WO2012157199A1 - Automatic transaction device and automatic transaction system - Google Patents

Automatic transaction device and automatic transaction system Download PDF

Info

Publication number
WO2012157199A1
WO2012157199A1 PCT/JP2012/002973 JP2012002973W WO2012157199A1 WO 2012157199 A1 WO2012157199 A1 WO 2012157199A1 JP 2012002973 W JP2012002973 W JP 2012002973W WO 2012157199 A1 WO2012157199 A1 WO 2012157199A1
Authority
WO
WIPO (PCT)
Prior art keywords
control unit
automatic transaction
request
transaction apparatus
processing
Prior art date
Application number
PCT/JP2012/002973
Other languages
French (fr)
Japanese (ja)
Inventor
伸治 菊地
Original Assignee
日立オムロンターミナルソリューションズ株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日立オムロンターミナルソリューションズ株式会社 filed Critical 日立オムロンターミナルソリューションズ株式会社
Publication of WO2012157199A1 publication Critical patent/WO2012157199A1/en

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07DHANDLING OF COINS OR VALUABLE PAPERS, e.g. TESTING, SORTING BY DENOMINATIONS, COUNTING, DISPENSING, CHANGING OR DEPOSITING
    • G07D11/00Devices accepting coins; Devices accepting, dispensing, sorting or counting valuable papers
    • G07D11/20Controlling or monitoring the operation of devices; Data handling
    • G07D11/26Servicing, repairing or coping with irregularities, e.g. power failure or vandalism

Definitions

  • the present invention relates to a technique for improving security in an automatic transaction apparatus.
  • ATMs automated teller machines
  • CPU central processing unit
  • RAM random access memory
  • hard disk etc.
  • software created in accordance with standard specifications has the advantage of high versatility and low cost, but has the problem of being susceptible to viruses.
  • a pattern file that contains a program on the hard disk of an automated teller machine, a specific character string included in a virus, and a characteristic operation pattern of a program infected with a virus.
  • a virus mixed in software built in the automatic teller machine see, for example, JP-A-2004-362012.
  • Such a problem is not limited to automatic cash transaction apparatuses, but is a problem common to all automatic transaction apparatuses designed by applying personal computer technology such as various vending machines and ticket vending machines. .
  • An object of the present invention is to provide a technology capable of improving security in an automatic transaction apparatus without using a pattern file including virus characteristics.
  • the present invention has been made to solve at least a part of the problems described above, and can be realized as the following forms or application examples.
  • the automatic transaction apparatus as one embodiment of the present invention is: A main body control unit for controlling each part of the automatic transaction apparatus; A personal information control unit for acquiring personal information of the user; A cash control unit for sending and receiving cash; Using the type of processing request input to the personal information control unit or the cash control unit via the main body control unit, and the internal state of the automatic transaction apparatus in a series of transaction processing, the request is the A fraud detection unit that transitions the automatic transaction apparatus to a warning state different from a normal state in which a normal transaction is possible, when it is detected that it is due to an unauthorized program inherent in the automatic transaction apparatus; Is provided.
  • the fraud detection unit uses the type of processing request input to the personal information control unit or cash control unit and the internal state of the automatic transaction apparatus in a series of transaction processing,
  • the automatic transaction device is shifted to a warning state different from the normal state in which the normal transaction is possible.
  • Security can be improved without using a pattern file that contains.
  • the automatic transaction device further comprises: A communication unit that is connected to an external device via a network and exchanges information with the external device;
  • the fraud detector further includes: When the issuer of the request for processing input to the personal information control unit or the cash control unit via the main body control unit is confirmed, and it is detected that the request is due to unauthorized access via the communication unit
  • the automatic transaction apparatus may be shifted to the alert state.
  • the fraud detection unit further confirms the issuer of the processing request input to the personal information control unit or the cash control unit, and the request is due to unauthorized access via the communication unit. If the automatic transaction apparatus is detected to be present, the automatic transaction apparatus is transitioned to the alert state, so that the security can be further improved in the automatic transaction apparatus.
  • the fraud detector of the automatic transaction apparatus further includes: The structure of a message used for a request for processing input to the personal information control unit or the cash control unit via the main body control unit is confirmed, and the standard interface used for the request is an invalid standard interface.
  • the automatic transaction apparatus may be transitioned to the alert state.
  • the fraud detection unit further confirms the structure of the message used for the request for processing input to the personal information control unit or the cash control unit via the main body control unit, and uses it for the request.
  • the standard interface being used is an unauthorized standard interface
  • the automatic transaction apparatus is transitioned to the alert state, so that the security can be further improved in the automatic transaction apparatus.
  • the automatic transaction device further comprises: Information used for processing in the fraud detection unit, method information relating to a method for detecting at least one of the fraudulent program, the fraudulent access, and the fraudulent standard interface; You may provide the memory
  • method information related to a method for detecting at least one of an unauthorized program, unauthorized access, and an unauthorized standard interface, and processing related to the contents of processing executed in the alert state And a storage unit that stores information in association with each other in advance, and the fraud detection unit performs processing using the information.
  • the fraud detection unit can also execute separate processes according to the method information in the alert state, and the process flexibility can be improved.
  • the fraud detector of the automatic transaction apparatus further includes: The processing request for the personal information control unit or the cash control unit is an unknown type, issued from an unknown issuer, or an unknown message structure. In some cases, the request may be learned. With such a configuration, the fraud detection unit further determines that the processing request for the personal information control unit or the cash control unit is of an unknown type, issued from an unknown issuer, and unknown. The request can be learned when the message structure is at least one of the message structures.
  • the process executed in the alert state of the automatic transaction apparatus may be any one of a pause process of the automatic transaction apparatus and a trace recording process of each process in the automatic transaction apparatus Good.
  • the automatic transaction device further comprises: You may provide the clerk operation part for receiving the change of the said processing information from the manager of the said automatic transaction apparatus.
  • the fraud detector of the automatic transaction apparatus further includes: When at least one of the unauthorized program, the unauthorized access, and the unauthorized standard interface is detected, the external device may be notified that the unauthorizedness has been detected.
  • the fraud detection unit further detects fraud with respect to the external device when detecting at least one of an illegal program, unauthorized access, and an unauthorized standard interface. In order to notify the fact that it has been done, it is possible to alert the outside of the automatic transaction apparatus.
  • the storage unit of the automatic transaction apparatus further includes: Request trend information is stored in advance for each of the types of request for the processing, which indicates whether the processing can be executed or not, with respect to the plurality of internal states that the automatic transaction apparatus can take in the series of transaction processing.
  • the fraud detector The type of processing request input to the personal information control unit or the cash control unit via the main body control unit is not possible with respect to the current internal state of the automatic transaction apparatus in the request trend information. If the request is associated with the program, it may be detected that the request is due to the malicious program. With this configuration, the fraud detection unit responds that the type of processing request input via the main body control unit is not possible with respect to the current internal state of the automatic transaction apparatus in the request trend information.
  • the current automatic transaction apparatus In order to detect that the request is due to a fraudulent program, in other words, a processing request that is impossible in the current internal state of the automatic transaction apparatus, in other words, the current automatic transaction apparatus It is possible to detect that a request for processing that is not scheduled in the internal state is caused by an unauthorized program.
  • the fraud detector of the automatic transaction apparatus is When a request for processing input to the personal information control unit or the cash control unit via the main body control unit is input from a communication port different from a regulation, the personal information control unit via the main body control unit Alternatively, when the issuer of the process request input to the cash control unit is different from the issuer permitted in advance, the request may be detected as being due to the unauthorized access. With such a configuration, the fraud detection unit performs processing when the request for processing input via the main body control unit is input from a communication port different from the regulation and when input via the main body control unit. If the issuer of the request is different from the issuer authorized in advance, unauthorized access is detected using the input port information of the request and the issuer information of the request in order to detect that the request is due to unauthorized access. Can be detected.
  • the storage unit of the automatic transaction apparatus further includes: For each standard interface, I / F recognition information that associates the characteristics of the structure of the message with permission / non-permission of processing execution is stored in advance,
  • the fraud detector The structure of a message used for a request for processing input to the personal information control unit or the cash control unit via the main body control unit is associated with being not permitted in the I / F recognition information. If it is, the standard interface used for the request may be detected as an invalid standard interface.
  • the fraud detection unit is associated with the structure of the message used for the processing request input from the main body control unit being not permitted in the I / F recognition information.
  • the unauthorized standard interface can be detected using the characteristics of the structure of the message.
  • An automatic cash transaction system as one embodiment of the present invention is: An automatic transaction device; Server, With The automatic transaction apparatus is A main body control unit for controlling each part of the automatic transaction apparatus; A personal information control unit for acquiring personal information of the user; A cash control unit for sending and receiving cash; With The server Using the type of processing request received by the personal information control unit or the cash control unit and the internal state of the automatic transaction apparatus in a series of transaction processing, the request is an improper in the automatic transaction apparatus It is equipped with a fraud detector that detects whether it is a program, The personal information control unit and the cash control unit are: When receiving a processing request from the main body control unit, the server is inquired whether the request is due to the unauthorized program, The fraud detector When it is detected that the request is due to the unauthorized program, the automatic transaction apparatus may be shifted to a warning state different from a normal state in which a normal transaction is possible.
  • the present invention can be realized in various modes.
  • the present invention provides an automatic transaction device (cash automatic transaction device, automatic vending machine, automatic ticket vending machine, etc.), automatic transaction system, control method of automatic transaction device, and a function of those methods or devices.
  • the present invention can be realized in the form of a computer program, a non-transitory medium storing the computer program, and the like.
  • FIG. 1 is an explanatory diagram schematically showing a hardware configuration of an automatic teller machine as an embodiment of the present invention.
  • Automatic cash transaction apparatus 10 hereinafter also referred to as “ATM”
  • ATM 10 is installed in, for example, a financial institution, a retail store, a public facility, etc., and provides services such as cash accounting provided by the financial institution according to user operations. This is an automatic device.
  • ATM10 is also called an automatic teller machine.
  • the ATM 10 includes a card mechanism 22, a passbook mechanism 24, a statement slip mechanism 26, a coin mechanism 32, a bill mechanism 34, a customer operation unit 42, a staff operation unit 44, a control unit 50, and a journal printing mechanism 60.
  • a card mechanism 22 a passbook mechanism 24, a statement slip mechanism 26, a coin mechanism 32, a bill mechanism 34, a customer operation unit 42, a staff operation unit 44, a control unit 50, and a journal printing mechanism 60.
  • FIG. 1 illustration of other components that are not necessary for the description is omitted. This also applies to the drawings described later.
  • the card mechanism 22 is a mechanism for reading information such as a user's account number from a cash card inserted from a card slot.
  • the passbook mechanism 24 is a mechanism for reading information such as a user's account number from a passbook inserted from a passbook slot and printing transaction contents on the passbook.
  • the statement slip mechanism 26 is a mechanism for issuing a statement slip on which the transaction details of the user are printed.
  • the coin mechanism 32 is a mechanism that exchanges coins with users.
  • the bill mechanism 34 is a mechanism that exchanges bills (hereinafter also referred to as “paper sheets”) with a user.
  • the banknote mechanism 34 identifies the banknote inserted from the user at the time of money_receiving
  • the customer operation unit 42 is a user interface for displaying information necessary for the transaction and accepting an operation from the user via a touch panel provided on the front surface of the ATM 10.
  • the clerk operation unit 44 is a user interface for displaying information for managing the ATM 10 and accepting operations from the administrator via a touch panel provided on the back of the ATM 10.
