチパネルであって、暗証番号を入力することができる 。なお、数字入力部 12は、払い出し金額その他必要項目を数字で入力することもで きる。 The external input unit 10 is an operation unit that can input a combination of identifiers for authentication, and includes a card slot 11 and a numeric input unit 12 force. When a cash card or credit card is inserted into the card slot 11, the ID recorded on them is read out. The number input unit 12 is a numeric keypad or a liquid crystal touch panel, and can input a password. . The number input unit 12 can also input the amount to be paid out and other necessary items numerically.
(処理判定部 20)  (Processing judgment unit 20)
処理判定部 20は、入力された認証番号に基づ!/、て処理を決定するためのものであ り、判定部 21及び出力部 22を備える。判定部 21は、カードから読み出された IDと、入 力された暗証番号の有効性を判定し、預金管理装置 2のどの預金残高データにァク セスするかを決定するとともに、該当する預金残高データを取得するものである。出 力部 22は、判定部 21の決定に基づき、取得した預金残高データを処理実行部 30に 出力するとともに、処理実行部 30からの現金払出処理情報を預金管理装置 2に出力 するためのものである。  The process determination unit 20 is for determining a process based on the input authentication number, and includes a determination unit 21 and an output unit 22. The determination unit 21 determines the validity of the ID read from the card and the entered PIN, determines which deposit balance data of the deposit management device 2 is accessed, and applies the corresponding deposit Balance data is acquired. The output unit 22 outputs the acquired deposit balance data to the processing execution unit 30 based on the determination of the determination unit 21, and outputs the cash withdrawal processing information from the processing execution unit 30 to the deposit management device 2. It is.
[0019] (処理実行部 30) [0019] (Processing execution unit 30)
処理実行部 30は、処理判定部 20の決定に基づき、現金払い出しに伴う処理その他 の処理を行わせるためのものであり、少なくとも、画像表示処理部 31、現金払出処理 部 32、非常通報処理部 33を有している。なお、処理実行部 30としては、上記以外の 構成を有して ヽても構わな ヽ。  The processing execution unit 30 is for causing processing related to cash payout and other processing based on the determination of the processing determination unit 20, and includes at least an image display processing unit 31, a cash payout processing unit 32, and an emergency call processing unit. 33. The processing execution unit 30 may have a configuration other than the above.
画像表示処理部 31は、液晶画面などに、預金残高や入力画面など払い出しに関 する画像を表示させるためのものである。現金払出処理部 32は、取得した預金残高 データに基づき、現金を払い出すための処理を行うものである。具体的には、現金払 出処理部 32は、預金残高データの金額の範囲内で、現金払い出し処理を行うもので あり、入力された払い出し金額が預金残高データよりも多い場合には、払い出しを行 わず、画像表示処理部 31に所定の表示をさせる。現金払い出し処理が行われた場 合には、払い出し金額データが預金管理装置 2に出力され、預金残高データが書き 換えられる。  The image display processing unit 31 is for displaying an image relating to payout such as a deposit balance and an input screen on a liquid crystal screen or the like. The cash withdrawal processing unit 32 performs processing for cash withdrawal based on the acquired deposit balance data. Specifically, the cash withdrawal processing unit 32 performs cash withdrawal processing within the range of the deposit balance data amount, and if the input withdrawal amount is larger than the deposit balance data, the cash withdrawal processing unit 32 performs the withdrawal. Instead, the image display processing unit 31 displays a predetermined display. When the cash payout process is performed, the payout amount data is output to the deposit management device 2 and the deposit balance data is rewritten.