  • the customer operation unit 42 and the clerk operation unit 44 may be configured with a display, a push button, and the like instead of the touch panel.
  • the journal printing mechanism 60 is a mechanism for sequentially printing transaction contents with the user on predetermined journal paper. Note that the journal printing mechanism 60 may employ an electronic journal method that leaves a record using an electronic medium such as a database or a file, instead of the method of printing on a paper medium.
  • the control unit 50 controls each mechanism described above.
  • the control unit 50 is configured as a computer including a CPU, a memory, a hard disk, a network interface, and the like.
  • FIG. 2 is an explanatory diagram schematically showing the software configuration of the ATM 10.
  • Various control programs for realizing the functions of the control unit 50 are installed in a hard disk (not shown) of the control unit 50.
  • the CPU 51 of the control unit 50 functions as each functional unit shown in FIG. 2 by using the memory 300 as a work area and executing these various control programs.
  • the control unit 50 includes a main body control unit 100, a fraud detection unit 110, a touch panel control unit 200, a storage unit 300, a communication unit 400, a card mechanism control unit 500, a passbook mechanism control unit 510, and a statement slip mechanism.
  • a control unit 520, a bill mechanism control unit 600, a coin mechanism control unit 610, and a journal control unit 700 are provided as functional units.
  • the main body control unit 100 has a function of executing various transaction processes of the ATM 10 while controlling each functional unit of FIG. 2 according to an instruction from the user.
  • the fraud detection unit 110 has a function of executing fraud detection processing (details will be described later) for detecting a fraud program inherent in the ATM 10, illegal access to the ATM 10, and an illegal standard interface.
  • the “illegal program” is a program other than a legitimate program provided by the manufacturer of ATM 10, and is an unauthorized program unexpected by an ATM 10 user, administrator, financial institution operating ATM 10, or the like. It means a program that performs withdrawal operations and personal information acquisition operations.
  • Unauthorized access means access to the ATM 10 from a communication port different from the default communication port, or access to the ATM 10 from a device other than a device permitted in advance.
  • the “illegal standard interface” means access to the ATM 10 using a standard interface other than the standard interface permitted in advance.
  • the “standard interface” means a rule defined for a structure of a message (command command) exchanged between each function unit of the ATM 10.
  • the touch panel control unit 200 controls the operation of the touch panel used in the customer operation unit 42 and the staff operation unit 44. Specifically, the touch panel control unit 200 displays information on the touch panel and acquires input from the user and the administrator on the touch panel.
  • the storage unit 300 stores information used in fraud detection processing by the fraud detection unit 110. Specifically, in the storage unit 300, in order to detect unauthorized programs existing in the ATM 10, unauthorized detection information 310 and request trend information 330 used to detect unauthorized access to the ATM 10, and unauthorized standard interfaces. I / F recognition information 320 to be used. Details will be described later.
  • the communication unit 400 includes a network interface (not shown), and exchanges information with an external device (various devices provided outside the ATM 10, such as a management device or a server of the ATM 10) according to a predetermined protocol. Do.
  • the communication unit 400 includes a 100BASE-T network interface, and performs communication with an external device according to the TCP / IP protocol.
  • the card mechanism control unit 500 has a function of controlling the card mechanism 22.
  • the passbook mechanism control unit 510 is the passbook mechanism 24
  • the statement slip mechanism control unit 520 is the statement slip mechanism 26
  • the bill mechanism control unit 600 is the bill mechanism 34
  • the coin mechanism control unit 610 is the coin mechanism 32
  • the journal has a function of controlling the journal printing mechanism 60.
  • FIG. 3 is an explanatory diagram showing an example of the fraud detection information 310.
  • the fraud detection information 310 is information used for countermeasures against fraudulent programs and unauthorized access in the fraud detection processing executed by the fraud detection unit 110, and is held in a table format.
  • the fraud detection information 310 includes fields of a number, a detection method, and a state.
  • the detection method field stores a malicious program inherent in the ATM 10 and a method for detecting unauthorized access to the ATM 10.
  • the state field stores a state to which the ATM 10 should transition when an unauthorized program or unauthorized access is detected by the method stored in the detection method.
  • the entry identified by number 1 in FIG. 3 indicates that “is it consistent with the request tendency” as a detection method. The request tendency will be described later.
  • fraud is detected as a result of the confirmation, it indicates that the ATM 10 is put into a “permitted transaction while recording trace”.
  • the entry identified by the number 2 indicates that “whether the port that received the processing request is a port to which TCP / IP communication is assigned” is confirmed as a detection method.
  • fraud is detected as a result of the confirmation, it indicates that the ATM 10 is put in a “transaction canceled” state.
  • the IP address or MAC address of the device that is the processing request source matches the IP address or MAC address of the device that is permitted to access the ATM 10. It is shown to confirm. In addition, if fraud is detected as a result of the confirmation, it indicates that the ATM 10 is put in a “transaction canceled” state.
  • information related to a method for detecting an unauthorized program and unauthorized access stored in the detection method field is also referred to as “method information”.
  • Information stored in the state field and indicating the state to which the ATM 10 should transition is also referred to as “processing information”.
  • processing information information stored in the state field and indicating the state to which the ATM 10 should transition.
  • processing information information stored in the state field and indicating the state to which the ATM 10 should transition.
  • processing information is also referred to as “processing information”.
  • the ATM 10 is in the “warning state” that the ATM 10 is in the “transaction aborted” state or the “transaction permission while recording trace”.
  • the alert state is a state different from the normal state in which normal transactions are possible in the ATM 10.
  • FIG. 4 is an explanatory diagram showing an example of the request trend information 330.
  • the request tendency information 330 is information used to detect a fraudulent program by monitoring transaction processing executed by the main body control unit 100 in fraud detection processing executed by the fraud detection unit 110, and is held in a table format. Has been.
  • the request tendency information 330 includes fields of a number, an internal state, and a function unit.
  • a unique number is assigned as identification information for mutually identifying information stored in each entry.
  • the name of the internal state of the ATM 10 in a series of transaction processes is stored. “Internal state” means a step in a series of transaction processes (for example, a series of withdrawal processes, a series of deposit processes, etc.) executed by the main body control unit 100 based on a user request for the ATM 10. To do.
  • the functional part field among the functional parts (FIG. 2) included in the ATM 10, a functional part (cash control part) that transfers and receives cash, and a functional part (personal information control) that acquires personal information of the user A field indicating the name of each part).
  • the personal identification number control unit and the transaction selection control unit are control units included in the main body control unit 100.
  • information indicating whether or not processing in each functional unit is possible or impossible is stored in correspondence with the internal state of the ATM 10 in a series of transaction processing executed by the main body control unit 100. ing. Specifically, when the process in a certain functional unit is possible, the number of the internal state to which transition is made after performing the process in the functional unit is stored (FIG. 4: area without hatching). Further, when the processing in a certain functional unit is impossible, a null value is stored (FIG. 4: hatched hatching area).
  • the request trend information 330 shown in FIG. 4 includes the internal state of the ATM 10 in a series of transaction processing executed by the main body control unit 100 and the types of control units capable of executing processing in the internal state ( In other words, the types of permitted processing requests) are stored in association with each other.
  • FIG. 5 is an explanatory diagram showing an example of the I / F recognition information 320.
  • the I / F recognition information 320 is information used for countermeasures against an illegal standard interface in the fraud detection processing executed by the fraud detector 110, and is held in a table format.
  • the I / F recognition information 320 includes fields of a number, a standard interface type, a feature, a version, and a state.
  • the number is given a unique number as identification information for mutually identifying information stored in each entry.
  • the standard interface type the name of the standard interface is stored.
  • the version stores the version of the standard interface.
  • a standard interface is uniquely specified by a combination of a standard interface type and a version.
  • the feature stores the feature of the structure of the message (command command) for each standard interface uniquely specified by the combination of the standard interface type and the version.
  • the transition destination state of the ATM 10 is stored for each uniquely specified standard interface.
  • the first activation has X input parameters, and the Xth argument of the input parameters is“ XXXXX ”.
  • "And the key” XXXX is stored in XXXX ⁇ XXX of the registry”.
  • the ATM 10 is set in the “transaction permitted” state when it is determined that the standard interface is applicable.
  • the ATM 10 is set in the “transaction permitted” state when it is determined that the standard interface is applicable. Further, for example, if the entry identified by the number n does not satisfy the characteristics stored in all the entries identified by the numbers 1 to n ⁇ 1, the ATM 10 is set in the “transaction aborted” state, that is, the alert state. It is shown that. An arbitrary value can be entered in X in the figure.
  • the I / F recognition information 320 shown in FIG. 5 includes information for uniquely identifying the standard interface, the characteristics of the message structure of the standard interface, the transition state of the ATM 10 (in other words, the ATM 10 Are stored in association with each other.
  • the feature of the message structure stored in the feature field is also referred to as “method information” relating to a method for detecting an unauthorized standard interface.
  • Information indicating the transition destination state of the ATM 10 stored in the state field is also referred to as “processing information”.
  • FIG. 6 is a sequence diagram showing how the fraud detection process is executed in a series of transaction processes executed by the main body control unit 100.
  • the banknote mechanism control unit is cited as an example of the cash control unit
  • the card mechanism control unit is cited as an example of the personal information control unit
  • the main body control unit 100 reads the card inserted from the user. After that, a case where banknotes are withdrawn will be described as an example.
  • the main body control unit 100 that has detected the insertion of the card from the user transmits a message (command command) requesting reading of the inserted card to the card mechanism control unit 500 (step S12).
  • the card mechanism control unit 500 requests the fraud detection unit 110 to execute fraud detection processing (step S14).
  • the fraud detection unit 110 that has received the request executes fraud detection processing (details will be described later) (step S16).
  • the fraud detector 110 places the ATM 10 in a warning state when fraud is detected in the fraud detection process, and does nothing if no fraud is detected.
  • the fraud detection unit 110 notifies the caller that the process has been completed after the fraud detection process is completed (step S18).
  • the card mechanism control unit 500 Upon receiving the notification, the card mechanism control unit 500 performs a reading process for the inserted card (step S20). Thereafter, the card mechanism control unit 500 notifies the main body control unit 100 of personal information (for example, account holder name, card number, etc.) obtained as a result of the card reading process (step S22).
  • personal information for example, account holder name, card number, etc.
  • the main body control unit 100 transmits a message (command command) requesting the banknote mechanism control unit 600 to withdraw the banknote of the instructed amount (step S24). ).
  • the banknote mechanism control unit 600 that has received the request from the main body control unit 100 requests the fraud detection unit 110 to execute fraud detection processing (step S26).
  • the fraud detection unit 110 that has received the request executes fraud detection processing (step S28). Details are the same as in step S16.
  • the fraud detection unit 110 notifies the caller that the process has ended after the fraud detection process ends (step S30).
  • the bill mechanism control unit 600 executes a bill withdrawal process for the amount of money instructed by the main body control unit 100 (step S32). Thereafter, the bill mechanism control unit 600 notifies the main body control unit 100 of the withdrawal result (step S34).
  • FIG. 7 is a flowchart illustrating the procedure of fraud detection processing.
  • the fraud detection unit 110 refers to the fraud detection information 310 and performs confirmation of “matches with request tendency”, which is the detection method stored in the first entry (step S102). Specifically, the fraud detection unit 110 determines the current internal state of the ATM 10 and the type of request actually made from the main body control unit 100 to the function unit (for example, a card reading command, a password reading command, a withdrawal command). Etc.) with the request tendency information 330, it is determined whether or not the request made from the main body control unit 100 to the function unit matches the type of request allowed.
  • the internal state of the ATM 10 is an idle state and a card reading command is issued from the main body control unit 100 to the card mechanism control unit 500 (FIG. 6: step S12), as shown in FIG.
  • the processing by the card mechanism control unit and the processing by the transaction selection control unit are possible, so it is determined that the request for the processing should be permitted (correct).
  • the internal state of the ATM 10 is an idle state as shown in FIG. In this case, since the processing by the control unit other than the card mechanism control unit and the transaction selection control unit is impossible, it is determined that the request for the processing is not permitted (illegal).
  • step S102 If it is determined in step S102 that the request for processing should be permitted, the fraud detector 110 determines that the request tendency matches (that is, fraud is not detected) (step S104: NO), the process proceeds to step S106.
  • the fraud detector 110 determines whether confirmation has been made to the end of the detection method stored in the fraud detection information 310 (step S106). If confirmation has not been performed to the end of the detection method (step S106: NO), the fraud detection unit 110 shifts the processing to step S102, and confirms the detection method stored in the next entry of the fraud detection information 310. That is, the confirmation of “whether the port receiving the processing request is a port to which TCP / IP communication is assigned” is continued.
  • the fraud detection unit 110 shifts the process to step S108 and learns the request tendency (step S108).
  • the fraud detector 110 is a combination in which the combination of the actual request type used for determination in step S102 and the internal state of the ATM 10 is unknown (that is, not registered in the request trend information 330). If there is, the content of the request trend information 330 is updated using the information. In this update, the existing information of the request trend information 330 may be overwritten, or new information may be added while the existing information of the request trend information 330 remains unchanged.
  • FIG. 8 shows an example of the request tendency information 330 updated by learning of the request tendency. In the example of FIG. 8, the information in the area NF is updated in order to enable handling of the bankbook from the idle state.
  • the fraud detection unit 110 executes standard I / F recognition processing (details will be described later) (step S110).
  • the fraud detection unit 110 After completion of the standard I / F recognition process, the fraud detection unit 110 notifies the function unit that is the caller that the process has been completed (step S112). Thereafter, the transaction process is continued as shown in FIG.
  • step S102 If it is determined in step S102 that the processing request is not permitted, the fraud detection unit 110 determines that the request tendency does not match (that is, fraud has been detected) (step S104: YES), and the process is stepped. The process proceeds to S114.
  • the fraud detection unit 110 refers to the contents of the status field of the corresponding entry in the fraud detection information 310 (step S114).
  • the fraud detector 110 determines whether or not the content of the status field is “transaction permitted” (step S116).
  • step S116 When the transaction is permitted (step S116: YES), the fraud detector 110 requests the journal controller 700 to record a transaction processing trace (step S118), and the process proceeds to step S110.
  • step S116 NO
  • the fraud detection unit 110 requests the main body control unit 100 to place the ATM 10 in a transaction suspension state (step S120), and ends the process.
  • the fraud detection unit 110 uses the request tendency information 330 to check the detection method “whether it matches the request tendency” of the fraud detection information 310, and performs the individual It confirms whether the request
  • the fraud detection unit 110 receives a request that is not permitted (in other words, a request that does not match the tendency of the request), the request is an unexpected request in an unexpected order issued by the malicious program (that is, It is determined that fraud has been detected), and the ATM 10 can be shifted to the alert state.
  • the fraud detection unit 110 also detects the detection method of the fraud detection information 310 “whether the port that received the processing request is an assigned port for TCP / IP communication” and “the IP of the device that is the processing request source. In confirming whether the address and MAC address match the IP address and MAC address of the device that is permitted to access the ATM 10, the origin of the request received by the main body control unit 100 is confirmed. When the main body control unit 100 receives a request that does not match the above condition, the fraud detection unit 110 is an unexpected request due to an unauthorized access from an unauthorized issuer (that is, fraud is detected). It is possible to make the ATM 10 transition to the alert state.
  • FIG. 9 is a flowchart showing the procedure of the standard I / F recognition process.
  • Standard I / F recognition processing is a subroutine of fraud detection processing.
  • the fraud detection unit 110 has a structure of a message (command command) in which at least one of the features stored in the first entry of the I / F recognition information 320 is transmitted as a request from the main body control unit 100 to each function unit. (Step S202).
  • step S202 If it is determined in step S202 that the feature in the I / F recognition information 320 matches the structure of the requested message, the fraud detection unit 110 determines that the feature matches the feature (step S204: YES), and the process is stepped. The process proceeds to S214.
  • the fraud detector 110 learns the characteristics of the standard interface (step S214). Specifically, if the actual request message used for the determination in step S202 is an unknown message (that is, not registered in the I / F recognition information 320), the fraud detection unit 110 The contents of the I / F recognition information 320 are updated using the structure of the message. In this update, the existing information in the I / F recognition information 320 may be overwritten, or new information is added while the existing information in the I / F recognition information 320 remains unchanged. Also good. Further, the fraud detection unit 110 performs I / F recognition on the actual request message used in the determination in step S202 for the message structure that matches the content of the feature field but has a different version. The contents of the version field of the entry of information 320 may be updated.
  • step S202 when it is determined that the feature in the I / F recognition information 320 does not match the structure of the message, the fraud detector 110 determines that the feature does not match the feature (step S204: NO), and the process is stepped. The process proceeds to S206.
  • the fraud detector 110 determines whether or not confirmation has been made to the end of the feature stored in the I / F recognition information 320 (step S206). If the confirmation has not been performed to the end (step S206: NO), the fraud detection unit 110 shifts the process to step S202 and continues to confirm the feature stored in the next entry of the I / F recognition information 320. .
  • step S206 when the confirmation has been completed to the end of the feature (step S206: YES), the fraud detection unit 110 shifts the processing to step S208, and the structure of the message and the content of the feature field in the I / F recognition information 320. Reference is made to the contents of the status field of the entry that matches (step S208).
  • the fraud detector 110 determines whether or not the content of the status field is “transaction canceled” (step S210). When the transaction is canceled (step S210: YES), the fraud detection unit 110 requests the main body control unit 100 to place the ATM 10 in the transaction stopped state (step S218), and ends the process.
  • step S210 determines whether or not the content of the state field is “transaction permission (trace recording)” (step S212). If the transaction is permitted (trace recording) (step S212: YES), the fraud detection unit 110 requests the journal control unit 700 to record a transaction processing trace (step S216), and ends the processing. On the other hand, when it is not transaction permission (trace recording) (step S212: NO), fraud detection part 110 ends processing.
  • the fraud detection unit 110 is received by the personal information control unit or the cash control unit from the main body control unit 100 using the characteristics of the message structure for each standard interface stored in the I / F recognition information 320. Monitor the structure of the message.
  • the fraud detection unit 110 receives a telegram having an unexpected structure, the personal information control unit or the cash control unit is an unexpected request issued based on an invalid standard interface (that is, the fraud Is detected), and the ATM 10 can be shifted to the alert state.
  • FIG. 10 is an explanatory diagram illustrating an example of a setting screen used for changing processing information in the fraud detection processing.
  • the setting screen EW is a screen that is displayed on the display of the clerk operation unit 44 by the main body control unit 100 that has acquired the operation by the administrator.
  • the administrator can change the contents (that is, the processing information) of the status fields of the fraud detection information 310 and the I / F recognition information 320 by using the setting screen EW.
  • the setting screen EW includes an item display section EF, a transaction cancel selection button CB, a transaction permission (trace recording) button OB, a next button NB, and a cancel button BB.
  • the item display portion EF is a field for displaying the contents of the detection method field of the fraud detection information 310 or the contents of the feature field of the I / F recognition information 320.
  • the transaction stop selection button CB and the transaction permission (trace recording) button OB are used to specify which state (processing information) is assigned to the detection method (or feature) displayed on the item display unit EF. It is a button.
  • the next button NB is a button for displaying the next detection method (or feature) on the setting screen EW.
  • the cancel button BB is a button for canceling the change process on the setting screen.
  • the content of the detection method field of the entry identified by the number 2 of the fraud detection information 310 is displayed in the item display portion EF. Further, the entry identified by the number 2 of the fraud detection information 310 is currently “transaction canceled” in the state field, so the corresponding transaction cancellation selection button CB is grayed out. If the administrator of the ATM 10 wants to change the contents of the status field of the entry identified by the number 2 of the fraud detection information 310 to “transaction permission (trace recording)”, he / she presses the transaction permission (trace recording) button OB. Good. By pressing the button, the fraud detector 110 updates the contents of the status field of the corresponding entry in the corresponding table.
  • the fraud detection unit 110 performs the main body control unit during the fraud detection process (confirmation of whether the detection method of the fraud detection information 310 “matches the request tendency”).
  • the type of processing request to the personal information control unit or cash control unit input via 100 is associated with “impossible” for the current internal state of the ATM 10 in the request trend information 330
  • a request for processing that is impossible in the current internal state of the ATM 10 in other words, a process that is not planned in the current internal state of the ATM 10. It can be detected that the request is caused by a malicious program.
  • the fraud detection unit 110 transitions the state of the ATM 10 to a warning state (transaction suspension, trace recording) different from the normal state in which a normal transaction is possible when fraud (fraud program) is detected. For this reason, in ATM10, security can be improved without using a pattern file including virus characteristics.
  • the fraud detection unit 110 performs fraud detection processing (confirmation of the detection method of the fraud detection information 310 “the port that received the request for processing” and “the IP address or MAC address of the device that is the request source of processing”).
  • a request for processing for the personal information control unit or cash control unit input via the main body control unit 100 is input from a communication port different from the regulation, a request for processing input via the main body control unit 100
  • the request input port information and the request issuer information are used to detect unauthorized access. Detection can be performed.
  • the fraud detection unit 110 transitions the state of the ATM 10 to a warning state when fraud (unauthorized access) is detected. For this reason, in ATM10, security can be improved more.
  • the fraud detection unit 110 in the fraud detection process (standard I / F recognition process), the structure of the message used for the request for the process input from the main body control unit 100 is the I / F recognition information 320. If the standard interface used in the request is an invalid standard interface when it is associated with “non-permitted” in FIG. Detection can be performed. Then, the fraud detection unit 110 causes the ATM 10 to transition to a warning state when fraud (an illegal standard interface) is detected. For this reason, in ATM10, security can be improved more.
  • the storage unit 300 stores an unauthorized program, fraud detection information 310 used for detecting unauthorized access, and request tendency information 330, and an I used for detecting an unauthorized standard interface.
  • / F recognition information 320 is stored.
  • the fraud detection information 310 an illegal program, method information for detecting unauthorized access (detection method field), and processing information (state field) regarding the contents of processing executed in the alert state are stored in association with each other.
  • the I / F recognition information 320 method information (characteristic field) for detecting an illegal standard interface and processing information (state field) regarding the contents of processing executed in the alert state are stored in association with each other. Yes.
  • the fraud detector 110 can execute individual processes in the alert state according to the method information used when detecting fraud, and can improve the flexibility of the process. .
  • step S108 of the fraud detection process the fraud detection unit 110 learns the type and order of the request when the request for processing to the personal information control unit or the cash control unit is an unknown type. To do.
  • the fraud detection unit 110 in step S214 of the standard I / F recognition process (FIG. 9) of the fraud detection process, when the processing request to the personal information control unit or the cash control unit is an unknown message structure, The message structure of the request is learned.