[0020] 非常通報処理部 33は、所定の場合に、所轄の警察や警備会社、金融機関などに、 所定の通報を行うためのものである。ここで、所定の場合としては、並列暗証番号が 使用された場合とすることができるが、この場合に通報するかどうかは、顧客が予め 通報設定を希望している場合に行うようにすることができる。また、所定の通報を受け た場合、並列暗証番号の使用者を監視カメラで特定したり、それ以降カードの使用を 無効にする処置をとるなどすることができる。 [0020] The emergency call processing unit 33 is for making a predetermined report to a police, a security company, a financial institution or the like in a given case. Here, the predetermined case can be a case where a parallel password is used, but whether or not to report in this case should be made when the customer wants to set the notification in advance. Can do. Also, if you receive a predetermined report, you can identify the user of the parallel PIN with a surveillance camera, or use the card after that. You can take action to disable it.
(現金自動払い装置 1の作動の説明)  (Explanation of the operation of cash dispenser 1)
以上の構成を有する現金自動払 、装置 1につ!/、て、現金払い出しに関する作動の 一例を、図 2のフローチャートに基づき説明する。  An example of the operation relating to the automatic cash payment having the above configuration, the apparatus 1! And the cash payout will be described based on the flowchart of FIG.
[0021] まず、カード揷入口 11にカードが挿入されることにより、ステップ 100において、 ID が認証されたかどうかを判断する。すなわち、登録された顧客の IDカゝどうかを判断し 、 IDが登録されたものでない場合には、カードの返却など所定のエラー処理を行う。 I Dが認証された場合には、次のステップ 101に進む。 First, when a card is inserted into the card slot 11, it is determined in step 100 whether or not the ID is authenticated. That is, it is determined whether or not the ID of the registered customer is registered. If the ID is not registered, predetermined error processing such as returning a card is performed. If ID is authenticated, go to the next step 101.
ステップ 101において、暗証番号の入力の有無を判断する。暗証番号の入力が無 い場合には、ステップ 101に戻る。暗証番号が入力された場合には、次のステップ 1 02に進む。  In step 101, it is determined whether or not a password has been entered. If no password is entered, the process returns to step 101. If the security code is entered, go to the next step 102.
ステップ 102において、入力されたのが正規暗証番号かどうかを判断する。正規暗 証番号の場合には、次のステップ 103に進む。  In step 102, it is determined whether or not the input is a regular password. If it is a regular password, go to the next step 103.
[0022] ステップ 103において、残高表示指示 (例えば残高照会ボタンの操作)があるかどう かを判断する。残高表示指示があった場合には、次のステップ 104に進む。 [0022] In step 103, it is determined whether or not there is a balance display instruction (for example, operation of a balance inquiry button). If there is a balance display instruction, the process proceeds to the next step 104.
ステップ 104において、正規の残高が表示される。例えば、預金残高が 10万円の 場合には、 10万円の表示がされる。そしてステップ 108に進む。前記ステップ 103に おいて、残高表示指示がない場合にも、ステップ 108に進む。  In step 104, the regular balance is displayed. For example, if the deposit balance is 100,000 yen, 100,000 yen is displayed. Then go to step 108. If there is no balance display instruction in step 103, the process proceeds to step 108.
前記ステップ 102において、入力されたのが正規暗証番号でない場合には、ステツ プ 105に進む。  If it is determined in step 102 that the entered password is not a regular password, the process proceeds to step 105.
ステップ 105において、入力されたのが並列暗証番号かどうかを判断する。並列暗 証番号でない場合には、ステップ 111に進み、入力ミス扱いのエラー処理を行う。並 列暗証番号である場合には、次のステップ 106に進む。  In step 105, it is determined whether or not the input is a parallel password. If it is not a parallel security code, the process proceeds to step 111 to perform error handling as an input error. If it is a parallel PIN, go to the next step 106.
[0023] ステップ 106において、残高表示指示があるかどうかを判断する。残高表示指示が あった場合には、次のステップ 107に進む。 [0023] In step 106, it is determined whether there is a balance display instruction. If there is a balance display instruction, the process proceeds to the next step 107.