  • the fraud detection information 310, the I / F recognition information 320, and the request tendency information 330 can be automatically updated, and the cost required for managing the ATM 10 can be reduced.
  • the fraud detection unit 110 detects fraud (illegal program, unauthorized access, unauthorized standard interface)
  • the fraud detection unit 110 changes the state of the ATM 10 to either a dormant state (transaction suspension state) or a trace recording state. Can do.
  • Second embodiment In the second embodiment of the present invention, a configuration in which an automatic teller machine is connected to a server provided outside and performs fraud detection processing by the server will be described. Below, only the part which has a different structure and operation
  • FIG. 11 is an explanatory diagram showing a schematic configuration of an automatic cash transaction system 1000 in the second embodiment.
  • the automatic cash transaction system 1000 includes an ATM 10 a and a server 20.
  • the ATM 10a and the server 20 are connected by a local area network (LAN) NN.
  • LAN local area network
  • the ATM 10a differs from the ATM 10 of the first embodiment (FIGS. 1 and 2) in that it does not include the fraud detection unit 110 and the storage unit 300.
  • the server 20 is configured as a server computer including a CPU, a memory, a hard disk, a network interface, and the like (not shown).
  • the server 20 includes a fraud detection unit 110 and a storage unit 300 as functional units.
  • the fraud detection unit 110 and the storage unit 300 have the same functions as in the first embodiment.
  • step S ⁇ b> 14 of FIG. 6 the card mechanism control unit 500 requests the fraud detection unit 110 of the server 20 to execute fraud detection processing via the communication unit 400. Further, in step S18 of FIG. 6, the fraud detection unit 110 of the server 20 notifies the caller (card mechanism control unit 500 of the ATM 10a) that the processing has been completed via a communication unit (not shown). The same applies to steps S26 and S30.
  • the same effect as that of the first embodiment can be obtained even in the ATM 10a provided with the fraud detector 110 in the external server. Furthermore, with such a configuration, it is possible to detect unauthorized programs, unauthorized access, and unauthorized standard interfaces all at once with the server 20 provided outside, so that the processing load on the ATM 10a can be reduced. . Furthermore, since information related to unauthorized programs, unauthorized access, and unauthorized standard interfaces (fraud detection information 310, I / F recognition information 320, request tendency information 330) can be centrally managed on the server 20 side, it is considered as a system including a plurality of ATMs 10a. In this case, it is possible to construct an automatic cash transaction system that is easy to operate.
  • the automatic teller machine may include other configurations such as a USB interface and a wireless communication unit.
  • the automatic teller machine may be further connected to a monitoring device composed of a personal computer or the like.
  • the fraud detection unit when a fraud is detected as a result of the fraud detection process, the fraud detection unit preferably transmits information indicating that the fraud has been detected and necessary information to the monitoring device. If it does so, it will become easy to acquire the information regarding abnormality (detection of fraud) in an automatic teller machine.
  • the above configuration may be diverted to various types of vending machines, ticket vending machines, currency exchange machines, etc. instead of the cash automatic transaction apparatus.
  • the fraud detection process is executed each time.
  • the fraud detection process may be executed only at the beginning of a series of transaction processes, and the fraud detection process may be omitted for requests to the subsequent cash control unit or personal information control unit.
  • the execution / non-execution of the fraud detection process may be switched according to the time zone in which the transaction is performed, the congestion situation, or the like.
  • the IP address or MAC address of the request source device may be checked against a black list created in advance, and the fraud detection process may be executed only for requests corresponding to the black list.
  • the IP address or MAC address of the request source apparatus may be checked against a white list created in advance, and the fraud detection process may be executed only for a request that does not correspond to the white list.
  • Modification 5 In the fraud detection process (FIG. 7) and the standard I / F recognition process (FIG. 9) in the above embodiment, all method information stored in the fraud detection information and the I / F recognition information is confirmed. Various modifications can be made in this respect. For example, priority may be given to the method information, and confirmation may be performed in order of higher priority.
  • the fraud detection unit that has detected fraud may return a response indicating an error to the main body control unit or the caller function unit, so that only the transaction processing is not continued. Further, the fraud detection unit that has detected fraud may request the main body control unit and the caller function unit to limit the maximum number of withdrawals. Furthermore, the fraud detector that has detected fraud may block the network connection of the automatic teller machine.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Provided is a technology capable of improving security in an automatic transaction device without using a pattern file containing the characteristics of viruses. This automatic transaction device is equipped with: a main body control unit that controls the various units of the automatic transaction device; a personal information control unit that acquires the personal information of users; a cash control unit that dispenses and receives cash; and a fraud detection unit that transitions the automatic transaction device to an alarm state which differs from a normal state wherein normal transactions are possible when it is detected, using the type of processing request that has been input to the personal information control unit or the cash control unit via the main body control unit, and using the internal state of the automatic transaction device during a series of transaction processes, that a request is from a fraudulent program that is present in the automatic transaction device.

Description

自動取引装置および自動取引システムAutomatic transaction apparatus and automatic transaction system
 本発明は、自動取引装置においてセキュリティを向上させるための技術に関する。 The present invention relates to a technique for improving security in an automatic transaction apparatus.
 近年、現金自動取引装置(ATM:Automated teller machine)においては、CPUやRAM、ハードディスク等を備え、汎用的なパーソナルコンピュータの技術を応用して設計されているものが多い。このような現金自動取引装置において、現金自動取引装置に内蔵されるソフトウェアを標準的な規格に則って作成しようという動きが広まっている。標準的な規格に則って作成されたソフトウェアは、汎用性が高く、低コストであるという利点がある一方で、ウィルスに感染しやすいという問題点があった。 In recent years, many automated teller machines (ATMs) are equipped with a CPU, RAM, hard disk, etc., and are designed by applying general-purpose personal computer technology. In such an automatic teller machine, there is a widespread movement to create software built in the automatic teller machine in accordance with a standard specification. Software created in accordance with standard specifications has the advantage of high versatility and low cost, but has the problem of being susceptible to viruses.
 このような問題点に対して、現金自動取引装置のハードディスク内に存在するプログラムと、ウィルスに含まれる特定の文字列や、ウィルスに感染したプログラムの特徴的な動作パターンなどが登録されたパターンファイルとを比較することで、現金自動取引装置に内蔵されるソフトウェアに混入したウィルスを検知する技術が知られている(例えば、特開2004-362012号公報参照)。 To solve such problems, a pattern file that contains a program on the hard disk of an automated teller machine, a specific character string included in a virus, and a characteristic operation pattern of a program infected with a virus. Is known to detect a virus mixed in software built in the automatic teller machine (see, for example, JP-A-2004-362012).
 しかし、ハードディスク内に存在するプログラムをパターンファイルと比較する手法では、新しいウィルスに対する対応が困難であるという問題があった。 However, there is a problem that it is difficult to cope with a new virus by the method of comparing the program existing in the hard disk with the pattern file.
 また、このような問題は、現金自動取引装置に限らず、各種の自動販売機や自動券売機等、パーソナルコンピュータの技術を応用して設計された自動取引装置の全般に共通する課題であった。 In addition, such a problem is not limited to automatic cash transaction apparatuses, but is a problem common to all automatic transaction apparatuses designed by applying personal computer technology such as various vending machines and ticket vending machines. .
 本発明は、自動取引装置において、ウィルスの特徴を含んだパターンファイルを用いることなく、セキュリティを向上させることが可能な技術を提供することを目的とする。 An object of the present invention is to provide a technology capable of improving security in an automatic transaction apparatus without using a pattern file including virus characteristics.
 本発明は、上述の課題の少なくとも一部を解決するためになされたものであり、以下の形態又は適用例として実現することが可能である。 The present invention has been made to solve at least a part of the problems described above, and can be realized as the following forms or application examples.
 本発明の一実施形態としての自動取引装置は、
 前記自動取引装置の各部を制御する本体制御部と、
 利用者の個人情報を取得する個人情報制御部と、
 現金の授受を行う現金制御部と、
 前記本体制御部を介して前記個人情報制御部または前記現金制御部に入力される処理の要求の種類と、一連の取引処理における前記自動取引装置の内部状態と、を用いて、前記要求が前記自動取引装置に内在する不正プログラムによるものであると検知した場合に、前記自動取引装置を、通常の取引が可能な通常状態とは異なる警戒状態へと遷移させる不正検知部と、
を備える。
 このような構成とすれば、不正検知部は、個人情報制御部または現金制御部に入力される処理の要求の種類と、一連の取引処理における自動取引装置の内部状態とを用いて、当該要求が自動取引装置に内在する不正プログラムによるものであると検知した場合に、自動取引装置を通常の取引が可能な通常状態とは異なる警戒状態へと遷移させるため、自動取引装置において、ウィルスの特徴を含んだパターンファイルを用いることなく、セキュリティを向上させることができる。 The automatic transaction apparatus as one embodiment of the present invention is:
A main body control unit for controlling each part of the automatic transaction apparatus;
A personal information control unit for acquiring personal information of the user;
A cash control unit for sending and receiving cash;
Using the type of processing request input to the personal information control unit or the cash control unit via the main body control unit, and the internal state of the automatic transaction apparatus in a series of transaction processing, the request is the A fraud detection unit that transitions the automatic transaction apparatus to a warning state different from a normal state in which a normal transaction is possible, when it is detected that it is due to an unauthorized program inherent in the automatic transaction apparatus;
Is provided.
With such a configuration, the fraud detection unit uses the type of processing request input to the personal information control unit or cash control unit and the internal state of the automatic transaction apparatus in a series of transaction processing, When an automatic transaction device is detected to be caused by a malicious program inherent in the automatic transaction device, the automatic transaction device is shifted to a warning state different from the normal state in which the normal transaction is possible. Security can be improved without using a pattern file that contains.
 別の実施形態では、自動取引装置は、さらに、
 ネットワークを介して外部装置に接続され、前記外部装置との間で情報のやりとりを行う通信部を備え、
 前記不正検知部は、さらに、
 前記本体制御部を介して前記個人情報制御部または前記現金制御部に入力される処理の要求の発行元を確認し、前記要求が前記通信部を介した不正アクセスによるものであると検知した場合に、前記自動取引装置を前記警戒状態へと遷移させてもよい。
 このような構成とすれば、不正検知部は、さらに、個人情報制御部または現金制御部に入力される処理の要求の発行元を確認し、当該要求が通信部を介した不正アクセスによるものであると検知した場合に、自動取引装置を警戒状態へと遷移させるため、自動取引装置において、セキュリティをより向上させることができる。 In another embodiment, the automatic transaction device further comprises:
A communication unit that is connected to an external device via a network and exchanges information with the external device;
The fraud detector further includes:
When the issuer of the request for processing input to the personal information control unit or the cash control unit via the main body control unit is confirmed, and it is detected that the request is due to unauthorized access via the communication unit In addition, the automatic transaction apparatus may be shifted to the alert state.
With such a configuration, the fraud detection unit further confirms the issuer of the processing request input to the personal information control unit or the cash control unit, and the request is due to unauthorized access via the communication unit. If the automatic transaction apparatus is detected to be present, the automatic transaction apparatus is transitioned to the alert state, so that the security can be further improved in the automatic transaction apparatus.