ステップ 107において、修正画面が表示される。すなわち、並列暗証番号に対応す る制限残高データの金額が表示される。例えば、預金残高が 10万円であっても、予 め設定した金額、例えば「0円」とか「5千円」が表示される。そして、次のステップ 108 に進む。前記ステップ 106において、残高表示指示がない場合にも、ステップ 108に 進む。 In step 107, a correction screen is displayed. That is, the amount of restricted balance data corresponding to the parallel password is displayed. For example, even if the deposit balance is 100,000 yen, a preset amount such as “0 yen” or “5,000 yen” is displayed. Then the next step 108 Proceed to If there is no balance display instruction in step 106, the process proceeds to step 108.
ステップ 108において、払い出し金額の入力があるかどうかを判断する。払い出し 金額の入力がない場合には、「取り消し」や「終了」の指示 (ボタン操作等)を条件に、 現金払い出し処理を終了する。払い出し金額が入力された場合には、次のステップ 1 09に進む。  In step 108, it is determined whether or not a payout amount has been input. If there is no input of the amount to be paid out, the cash-out process is terminated on condition of “cancel” or “end” instruction (button operation, etc.). If a payout amount has been entered, proceed to the next step 109.
[0024] ステップ 109において、入力値が預金残高範囲内かどうかを判断する。ここで、現 金自動払 、装置 1が「預金残高」として認識して 、るのは、正規暗証番号が使用され ている場合には正規残高データの金額 (前述の例では 10万円)であり、並列暗証番 号が使用されている場合には制限残高データの金額 (前述の例では 0円や 5千円) である。入力値が預金残高を超えている場合には、預金残高が足りない旨の表示を 行うと共にエラー処理をする。すなわち、実際には 10万円の預金があっても、並列暗 証番号を使用した場合には、制限残高データが「0円」の場合には現金を全く引き出 せず、制限残高データが「5千円」の場合には 5千円以内の金額し力引き出せない。 一方、入力値が預金残高範囲内である場合には、次のステップ 110に進む。  [0024] In step 109, it is determined whether or not the input value is within the deposit balance range. Here, automatic cash payment, device 1 recognizes as “deposit balance”, and if the regular PIN is used, it is the amount of regular balance data (in the above example, 100,000 yen). Yes, if a parallel PIN is used, it is the amount of limit balance data (0 yen or 5,000 yen in the above example). If the input value exceeds the deposit balance, a message indicating that the deposit balance is insufficient is displayed and error processing is performed. That is, even if you actually have a deposit of 100,000 yen, if you use a parallel PIN, if the restricted balance data is “0 yen”, no cash will be withdrawn, and the restricted balance data In the case of “5,000 yen”, the amount cannot exceed the amount of 5,000 yen. On the other hand, if the input value is within the deposit balance range, the process proceeds to the next step 110.
[0025] ステップ 110において、払い出し指示の入力値に応じて、現金払い出し処理を行う 。そして現金払出処理を終了する。  [0025] In step 110, a cash payout process is performed according to the input value of the payout instruction. And cash-out processing is ended.
なおここで、装置内から現金が排出されるとともに、払い出し金額データが預金管 理装置 2に出力されて、それに応じて預金残高データが書き換えられる。具体的には 、例えば正規暗証番号を使用して 3千円引き出した場合には、正規残高データが 10 万円から 3千円差し引いた 9万 7千円となる(手数料等は考慮しない)。一方、並列暗 証番号を使用して 3千円引き出した場合には、以下の二つの処理方法がある。  Here, cash is discharged from the inside of the apparatus, and the payout amount data is output to the deposit management apparatus 2, and the deposit balance data is rewritten accordingly. Specifically, for example, if 3,000 yen is withdrawn using a regular PIN, the regular balance data will be 97,000 yen, which is subtracted 3,000 yen from 100,000 yen (considering fees, etc.). On the other hand, when 3,000 yen is withdrawn using a parallel password, there are the following two processing methods.