 別の実施形態では、自動取引装置の前記不正検知部は、さらに、
 前記本体制御部を介して前記個人情報制御部または前記現金制御部に入力される処理の要求に用いられる電文の構造を確認し、前記要求に用いられている標準インタフェースが不正な標準インタフェースであると検知した場合に、前記自動取引装置を前記警戒状態へと遷移させてもよい。
 このような構成とすれば、不正検知部は、さらに、本体制御部を介して個人情報制御部または現金制御部に入力される処理の要求に用いられる電文の構造を確認し、当該要求に用いられている標準インタフェースが不正な標準インタフェースであると検知した場合に、自動取引装置を警戒状態へと遷移させるため、自動取引装置において、セキュリティをより向上させることができる。 In another embodiment, the fraud detector of the automatic transaction apparatus further includes:
The structure of a message used for a request for processing input to the personal information control unit or the cash control unit via the main body control unit is confirmed, and the standard interface used for the request is an invalid standard interface. The automatic transaction apparatus may be transitioned to the alert state.
With such a configuration, the fraud detection unit further confirms the structure of the message used for the request for processing input to the personal information control unit or the cash control unit via the main body control unit, and uses it for the request. When it is detected that the standard interface being used is an unauthorized standard interface, the automatic transaction apparatus is transitioned to the alert state, so that the security can be further improved in the automatic transaction apparatus.
 別の実施形態では、自動取引装置は、さらに、
 前記不正検知部における処理のために用いられる情報であって、前記不正プログラムと、前記不正アクセスと、前記不正な標準インタフェースと、の少なくともいずれか1つを検知するための方法に関する方法情報と、前記警戒状態において実行される処理の内容に関する処理情報と、が予め関連付けて記憶された記憶部を備えてもよい。
 このような構成とすれば、不正プログラムと、不正アクセスと、不正な標準インタフェースと、の少なくともいずれか1つを検知するための方法に関する方法情報と、警戒状態において実行される処理の内容に関する処理情報と、が予め関連付けて記憶された記憶部を備え、不正検知部は、当該情報を用いて処理を行う。この結果、不正検知部は、警戒状態において、方法情報に応じて、それぞれ別個の処理を実行することも可能となり、処理の柔軟性を向上させることができる。 In another embodiment, the automatic transaction device further comprises:
Information used for processing in the fraud detection unit, method information relating to a method for detecting at least one of the fraudulent program, the fraudulent access, and the fraudulent standard interface; You may provide the memory | storage part by which the process information regarding the content of the process performed in the said alert state was previously linked | related and memorize | stored.
With such a configuration, method information related to a method for detecting at least one of an unauthorized program, unauthorized access, and an unauthorized standard interface, and processing related to the contents of processing executed in the alert state And a storage unit that stores information in association with each other in advance, and the fraud detection unit performs processing using the information. As a result, the fraud detection unit can also execute separate processes according to the method information in the alert state, and the process flexibility can be improved.
 別の実施形態では、自動取引装置の前記不正検知部は、さらに、
 前記個人情報制御部または前記現金制御部に対する処理の要求が、未知の種類である場合と、未知の発行元から発行されている場合と、未知の電文構造である場合と、の少なくともいずれかである場合に、当該要求を学習してもよい。
 このような構成とすれば、不正検知部は、さらに、個人情報制御部または現金制御部に対する処理の要求が、未知の種類である場合と、未知の発行元から発行されている場合と、未知の電文構造である場合と、の少なくともいずれかである場合に、当該要求を学習することができる。 In another embodiment, the fraud detector of the automatic transaction apparatus further includes:
The processing request for the personal information control unit or the cash control unit is an unknown type, issued from an unknown issuer, or an unknown message structure. In some cases, the request may be learned.
With such a configuration, the fraud detection unit further determines that the processing request for the personal information control unit or the cash control unit is of an unknown type, issued from an unknown issuer, and unknown. The request can be learned when the message structure is at least one of the message structures.
 別の実施形態では、自動取引装置の前記警戒状態において実行される処理は、前記自動取引装置の休止処理と、前記自動取引装置における各処理のトレース記録処理と、のいずれか一方であってもよい。
 このような構成とすれば、不正検知部が、不正プログラムと、不正アクセスと、不正な標準インタフェースと、の少なくともいずれか1つを検知した場合に、自動取引装置の状態を、休止状態と、トレース記録状態のいずれかに遷移させることができる。 In another embodiment, the process executed in the alert state of the automatic transaction apparatus may be any one of a pause process of the automatic transaction apparatus and a trace recording process of each process in the automatic transaction apparatus Good.
With such a configuration, when the fraud detection unit detects at least one of the fraudulent program, the fraudulent access, and the fraudulent standard interface, the state of the automatic transaction apparatus is changed to the dormant state, Transition to any of the trace recording states can be made.
 別の実施形態では、自動取引装置は、さらに、
 前記自動取引装置の管理者からの前記処理情報の変更を受け付けるための係員操作部を備えてもよい。
 このような構成とすれば、自動取引装置の管理者からの処理情報の変更を受け付けることができる。この結果、自動取引装置の利便性を向上させることができる。 In another embodiment, the automatic transaction device further comprises:
You may provide the clerk operation part for receiving the change of the said processing information from the manager of the said automatic transaction apparatus.
With such a configuration, it is possible to accept a change in processing information from an administrator of the automatic transaction apparatus. As a result, the convenience of the automatic transaction apparatus can be improved.
 別の実施形態では、自動取引装置の前記不正検知部は、さらに、
 前記不正プログラムと、前記不正アクセスと、前記不正な標準インタフェースと、の少なくともいずれか1つを検知した場合に、前記外部装置に対して、不正を検知した旨を通知してもよい。
 このような構成とすれば、不正検知部は、さらに、不正プログラムと、不正アクセスと、不正な標準インタフェースと、の少なくともいずれか1つを検知した場合に、外部装置に対して、不正を検知した旨を通知するため、自動取引装置の外部に対しても警戒を喚起することができる。 In another embodiment, the fraud detector of the automatic transaction apparatus further includes:
When at least one of the unauthorized program, the unauthorized access, and the unauthorized standard interface is detected, the external device may be notified that the unauthorizedness has been detected.
With such a configuration, the fraud detection unit further detects fraud with respect to the external device when detecting at least one of an illegal program, unauthorized access, and an unauthorized standard interface. In order to notify the fact that it has been done, it is possible to alert the outside of the automatic transaction apparatus.
 別の実施形態では、自動取引装置の前記記憶部には、さらに、
 前記一連の取引処理において前記自動取引装置がとりうる複数の前記内部状態に対して、前記処理の要求の種類ごとに、処理の実行の可能/不可能を対応付けた要求傾向情報が予め記憶され、
 前記不正検知部は、
 前記本体制御部を介して前記個人情報制御部または前記現金制御部に入力される処理の要求の種類が、前記要求傾向情報において、現在の前記自動取引装置の前記内部状態に対して不可能であると対応付けられている場合に、前記要求が前記不正プログラムによるものであると検知してもよい。
 このような構成とすれば、不正検知部は、本体制御部を介して入力される処理の要求の種類が、要求傾向情報において現在の自動取引装置の内部状態に対して不可能であると対応付けられている場合に、当該要求が不正プログラムによるものであると検知するため、現在の自動取引装置の内部状態では不可能とされている処理の要求、換言すれば、現在の自動取引装置の内部状態では予定されていない処理の要求を、不正プログラムによるものであると検知することができる。 In another embodiment, the storage unit of the automatic transaction apparatus further includes:
Request trend information is stored in advance for each of the types of request for the processing, which indicates whether the processing can be executed or not, with respect to the plurality of internal states that the automatic transaction apparatus can take in the series of transaction processing. ,
The fraud detector
The type of processing request input to the personal information control unit or the cash control unit via the main body control unit is not possible with respect to the current internal state of the automatic transaction apparatus in the request trend information. If the request is associated with the program, it may be detected that the request is due to the malicious program.
With this configuration, the fraud detection unit responds that the type of processing request input via the main body control unit is not possible with respect to the current internal state of the automatic transaction apparatus in the request trend information. In order to detect that the request is due to a fraudulent program, in other words, a processing request that is impossible in the current internal state of the automatic transaction apparatus, in other words, the current automatic transaction apparatus It is possible to detect that a request for processing that is not scheduled in the internal state is caused by an unauthorized program.
 別の実施形態では、自動取引装置の前記不正検知部は、
 前記本体制御部を介して前記個人情報制御部または前記現金制御部に入力される処理の要求が規定とは異なる通信ポートから入力された場合と、前記本体制御部を介して前記個人情報制御部または前記現金制御部に入力される処理の要求の発行元が予め許可された発行元とは異なる場合に、前記要求が前記不正アクセスによるものであると検知してもよい。
 このような構成とすれば、不正検知部は、本体制御部を介して入力される処理の要求が規定とは異なる通信ポートから入力された場合と、本体制御部を介して入力される処理の要求の発行元が予め許可された発行元とは異なる場合に、当該要求が不正アクセスによるものであると検知するため、要求の入力ポート情報と、要求の発行元情報とを用いて、不正アクセスの検知を行うことができる。 In another embodiment, the fraud detector of the automatic transaction apparatus is
When a request for processing input to the personal information control unit or the cash control unit via the main body control unit is input from a communication port different from a regulation, the personal information control unit via the main body control unit Alternatively, when the issuer of the process request input to the cash control unit is different from the issuer permitted in advance, the request may be detected as being due to the unauthorized access.
With such a configuration, the fraud detection unit performs processing when the request for processing input via the main body control unit is input from a communication port different from the regulation and when input via the main body control unit. If the issuer of the request is different from the issuer authorized in advance, unauthorized access is detected using the input port information of the request and the issuer information of the request in order to detect that the request is due to unauthorized access. Can be detected.
 別の実施形態では、自動取引装置の前記記憶部には、さらに、
 前記標準インタフェースごとに、前記電文の構造の特徴と、処理の実行の許可/不許可を対応付けたI/F認識情報が予め記憶され、
 前記不正検知部は、
 前記本体制御部を介して前記個人情報制御部または前記現金制御部に入力される処理の要求に用いられている電文の構造が、前記I/F認識情報において不許可であると対応付けられている場合に、前記要求に用いられている標準インタフェースが不正な標準インタフェースであると検知してもよい。
 このような構成とすれば、不正検知部は、本体制御部から入力される処理の要求に用いられている電文の構造が、I/F認識情報において不許可であると対応付けられている場合に、当該要求に用いられている標準インタフェースが不正な標準インタフェースであると検知するため、電文の構造の特徴を用いて不正な標準インタフェースの検知を行うことができる。 In another embodiment, the storage unit of the automatic transaction apparatus further includes:
For each standard interface, I / F recognition information that associates the characteristics of the structure of the message with permission / non-permission of processing execution is stored in advance,
The fraud detector
The structure of a message used for a request for processing input to the personal information control unit or the cash control unit via the main body control unit is associated with being not permitted in the I / F recognition information. If it is, the standard interface used for the request may be detected as an invalid standard interface.
With this configuration, the fraud detection unit is associated with the structure of the message used for the processing request input from the main body control unit being not permitted in the I / F recognition information. In addition, since it is detected that the standard interface used in the request is an unauthorized standard interface, the unauthorized standard interface can be detected using the characteristics of the structure of the message.