ひとつは、正規残高データを 10万円力も 3千円差し引いた 9万 7千円とし、制限残 高データ(5千円)は書き換えずそのままにしておくことができる。もうひとつは、正規 残高データを 10万円から 3千円差し引いた 9万 7千円とし、制限残高データを 5千円 力も 3千円を差し引いた 2千円とするものである。後者によれば、支払い明細書の残 高表示や次に現金を引き出すときの残高が 2千円となっており、リアリティーがあるた め、並列暗証番号よるダミーデータであることが発覚しにくいという利点がある。 [0026] さらに、並列暗証番号の使用時に非常通報を行う設定となっている場合には、現金 払い出し処理と同時に非常通報処理を行う。 One is that the normal balance data is 97,000 yen, which is a deduction of 3,000 yen from the 100,000 yen force, and the remaining limit data (5,000 yen) can be left unchanged. The other is that the regular balance data is ¥ 97,000, which is subtracted ¥ 3,000 from ¥ 100,000, and the restricted balance data is ¥ 2,000, which is subtracted ¥ 3,000 from ¥ 5,000. According to the latter, the balance of the payment statement is displayed and the balance when the next cash is withdrawn is 2,000 yen, and since there is reality, it is difficult to detect dummy data with a parallel PIN. There are advantages. [0026] Furthermore, if the emergency notification is set to be used when the parallel password is used, the emergency notification process is performed simultaneously with the cash payout process.
このように、本実施の形態によれば、正規暗証番号と並列暗証番号により、現実に 払い出し可能な金額に差をつけることができる。そして、例えば並列暗証番号として、 正当な預金口座所有者の生年月日、住所、電話番号等のプロフィール力 類推でき る番号を設定しておき、万一キャッシュカードが所有者の意に反して (盗難、強盗によ る脅迫)他人の手に渡った場合でも、カードと並列暗証番号の使用では、虚偽の預 金残高が表示され、かつ実際にその金額以下の現金しか引き出すことができず、被 害を最低限にすることができる。これは特に、脅迫されて本当の暗証番号を言わない と身体生命が危険である場合などに役立つ。また、そのように物騒な場合だけでなく 、例えば子供用に並列暗証番号を設け、制限残高データとして 5千円や 1万円などを 設定しておき、子供が多額の現金を引き出せないようにして教育的用途に使用する ことちでさる。  Thus, according to the present embodiment, it is possible to make a difference in the amount that can be actually paid out by using the regular password and the parallel password. For example, as a parallel PIN, a number that can be used to estimate the profile power, such as the date of birth, address, and telephone number of a legitimate account holder, is set, and in the unlikely event that the cash card is against the owner's will ( Even if it is in the hands of others, the use of the card and the parallel PIN number will display a false deposit balance and can only withdraw cash less than that amount. Damage can be minimized. This is especially useful if your life is dangerous if you are threatened and don't give your real PIN. Also, not only in such a troubled situation, for example, a parallel PIN is provided for children, and limit balance data is set to 5,000 yen or 10,000 yen so that the child cannot withdraw a large amount of cash. It can be used for educational purposes.
[0027] なお、本システムにおいてクレジットカードを使用する場合、最大引き出し限度額が 低く設定されたダミーデータが表示され、その金額以上は引き出せないように形成す ることちでさる。  [0027] When using a credit card in this system, it is possible to display dummy data with a maximum maximum withdrawal amount set low so that no more than that amount can be withdrawn.
(本システムの他の例)  (Other examples of this system)
上記システムにおいては、預金残高データとして、予め定められた制限残高データ が記憶されており、カードと並列暗証番号の使用によりこの制限残高データにァクセ ス可能に形成されていたが、預金残高データとしては正規残高データのみ記憶し、 カードと並列暗証番号が使用された場合には、正規残高データを適宜加工して、加 工残高データに基づ 、て払 、出し処理を行わせるようにしてもょ 、ものである。  In the above system, predetermined limit balance data is stored as deposit balance data, and the limit balance data can be accessed by using a card and a parallel password, but the deposit balance data Stores only the regular balance data, and when the card and parallel PIN are used, the regular balance data is processed as appropriate so that payment and withdrawal processing can be performed based on the processed balance data. Oh, it is a thing.
[0028] 具体的には、図 3に示すように、預金管理装置 2は、 IDと複数の暗証番号と正規残 高データを記憶している。また、現金自動払い装置 1の処理判定部 20には、加工部 2 3が設けられている。加工部 23は、並列暗証番号使用時に、取得した預金残高デー タ(正規残高データ)に改変を加えて加工残高データを作成するためのものである。 そして、処理実行部 30は、この加工残高データに基づいて、画像表示処理や現金払 出処理を行うようになって!/、る。 ここで、加工部 23は、正規残高データをもとに、正規残高よりも金額が低くなるように 所定の演算を行って加工残高データを作成するものである。例えば、正規残高デー タの金額の 1%を加工残高データとしたり(正規残高 X O. 01)、正規残高データの金 額から一定金額 (n円)だけ少ない金額を加工残高データとする (正規残高— n、nく 正規残高)ように設定することができる。 Specifically, as shown in FIG. 3, the deposit management device 2 stores an ID, a plurality of passwords, and regular balance data. The processing determination unit 20 of the automatic cash payment apparatus 1 is provided with a processing unit 23. The processing unit 23 is used to create processing balance data by modifying the acquired deposit balance data (regular balance data) when using a parallel password. Then, the process execution unit 30 performs the image display process and the cash payout process based on the processed balance data! Here, the processing unit 23 creates the processed balance data by performing a predetermined calculation based on the regular balance data so that the amount is lower than the regular balance. For example, 1% of the amount of regular balance data is used as processed balance data (regular balance X O. 01), and the amount less than the regular balance data by a fixed amount (n yen) is used as processed balance data (regular balance data). Balance—n, n (regular balance).
[0029] なお、正規残高データの加工を、預金管理装置 2で行うようにしてもょ 、。この場合 には、預金管理装置 2に加工部を設け、現金自動払い装置 1の処理判定部 20は並 列暗証番号使用時に預金管理装置 2にデータ加工要請信号を出力し、これに基づ いて預金管理装置 2の加工部が正規残高データを加工し、当該加工残高データを 処理判定部 20が取得するものとすればょ 、。  [0029] It should be noted that the normal balance data may be processed by the deposit management device 2. In this case, a processing unit is provided in the deposit management device 2, and the processing judgment unit 20 of the automatic cash payment device 1 outputs a data processing request signal to the deposit management device 2 when the parallel password is used, and based on this. If the processing unit of the deposit management device 2 processes the regular balance data, and the processing determination unit 20 acquires the processed balance data.
さらに、図 1及び図 3に示す実施の形態においては、非常通報処理部 33を現金自 動払い装置 1に設けてあるが、非常通報処理部 33の設置場所はこれに限られず、例 えばホストコンピュータに設けてもよいものである。  Further, in the embodiment shown in FIGS. 1 and 3, the emergency call processing unit 33 is provided in the cash automatic payment apparatus 1, but the installation location of the emergency call processing unit 33 is not limited to this. It may be provided in the computer.
[0030] 以上述べてきた制限残高データ又は加工残高データの内容については、これらの うち 、ずれかの態様を単独で用いてもよぐあるいは複数の態様を組み合わせて用 いてもよい。  [0030] Regarding the contents of the limited balance data or the processed balance data described above, any of these modes may be used alone, or a plurality of modes may be used in combination.
また、本発明は、現金自動払いシステム以外にも応用することができる。例えば、キ ャッシュカードなどの物理媒体を使用しな 、オンラインバンキングや、 IDとパスワード を用いて特定のデータにアクセス可能なコンピュータネットワークシステムにおいても 、正規 IDと正規パスワードの組み合わせで正規データにアクセスでき、正規 IDと並 列パスワードの組み合わせで、ダミーデータにアクセスするように形成することができ る。  Further, the present invention can be applied to other than the automatic cash payment system. For example, even in a computer network system that can access specific data using an ID and password without using a physical medium such as a cash card, the regular data can be accessed with a combination of the regular ID and the regular password. A combination of a regular ID and a parallel password can be used to access dummy data.
産業上の利用可能性  Industrial applicability
[0031] 本発明は、現金自動払いシステムに利用することができる。また、キャッシュカード などの物理媒体を使用しないオンラインバンキングや、 IDとパスワードを用いて特定 のデータにアクセス可能なコンピュータネットワークシステムにおいても利用可能であ る。 [0031] The present invention can be used in an automatic cash payment system. It can also be used in online banking that does not use physical media such as cash cards, and in computer network systems that can access specific data using IDs and passwords.