 本発明の一実施形態としての現金自動取引システムは、
 自動取引装置と、
 サーバと、
を備え、
 前記自動取引装置は、
 前記自動取引装置の各部を制御する本体制御部と、
 利用者の個人情報を取得する個人情報制御部と、
 現金の授受を行う現金制御部と、
を備え、
 前記サーバは、
 前記個人情報制御部または前記現金制御部が受信した処理の要求の種類と、一連の取引処理における前記自動取引装置の内部状態と、を用いて、前記要求が、前記自動取引装置に内在する不正プログラムによるものであるか否かを検知する不正検知部を備え、
 前記個人情報制御部と、前記現金制御部とは、
 前記本体制御部からの処理の要求を受信した際に、前記サーバへ、当該要求が前記不正プログラムによるものであるか否かを問い合わせ、
 前記不正検知部は、
 当該要求が前記不正プログラムによるものであると検知した場合に、前記自動取引装置を、通常の取引が可能な通常状態とは異なる警戒状態へと遷移させてもよい。
 このような構成とすれば、不正検知部を外部のサーバに備える自動取引装置においても同様の効果を得ることができる。さらに、このような構成とすれば、外部のサーバで一括して不正プログラムの検知を行うため、自動取引装置の処理負担を軽減させると共に、検知した不正プログラムに関する情報の一元化を図ることができる。 An automatic cash transaction system as one embodiment of the present invention is:
An automatic transaction device;
Server,
With
The automatic transaction apparatus is
A main body control unit for controlling each part of the automatic transaction apparatus;
A personal information control unit for acquiring personal information of the user;
A cash control unit for sending and receiving cash;
With
The server
Using the type of processing request received by the personal information control unit or the cash control unit and the internal state of the automatic transaction apparatus in a series of transaction processing, the request is an improper in the automatic transaction apparatus It is equipped with a fraud detector that detects whether it is a program,
The personal information control unit and the cash control unit are:
When receiving a processing request from the main body control unit, the server is inquired whether the request is due to the unauthorized program,
The fraud detector
When it is detected that the request is due to the unauthorized program, the automatic transaction apparatus may be shifted to a warning state different from a normal state in which a normal transaction is possible.
With such a configuration, the same effect can be obtained even in an automatic transaction apparatus provided with an fraud detection unit in an external server. Furthermore, with such a configuration, since the malicious program is collectively detected by the external server, it is possible to reduce the processing load on the automatic transaction apparatus and to centralize information regarding the detected malicious program.
 なお、本発明は、種々の態様で実現することが可能である。例えば、本発明は、自動取引装置(現金自動取引装置、自動販売機、自動券売機等)、自動取引システム、自動取引装置の制御方法のほか、それらの方法または装置の機能を実現するためのコンピュータプログラム、そのコンピュータプログラムを記憶した非一時的(non-transitory)な媒体等の形態で実現することができる。 Note that the present invention can be realized in various modes. For example, the present invention provides an automatic transaction device (cash automatic transaction device, automatic vending machine, automatic ticket vending machine, etc.), automatic transaction system, control method of automatic transaction device, and a function of those methods or devices. The present invention can be realized in the form of a computer program, a non-transitory medium storing the computer program, and the like.
本発明の一実施例としての現金自動取引装置のハードウェア構成を概略的に示す説明図である。It is explanatory drawing which shows roughly the hardware constitutions of the automatic teller machine as one Example of this invention. ATMのソフトウェア構成を概略的に示す説明図である。It is explanatory drawing which shows the software structure of ATM roughly. 不正検知情報の一例を示す説明図である。It is explanatory drawing which shows an example of fraud detection information. 要求傾向情報の一例を示す説明図である。It is explanatory drawing which shows an example of request | requirement tendency information. I/F認識情報の一例を示す説明図である。It is explanatory drawing which shows an example of I / F recognition information. 本体制御部が実行する一連の取引処理において不正検知処理が実行される様子を示すシーケンス図である。It is a sequence diagram which shows a mode that a fraud detection process is performed in a series of transaction processes which a main body control part performs. 不正検知処理の手順を示すフローチャートである。It is a flowchart which shows the procedure of a fraud detection process. 要求傾向の学習により更新された要求傾向情報の一例を示している。An example of request tendency information updated by learning of request tendency is shown. 標準I/F認識処理の手順を示すフローチャートである。It is a flowchart which shows the procedure of a standard I / F recognition process. 不正検知処理における処理情報の変更に使用される設定画面の一例を示す説明図である。It is explanatory drawing which shows an example of the setting screen used for the change of the process information in a fraud detection process. 第2実施例における現金自動取引システムの概略構成を示す説明図である。It is explanatory drawing which shows schematic structure of the automatic cash transaction system in 2nd Example.
 次に、本発明の実施の形態を実施例に基づいて以下の順序で説明する。 Next, embodiments of the present invention will be described in the following order based on examples.
A.第1実施例:
(A-1)ハードウェア構成:
 図1は、本発明の一実施例としての現金自動取引装置のハードウェア構成を概略的に示す説明図である。現金自動取引装置10(以降、「ATM」とも呼ぶ。)ATM10は、例えば、金融機関や小売店、公共施設等に設置され、利用者の操作に従って金融機関等の提供する現金出納等のサービスを自動で提供する装置である。ATM10は、現金自動預け払い機とも呼ばれる。 A. First embodiment:
(A-1) Hardware configuration:
FIG. 1 is an explanatory diagram schematically showing a hardware configuration of an automatic teller machine as an embodiment of the present invention. Automatic cash transaction apparatus 10 (hereinafter also referred to as “ATM”) ATM 10 is installed in, for example, a financial institution, a retail store, a public facility, etc., and provides services such as cash accounting provided by the financial institution according to user operations. This is an automatic device. ATM10 is also called an automatic teller machine.
 ATM10は、カード機構22と、通帳機構24と、明細票機構26と、硬貨機構32と、紙幣機構34と、顧客操作部42と、係員操作部44と、制御ユニット50と、ジャーナル印字機構60とを備える。なお、図1では、説明上必要としない他の構成部については図示を省略している。このことは、後述する図においても同様である。 The ATM 10 includes a card mechanism 22, a passbook mechanism 24, a statement slip mechanism 26, a coin mechanism 32, a bill mechanism 34, a customer operation unit 42, a staff operation unit 44, a control unit 50, and a journal printing mechanism 60. With. In FIG. 1, illustration of other components that are not necessary for the description is omitted. This also applies to the drawings described later.
 カード機構22は、カードスロットから挿入されたキャッシュカードから、利用者の口座番号等の情報を読み取るための機構である。通帳機構24は、通帳スロットから挿入された通帳から、利用者の口座番号等の情報を読み取ると共に、通帳に対して取引内容等の印字を行うための機構である。明細票機構26は、利用者の取引内容を印字した明細票を発行するための機構である。 The card mechanism 22 is a mechanism for reading information such as a user's account number from a cash card inserted from a card slot. The passbook mechanism 24 is a mechanism for reading information such as a user's account number from a passbook inserted from a passbook slot and printing transaction contents on the passbook. The statement slip mechanism 26 is a mechanism for issuing a statement slip on which the transaction details of the user are printed.
 硬貨機構32は、利用者との硬貨の授受を行う機構である。紙幣機構34は、利用者との紙幣(以降、「紙葉類」とも呼ぶ。)の授受を行う機構である。紙幣機構34は、入金時には、利用者から挿入された紙幣を識別し、金種毎に分類した上で保管する。また、出金時には、利用者から指示された金額分の紙幣を繰り出し、入出金口から利用者へ受け渡す。 The coin mechanism 32 is a mechanism that exchanges coins with users. The bill mechanism 34 is a mechanism that exchanges bills (hereinafter also referred to as “paper sheets”) with a user. The banknote mechanism 34 identifies the banknote inserted from the user at the time of money_receiving | payment, and stores it after classifying for every money type. Further, at the time of withdrawal, banknotes for the amount instructed by the user are paid out and delivered from the deposit / withdrawal port to the user.
 顧客操作部42は、ATM10の前面に設けられたタッチパネルを介して、取引に必要な情報を表示すると共に、利用者からの操作を受け付けるためのユーザインタフェースである。係員操作部44は、ATM10の背面に設けられたタッチパネルを介して、ATM10の管理のための情報を表示すると共に、管理者からの操作を受け付けるためのユーザインタフェースである。なお、顧客操作部42と、係員操作部44とは、タッチパネルに代えて、ディスプレイと押しボタン等で構成されてもよい。 The customer operation unit 42 is a user interface for displaying information necessary for the transaction and accepting an operation from the user via a touch panel provided on the front surface of the ATM 10. The clerk operation unit 44 is a user interface for displaying information for managing the ATM 10 and accepting operations from the administrator via a touch panel provided on the back of the ATM 10. The customer operation unit 42 and the clerk operation unit 44 may be configured with a display, a push button, and the like instead of the touch panel.
 ジャーナル印字機構60は、利用者との取引内容等を所定のジャーナル用紙に逐次印字するための機構である。なお、ジャーナル印字機構60には、紙媒体に印字する方法に代えて、データベースや、ファイル等の電子媒体を用いて記録を残す電子ジャーナルの方法を採用してもよい。 The journal printing mechanism 60 is a mechanism for sequentially printing transaction contents with the user on predetermined journal paper. Note that the journal printing mechanism 60 may employ an electronic journal method that leaves a record using an electronic medium such as a database or a file, instead of the method of printing on a paper medium.
 制御ユニット50は、上述の各機構を制御する。制御ユニット50は、CPUやメモリ、ハードディスク、ネットワークインタフェース等を備えるコンピュータとして構成されている。 The control unit 50 controls each mechanism described above. The control unit 50 is configured as a computer including a CPU, a memory, a hard disk, a network interface, and the like.
(A-2)ソフトウェア構成:
 図2は、ATM10のソフトウェア構成を概略的に示す説明図である。制御ユニット50の図示しないハードディスクには、制御ユニット50の機能を実現するための各種の制御プログラムがインストールされている。制御ユニット50のCPU51は、メモリ300をワークエリアとして用い、これらの各種制御プログラムを実行することで、図2に示す各機能部として機能する。 (A-2) Software configuration:
FIG. 2 is an explanatory diagram schematically showing the software configuration of the ATM 10. Various control programs for realizing the functions of the control unit 50 are installed in a hard disk (not shown) of the control unit 50. The CPU 51 of the control unit 50 functions as each functional unit shown in FIG. 2 by using the memory 300 as a work area and executing these various control programs.
 制御ユニット50は、本体制御部100と、不正検知部110と、タッチパネル制御部200と、記憶部300と、通信部400と、カード機構制御部500と、通帳機構制御部510と、明細票機構制御部520と、紙幣機構制御部600と、硬貨機構制御部610と、ジャーナル制御部700と、を機能部として備えている。 The control unit 50 includes a main body control unit 100, a fraud detection unit 110, a touch panel control unit 200, a storage unit 300, a communication unit 400, a card mechanism control unit 500, a passbook mechanism control unit 510, and a statement slip mechanism. A control unit 520, a bill mechanism control unit 600, a coin mechanism control unit 610, and a journal control unit 700 are provided as functional units.
 本体制御部100は、利用者からの指示により、図2の各機能部を制御しつつ、ATM10の種々の取引処理を実行する機能を有する。不正検知部110は、ATM10に内在する不正プログラムや、ATM10に対する不正アクセスや、不正な標準インタフェースを検知するための不正検知処理(詳細は後述)を実行する機能を有する。 The main body control unit 100 has a function of executing various transaction processes of the ATM 10 while controlling each functional unit of FIG. 2 according to an instruction from the user. The fraud detection unit 110 has a function of executing fraud detection processing (details will be described later) for detecting a fraud program inherent in the ATM 10, illegal access to the ATM 10, and an illegal standard interface.