Claims

請求の範囲 The scope of the claims
[1] 個人毎に設定された複数の識別子の組み合わせによって個別データを取得し、当 該取得したデータに基づ 、て処理を実行する認証処理システムにお ヽて、  [1] In an authentication processing system that acquires individual data by a combination of a plurality of identifiers set for each individual and executes processing based on the acquired data,
前記個別データとして、正規の内容に基づく正規データと、正規データとは異なる 他のデータを設け、  As the individual data, regular data based on regular content and other data different from regular data are provided,
前記複数の識別子の組み合わせとして、正規データを取得可能な正規組み合わ せと、前記他のデータを取得可能な不正組み合わせとを設け、  As a combination of the plurality of identifiers, a normal combination capable of acquiring normal data and an illegal combination capable of acquiring the other data are provided,
正規組み合わせが使用された場合には、正規データに基づ 、た実行処理を行 、、 不正組み合わせが使用された場合には、他のデータに基づいた実行処理を可能と したことを特徴とする認証処理システム。  When regular combinations are used, execution processing is performed based on regular data. When illegal combinations are used, execution processing based on other data is possible. Authentication processing system.
[2] 個人毎に設定された複数の識別子の組み合わせによって個別データを取得し、当 該取得したデータに基づ 、て処理を実行する認証処理システムにお ヽて、  [2] In an authentication processing system that acquires individual data by a combination of a plurality of identifiers set for each individual and executes processing based on the acquired data,
前記個別データの正規の内容に基づく正規データに改変をカ卩えたカ卩ェデータを 作成可能な加工手段を備え、  Processing means capable of creating cache data in which alterations are made to the regular data based on the regular content of the individual data;
前記複数の識別子の組み合わせとして、正規データを取得可能な正規組み合わ せと、前記加工データを取得可能な不正組み合わせとを設け、  As a combination of the plurality of identifiers, a normal combination capable of acquiring normal data and an illegal combination capable of acquiring the processed data are provided,
正規組み合わせが使用された場合には、正規データに基づ 、た実行処理を行 、、 不正組み合わせが使用された場合には、加工データに基づ 、た実行処理を可能と したことを特徴とする認証処理システム。  When regular combinations are used, execution processing is performed based on regular data.When illegal combinations are used, execution processing can be performed based on machining data. Authentication processing system.
[3] 前記複数の識別子は、 IDとパスワードであり、正規組み合わせとして、正規 IDと正 規パスワードの組み合わせ、不正組み合わせとして、正規 IDと並列パスワードの組 み合わせを設けたことを特徴とする請求の範囲第 1項又は第 2項記載の認証処理シ ステム。 [3] The plurality of identifiers are IDs and passwords, and a combination of a regular ID and a regular password is provided as a regular combination, and a combination of a regular ID and a parallel password is provided as an unauthorized combination. The authentication processing system according to paragraph 1 or 2 of the scope.
[4] 記録担体に記録された認証番号と外部入力される暗証番号により預貯金口座デー タにアクセスし、預貯金残高範囲内で現金を払い出し可能な現金自動払 ヽシステム であって、  [4] An automatic cash payment system for accessing deposit and savings account data using an authentication number recorded on a record carrier and an externally entered personal identification number, and withdrawing cash within the deposit and savings balance range,
預貯金者の預貯金口座データとして、正規の預貯金額に基づく正規残高データと 、正規残高データよりも低い金額に設定された制限残高データとを設け、 前記暗証番号として、正規残高データにアクセス可能な正規暗証番号と、制限残 高データにアクセス可能な並列暗証番号とを設け、 As savings and savings account data for savings and savings, regular balance data based on the regular deposit and savings amount and limit balance data set to an amount lower than the regular balance data are provided, As the personal identification number, a regular personal identification number that can access regular balance data and a parallel personal identification number that can access restricted balance data are provided.
正規の記録担体と正規暗証番号が使用された場合には、正規残高データの残高 に基づ!/、て現金を払い出し、正規の記録担体と並列暗証番号が使用された場合に は、制限残高データの残高に基づ 、て現金の払!、出しを可能としたことを特徴とする 現金自動払いシステム。  If a regular record carrier and a regular PIN are used, cash is paid out based on the balance of the regular balance data! If a regular record carrier and a parallel PIN are used, the limited balance An automatic cash payment system that makes it possible to pay and pay cash based on the balance of data.
記録担体に記録された認証番号と外部入力される暗証番号により預貯金口座デー タにアクセスし、預貯金残高範囲内で現金を払い出し可能な現金自動払 ヽシステム であって、  An automatic cash payment system that allows users to access deposit and savings account data using an authentication number recorded on a record carrier and an externally entered personal identification number, and withdraw cash within the deposit and savings balance range,
預貯金者の正規の預貯金額に基づく正規残高データに改変を加えて、正規残高 データの金額よりも低い金額に加工された加工残高データを作成可能な加工手段を 備え、  It is equipped with a processing means that can modify the normal balance data based on the regular deposit and savings amount of the savings depositor and create processed balance data processed to an amount lower than the amount of the regular balance data,
前記暗証番号として、正規残高データにアクセス可能な正規暗証番号と、加工残 高データにアクセス可能な並列暗証番号とを設け、  As the personal identification number, a regular personal identification number that can access the regular balance data and a parallel personal identification number that can access the processing balance data are provided.
正規の記録担体と正規暗証番号が使用された場合には、正規残高データの残高 に基づ!/、て現金を払い出し、正規の記録担体と並列暗証番号が使用された場合に は、前記加工手段により加工された加工残高データの残高に基づいて現金の払い 出しを可能としたことを特徴とする現金自動払 、システム。  When a regular record carrier and a regular PIN are used, cash is paid out based on the balance of the regular balance data, and when a regular record carrier and a parallel PIN are used, the above processing is performed. An automatic cash payment system characterized in that cash can be paid out based on the balance of the processed balance data processed by means.
PCT/JP2005/019186 2004-10-22 2005-10-19 Authentication system WO2006043585A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004307570A JP2006119936A (en) 2004-10-22 2004-10-22 Authentication processing system
JP2004-307570 2004-10-22