 なお、本実施例において、「不正プログラム」とは、ATM10のメーカが提供する正規なプログラム以外のプログラムであって、ATM10の利用者や管理者、ATM10を運用する金融機関等が予期しない不正な出金操作や、個人情報の取得操作を行うプログラムを意味する。また、「不正アクセス」とは、既定の通信ポートとは異なる通信ポートからのATM10に対するアクセスや、予め許可された装置以外の装置からのATM10に対するアクセスを意味する。また、「不正な標準インタフェース」とは、予め許可された標準インタフェース以外の標準インタフェースを用いたATM10に対するアクセスを意味する。ここで、「標準インタフェース」とは、ATM10の各機能部間でやり取りされる電文(命令コマンド)の構造等について定められた規約を意味する。 In this embodiment, the “illegal program” is a program other than a legitimate program provided by the manufacturer of ATM 10, and is an unauthorized program unexpected by an ATM 10 user, administrator, financial institution operating ATM 10, or the like. It means a program that performs withdrawal operations and personal information acquisition operations. “Unauthorized access” means access to the ATM 10 from a communication port different from the default communication port, or access to the ATM 10 from a device other than a device permitted in advance. The “illegal standard interface” means access to the ATM 10 using a standard interface other than the standard interface permitted in advance. Here, the “standard interface” means a rule defined for a structure of a message (command command) exchanged between each function unit of the ATM 10.
 タッチパネル制御部200は、顧客操作部42および係員操作部44に用いられているタッチパネルの動作を制御する。具体的には、タッチパネル制御部200は、タッチパネルに対する情報の表示や、タッチパネルに対する利用者、管理者からの入力の取得を行う。 The touch panel control unit 200 controls the operation of the touch panel used in the customer operation unit 42 and the staff operation unit 44. Specifically, the touch panel control unit 200 displays information on the touch panel and acquires input from the user and the administrator on the touch panel.
 記憶部300は、不正検知部110による不正検知処理において用いられる情報が格納されている。具体的には、記憶部300には、ATM10に内在する不正プログラムや、ATM10に対する不正アクセスを検知するために用いられる不正検知情報310および要求傾向情報330と、不正な標準インタフェースを検知するために用いられるI/F認識情報320と、を含んでいる。詳細は後述する。 The storage unit 300 stores information used in fraud detection processing by the fraud detection unit 110. Specifically, in the storage unit 300, in order to detect unauthorized programs existing in the ATM 10, unauthorized detection information 310 and request trend information 330 used to detect unauthorized access to the ATM 10, and unauthorized standard interfaces. I / F recognition information 320 to be used. Details will be described later.
 通信部400は、図示しないネットワークインタフェースを含み、所定のプロトコルに沿って外部装置(ATM10の外部に設けられる種々の装置。例えば、ATM10の管理装置や、サーバ等)との間で情報のやり取りを行う。なお、本実施例では、通信部400は、100BASE-Tのネットワークインタフェースを備え、TCP/IPプロトコルに沿って外部装置との通信を行うものとする。 The communication unit 400 includes a network interface (not shown), and exchanges information with an external device (various devices provided outside the ATM 10, such as a management device or a server of the ATM 10) according to a predetermined protocol. Do. In this embodiment, the communication unit 400 includes a 100BASE-T network interface, and performs communication with an external device according to the TCP / IP protocol.
 カード機構制御部500は、カード機構22を制御する機能を有する。同様に、通帳機構制御部510は通帳機構24を、明細票機構制御部520は明細票機構26を、紙幣機構制御部600は紙幣機構34を、硬貨機構制御部610は硬貨機構32を、ジャーナル制御部700はジャーナル印字機構60を、それぞれ制御する機能を有する。 The card mechanism control unit 500 has a function of controlling the card mechanism 22. Similarly, the passbook mechanism control unit 510 is the passbook mechanism 24, the statement slip mechanism control unit 520 is the statement slip mechanism 26, the bill mechanism control unit 600 is the bill mechanism 34, the coin mechanism control unit 610 is the coin mechanism 32, and the journal. The control unit 700 has a function of controlling the journal printing mechanism 60.
 図3は、不正検知情報310の一例を示す説明図である。不正検知情報310は、不正検知部110の実行する不正検知処理において、不正プログラムや、不正アクセスの対策のために用いられる情報であり、テーブル形式で保持されている。不正検知情報310は、番号と、検知方法と、状態と、の各フィールドを含んでいる。 FIG. 3 is an explanatory diagram showing an example of the fraud detection information 310. The fraud detection information 310 is information used for countermeasures against fraudulent programs and unauthorized access in the fraud detection processing executed by the fraud detection unit 110, and is held in a table format. The fraud detection information 310 includes fields of a number, a detection method, and a state.
 番号フィールドには、各エントリに格納されている情報を相互に識別するための識別情報として、一意な番号が付与されている。検知方法フィールドには、ATM10に内在する不正プログラムや、ATM10に対する不正アクセスを検知するための方法が格納されている。状態フィールドには、検知方法に格納された方法によって、不正プログラムや不正アクセスが検知された場合に、ATM10を遷移させるべき状態が格納されている。 In the number field, a unique number is assigned as identification information for mutually identifying information stored in each entry. The detection method field stores a malicious program inherent in the ATM 10 and a method for detecting unauthorized access to the ATM 10. The state field stores a state to which the ATM 10 should transition when an unauthorized program or unauthorized access is detected by the method stored in the detection method.
 例えば、図3の番号1で識別されるエントリでは、検知方法として「要求の傾向と一致しているか」を確認することを示している。なお、要求の傾向については後述する。また、確認の結果、不正が検知された場合、ATM10を「トレース記録しつつ、取引許可」状態とすることを示している。さらに、例えば、番号2で識別されるエントリでは、検知方法として「処理の要求を受信したポートは、TCP/IP通信の割り当てられているポートであるか」を確認することを示している。また、確認の結果、不正が検知された場合、ATM10を「取引中止」状態とすることを示している。さらに、例えば、番号3で識別されるエントリでは、検知方法として「処理の要求元である装置のIPアドレスやMACアドレスは、ATM10にアクセスが許可されている装置のIPアドレスやMACアドレスと一致するか」を確認することを示している。また、確認の結果、不正が検知された場合、ATM10を「取引中止」状態とすることを示している。 For example, the entry identified by number 1 in FIG. 3 indicates that “is it consistent with the request tendency” as a detection method. The request tendency will be described later. In addition, if fraud is detected as a result of the confirmation, it indicates that the ATM 10 is put into a “permitted transaction while recording trace”. Furthermore, for example, the entry identified by the number 2 indicates that “whether the port that received the processing request is a port to which TCP / IP communication is assigned” is confirmed as a detection method. In addition, if fraud is detected as a result of the confirmation, it indicates that the ATM 10 is put in a “transaction canceled” state. Further, for example, in the entry identified by the number 3, as the detection method, “the IP address or MAC address of the device that is the processing request source matches the IP address or MAC address of the device that is permitted to access the ATM 10. It is shown to confirm. In addition, if fraud is detected as a result of the confirmation, it indicates that the ATM 10 is put in a “transaction canceled” state.
 なお、図3では、検知方法フィールドに格納された不正プログラムや不正アクセスを検知するための方法に関する情報を「方法情報」とも呼ぶ。また、状態フィールドに格納された、ATM10を遷移させるべき状態を示す情報を「処理情報」とも呼ぶ。さらに、ATM10が、「取引中止」状態や、「トレース記録しつつ、取引許可」にあることを、ATM10が「警戒状態」にあるとも言う。警戒状態は、ATM10において、通常の取引が可能な通常状態とは異なる状態である。 In FIG. 3, information related to a method for detecting an unauthorized program and unauthorized access stored in the detection method field is also referred to as “method information”. Information stored in the state field and indicating the state to which the ATM 10 should transition is also referred to as “processing information”. Furthermore, it is also said that the ATM 10 is in the “warning state” that the ATM 10 is in the “transaction aborted” state or the “transaction permission while recording trace”. The alert state is a state different from the normal state in which normal transactions are possible in the ATM 10.
 図4は、要求傾向情報330の一例を示す説明図である。要求傾向情報330は、不正検知部110の実行する不正検知処理において、本体制御部100が実行する取引処理を監視することで、不正プログラムを検知するために用いられる情報であり、テーブル形式で保持されている。要求傾向情報330は、番号と、内部状態と、機能部と、の各フィールドを含んでいる。 FIG. 4 is an explanatory diagram showing an example of the request trend information 330. The request tendency information 330 is information used to detect a fraudulent program by monitoring transaction processing executed by the main body control unit 100 in fraud detection processing executed by the fraud detection unit 110, and is held in a table format. Has been. The request tendency information 330 includes fields of a number, an internal state, and a function unit.
 番号フィールドには、各エントリに格納されている情報を相互に識別するための識別情報として、一意な番号が付与されている。内部状態フィールドには、一連の取引処理におけるATM10の内部状態の名称が格納されている。「内部状態」とは、ATM10に対する利用者の要求に基づき、本体制御部100が実行する一連の取引処理(例えば、一連の出金処理や、一連の入金処理等)の中でのステップを意味する。 In the number field, a unique number is assigned as identification information for mutually identifying information stored in each entry. In the internal state field, the name of the internal state of the ATM 10 in a series of transaction processes is stored. “Internal state” means a step in a series of transaction processes (for example, a series of withdrawal processes, a series of deposit processes, etc.) executed by the main body control unit 100 based on a user request for the ATM 10. To do.
 機能部フィールドには、さらに、ATM10に含まれる各機能部(図2)のうち、現金の授受を行う機能部(現金制御部)と、利用者の個人情報を取得する機能部(個人情報制御部)との名称を、それぞれ示すフィールドが含まれている。なお、図4に示した機能部のうち、暗証番号制御部と、取引選択制御部とは、本体制御部100の内部に含まれる制御部である。各フィールドのエントリには、本体制御部100が実行する一連の取引処理におけるATM10の内部状態に対応させて、各機能部における処理が可能であるか、不可能であるかを示す情報が格納されている。具体的には、ある機能部における処理が可能である場合は、当該機能部における処理を行ったのち遷移する内部状態の番号が格納されている(図4:ハッチングなし領域)。また、ある機能部における処理が不可能である場合は、空値が格納されている(図4:斜線ハッチング領域)。 In the functional part field, among the functional parts (FIG. 2) included in the ATM 10, a functional part (cash control part) that transfers and receives cash, and a functional part (personal information control) that acquires personal information of the user A field indicating the name of each part). Note that, among the functional units illustrated in FIG. 4, the personal identification number control unit and the transaction selection control unit are control units included in the main body control unit 100. In each field entry, information indicating whether or not processing in each functional unit is possible or impossible is stored in correspondence with the internal state of the ATM 10 in a series of transaction processing executed by the main body control unit 100. ing. Specifically, when the process in a certain functional unit is possible, the number of the internal state to which transition is made after performing the process in the functional unit is stored (FIG. 4: area without hatching). Further, when the processing in a certain functional unit is impossible, a null value is stored (FIG. 4: hatched hatching area).
 例えば、図4の例では、番号1で識別されるエントリからは、本体制御部100が実行する一連の取引処理におけるATM10の内部状態がアイドル状態である場合、カード機構制御部と、取引選択制御部による処理が可能であり、その他の制御部(紙幣機構制御部等)による処理は不可能であることがわかる。また、カード機構制御部によるカード読み取り処理が行われた後、ATM10は、番号3の取引選択待ち状態へ遷移することがわかる。同様に、取引選択制御部による読み取り処理が行われた後、ATM10は番号2のカード挿入待ち状態へ遷移することがわかる。 For example, in the example of FIG. 4, from the entry identified by the number 1, when the internal state of the ATM 10 in a series of transaction processes executed by the main body control unit 100 is in an idle state, the card mechanism control unit and the transaction selection control It is understood that the processing by the control unit is possible and the processing by other control units (banknote mechanism control unit or the like) is impossible. Moreover, after the card reading process by the card mechanism control unit is performed, it can be seen that the ATM 10 shifts to a transaction selection waiting state of number 3. Similarly, it is understood that after the reading process by the transaction selection control unit is performed, the ATM 10 shifts to a card insertion waiting state of number 2.