Publications (1)

Publication Number Publication Date
WO2006043585A1 true WO2006043585A1 (en) 2006-04-27

Family

ID=36202999

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/019186 WO2006043585A1 (en) 2004-10-22 2005-10-19 Authentication system

Country Status (2)

Country Link
JP (1) JP2006119936A (en)
WO (1) WO2006043585A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8898023B2 (en) 2009-02-26 2014-11-25 Omron Healthcare Co., Ltd. Biological information management system and biological information management method

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007334707A (en) * 2006-06-16 2007-12-27 Hitachi Omron Terminal Solutions Corp Biometric authentication device for executing authentication by plural pieces of biological information and its method
JP6068328B2 (en) * 2013-12-27 2017-01-25 株式会社ソニー・インタラクティブエンタテインメント Information processing apparatus and information processing method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002073977A (en) * 2000-08-30 2002-03-12 Mitsubishi Electric Corp Deposit protection method and system
JP2002358418A (en) * 2001-05-31 2002-12-13 Eitetsu Moto Transaction system
JP2003168147A (en) * 2001-12-03 2003-06-13 Oki Electric Ind Co Ltd Automatic teller machine and automatic transaction system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002073977A (en) * 2000-08-30 2002-03-12 Mitsubishi Electric Corp Deposit protection method and system
JP2002358418A (en) * 2001-05-31 2002-12-13 Eitetsu Moto Transaction system
JP2003168147A (en) * 2001-12-03 2003-06-13 Oki Electric Ind Co Ltd Automatic teller machine and automatic transaction system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8898023B2 (en) 2009-02-26 2014-11-25 Omron Healthcare Co., Ltd. Biological information management system and biological information management method

Also Published As

Publication number Publication date
JP2006119936A (en) 2006-05-11

Similar Documents

Publication Publication Date Title
US8943598B1 (en) Automatic compromise detection for hardware signature for payment authentication
US20160048834A1 (en) Tool for creating a system hardware signature for payment authentication
JP4972296B2 (en) Automatic transaction apparatus, transaction approval method using the same, and transaction approval program for automatic transaction apparatus
JP2009064127A (en) Automatic transaction system, server, and automatic transaction device
JP4872342B2 (en) Automatic transaction apparatus and automatic transaction system
JP2017021693A (en) Automated teller machine
US20070080217A1 (en) Alarm password for triggering a security response
JP2007087316A (en) Automatic transaction device and automatic transaction system
WO2006043585A1 (en) Authentication system
JP2003223421A (en) Information processing apparatus
JP2007072777A (en) Transaction system
JP2007199881A (en) Automatic transaction device
JP2008129647A (en) Password operation system
JP2008071199A (en) Transaction system, management information processor, operation information processor, and processing method
US8074872B2 (en) Payment terminal, and associated method and program
JP2008112231A (en) Apparatus operable on biometric authentication of multiple authorized persons
JPWO2002075676A1 (en) Automatic transaction apparatus and transaction method therefor
JP5231320B2 (en) Transaction system and management method thereof
JP2007115058A (en) Automatic transaction device
JP2006099712A (en) Personal identification number management system
JP3629891B2 (en) Electronic money control apparatus and control method thereof
JP4020939B2 (en) Electronic money handling apparatus and control method thereof
JP2007334682A (en) Automatic transaction system, and automatic transaction device
JP6585135B2 (en) Automatic transaction equipment
JP2008204347A (en) Automatic transaction device and transaction processing method automatic transaction device

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KM KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05795658

Country of ref document: EP

Kind code of ref document: A1