 番号2で識別されるエントリからは、ATM10の内部状態がカード挿入待ち状態である場合、カード機構制御部による処理のみが可能であり、その他の制御部による処理は不可能であることがわかる。また、カード機構制御部による処理の後、ATM10は、番号4の暗証番号入力待ち状態へ遷移することがわかる。番号3で識別されるエントリからは、ATM10の内部状態が取引選択待ち状態である場合、取引選択制御部によるによる処理のみが可能であり、その他の制御部による処理は不可能であることがわかる。また、取引選択制御部による処理の後、ATM10は、番号4の暗証番号入力待ち状態へ遷移することがわかる。 From the entry identified by the number 2, it can be seen that when the internal state of the ATM 10 is a card insertion waiting state, only the processing by the card mechanism control unit is possible and the processing by the other control units is impossible. Also, after the processing by the card mechanism control unit, it can be seen that the ATM 10 shifts to the number 4 password input waiting state. From the entry identified by the number 3, it is understood that when the internal state of the ATM 10 is in the transaction selection waiting state, only the processing by the transaction selection control unit is possible, and the processing by other control units is impossible. . Moreover, after the process by the transaction selection control part, it turns out that ATM10 changes to the password number input waiting state of the number 4.
 番号4で識別されるエントリからは、ATM10の内部状態が暗証番号入力待ち状態である場合、暗証番号制御部による処理のみが可能であり、その他の制御部による処理は不可能であることがわかる。また、暗証番号制御部による処理の後、ATM10は、番号6の出金金額入力待ち状態へ遷移することがわかる。番号5で識別されるエントリからは、ATM10の内部状態が暗証番号取得待ち状態である場合、暗証番号制御部による処理のみが可能であり、その他の制御部による処理は不可能であることがわかる。また、暗証番号制御部による処理の後、ATM10は、番号6の出金金額入力待ち状態へ遷移することがわかる。 From the entry identified by the number 4, it can be seen that when the internal state of the ATM 10 is waiting for the PIN number input, only the processing by the PIN number control unit is possible, and the processing by other control units is impossible. . Further, it can be seen that after the processing by the personal identification number control unit, the ATM 10 shifts to a withdrawal amount input waiting state of No. 6. From the entry identified by the number 5, it can be seen that when the internal state of the ATM 10 is waiting for the PIN number acquisition, only the processing by the PIN number control unit is possible and the processing by other control units is impossible. . Further, it can be seen that after the processing by the personal identification number control unit, the ATM 10 shifts to a withdrawal amount input waiting state of No. 6.
 番号6で識別されるエントリからは、ATM10の内部状態が出金金額入力待ち状態である場合、暗証番号制御部による処理のみが可能であり、その他の制御部による処理は不可能であることがわかる。また、暗証番号制御部による処理の後、ATM10は、番号7の出金要求待ち状態へ遷移することがわかる。番号7で識別されるエントリからは、ATM10の内部状態が出金要求待ち状態である場合、紙幣機構制御部または硬貨機構制御部による処理のみが可能であり、その他の制御部による処理は不可能であることがわかる。また、紙幣機構制御部または硬貨機構制御部による処理の後、ATM10は、番号8のカード/明細抜き取り待ち状態へ遷移することがわかる。 From the entry identified by number 6, if the internal state of the ATM 10 is waiting for the withdrawal amount input, only the processing by the personal identification number control unit is possible and the processing by other control units may not be possible. Recognize. Further, it can be seen that after the process by the personal identification number control unit, the ATM 10 transits to a withdrawal request waiting state of number 7. From the entry identified by the number 7, when the internal state of the ATM 10 is a withdrawal request waiting state, only the processing by the banknote mechanism control unit or the coin mechanism control unit is possible, and the processing by other control units is impossible. It can be seen that it is. Moreover, after processing by the bill mechanism control unit or the coin mechanism control unit, it can be seen that the ATM 10 transitions to a card / detail extraction waiting state of number 8.
 番号8で識別されるエントリからは、ATM10の内部状態がカード/明細抜き取り待ち状態である場合、カード機構制御部による処理のみが可能であり、その他の制御部による処理は不可能であることがわかる。また、カード機構制御部による処理の後、ATM10は、番号9の出金媒体抜き取り待ち状態へ遷移することがわかる。番号9で識別されるエントリからは、ATM10の内部状態が出金媒体抜き取り待ち状態である場合、紙幣機構制御部または硬貨機構制御部による処理のみが可能であり、その他の制御部による処理は不可能であることがわかる。また、紙幣機構制御部または硬貨機構制御部による処理の後、ATM10は、番号1のアイドル状態へ遷移することがわかる。 From the entry identified by the number 8, when the internal state of the ATM 10 is in the card / detail extraction waiting state, only the processing by the card mechanism control unit is possible, and the processing by other control units may not be possible. Recognize. Further, after the processing by the card mechanism control unit, it can be seen that the ATM 10 shifts to a withdrawal medium withdrawal waiting state of No. 9. From the entry identified by the number 9, when the internal state of the ATM 10 is the withdrawal medium withdrawal waiting state, only the processing by the banknote mechanism control unit or the coin mechanism control unit is possible, and the processing by other control units is not possible. It turns out that it is possible. Moreover, it turns out that ATM10 changes to the idle state of No. 1 after the process by a banknote mechanism control part or a coin mechanism control part.
 このように、図4に示す要求傾向情報330には、本体制御部100が実行する一連の取引処理におけるATM10の内部状態と、その内部状態において処理を実行することが可能な制御部の種類(換言すれば、許可される処理の要求の種類)とが対応付けて記憶されている。 As described above, the request trend information 330 shown in FIG. 4 includes the internal state of the ATM 10 in a series of transaction processing executed by the main body control unit 100 and the types of control units capable of executing processing in the internal state ( In other words, the types of permitted processing requests) are stored in association with each other.
 図5は、I/F認識情報320の一例を示す説明図である。I/F認識情報320は、不正検知部110の実行する不正検知処理において、不正な標準インタフェースの対策のために用いられる情報であり、テーブル形式で保持されている。I/F認識情報320は、番号と、標準インタフェース種類と、特徴と、バージョンと、状態と、の各フィールドを含んでいる。 FIG. 5 is an explanatory diagram showing an example of the I / F recognition information 320. The I / F recognition information 320 is information used for countermeasures against an illegal standard interface in the fraud detection processing executed by the fraud detector 110, and is held in a table format. The I / F recognition information 320 includes fields of a number, a standard interface type, a feature, a version, and a state.
 番号には、各エントリに格納されている情報を相互に識別するための識別情報として、一意な番号が付与されている。標準インタフェース種類には、標準インタフェースの名称が格納されている。バージョンには、標準インタフェースのバージョンが格納されている。I/F認識情報320では、標準インタフェース種類と、バージョンとの組合せで、標準インタフェースが一意に特定される。特徴には、標準インタフェース種類と、バージョンとの組合せで一意に特定された標準インタフェースごとの、電文(命令コマンド)の構造の特徴が格納されている。状態には、一意に特定された標準インタフェースごとの、ATM10の遷移先状態が格納されている。 The number is given a unique number as identification information for mutually identifying information stored in each entry. In the standard interface type, the name of the standard interface is stored. The version stores the version of the standard interface. In the I / F recognition information 320, a standard interface is uniquely specified by a combination of a standard interface type and a version. The feature stores the feature of the structure of the message (command command) for each standard interface uniquely specified by the combination of the standard interface type and the version. In the state, the transition destination state of the ATM 10 is stored for each uniquely specified standard interface.
 例えば、図5の番号1で識別されるエントリでは、標準インタフェース1のバージョン2.0の特徴として「初回起動(OPENコマンド)の入力パラメータがX個、入力パラメータのX番目の引数は“XXXXX”」であることと、「レジストリのXXXX¥XXXにキー“XXXXX”が格納されている」ことを示している。また、確認の結果、当該標準インタフェースに該当すると判定された場合、ATM10を「取引許可」状態とすることを示している。 For example, in the entry identified by the number 1 in FIG. 5, as a feature of version 2.0 of the standard interface 1, “the first activation (OPEN command) has X input parameters, and the Xth argument of the input parameters is“ XXXXXX ”. "And the key" XXXX "is stored in XXXX \ XXX of the registry". In addition, as a result of the confirmation, it is indicated that the ATM 10 is set in the “transaction permitted” state when it is determined that the standard interface is applicable.
 さらに、番号4で識別されるエントリでは、同様の標準インタフェース1のバージョン2.0の特徴として「紙幣出金命令(BCKBコマンド)の入力パラメータが1個、入力パラメータの1番目の引数は“XXXXX”+金種」であることを示している。また、確認の結果、当該標準インタフェースに該当すると判定された場合、ATM10を「取引許可」状態とすることを示している。さらに、例えば、番号nで識別されるエントリでは、番号1~n-1で識別される全てのエントリに格納された特徴を満たさない場合、ATM10を「取引中止」状態、すなわち、警戒状態とすることを示している。なお、図中のXには、任意の値を入れることができる。 Further, in the entry identified by the number 4, as a feature of version 2.0 of the same standard interface 1, “one input parameter of the bill withdrawal command (BCKB command) is one, and the first argument of the input parameter is“ XXXXXXX ”. It shows “+ denomination”. In addition, as a result of the confirmation, it is indicated that the ATM 10 is set in the “transaction permitted” state when it is determined that the standard interface is applicable. Further, for example, if the entry identified by the number n does not satisfy the characteristics stored in all the entries identified by the numbers 1 to n−1, the ATM 10 is set in the “transaction aborted” state, that is, the alert state. It is shown that. An arbitrary value can be entered in X in the figure.
 このように、図5に示すI/F認識情報320には、標準インタフェースを一意に特定するための情報と、標準インタフェースの電文の構造の特徴と、ATM10の遷移先状態(換言すれば、ATM10における処理の実行の許可/不許可)とが対応付けて記憶されている。なお、図5では、特徴フィールドに格納された電文の構造の特徴を、不正な標準インタフェースを検知するための方法に関する「方法情報」とも呼ぶ。また、状態フィールドに格納された、ATM10の遷移先状態を示す情報を「処理情報」とも呼ぶ。 As described above, the I / F recognition information 320 shown in FIG. 5 includes information for uniquely identifying the standard interface, the characteristics of the message structure of the standard interface, the transition state of the ATM 10 (in other words, the ATM 10 Are stored in association with each other. In FIG. 5, the feature of the message structure stored in the feature field is also referred to as “method information” relating to a method for detecting an unauthorized standard interface. Information indicating the transition destination state of the ATM 10 stored in the state field is also referred to as “processing information”.
(A-3)不正検知処理:
(A-3-1)処理のシーケンス:
 図6は、本体制御部100が実行する一連の取引処理において、不正検知処理が実行される様子を示すシーケンス図である。図6の例では、現金制御部の一例として紙幣機構制御部を、個人情報制御部の一例としてカード機構制御部を、それぞれ挙げ、本体制御部100が、利用者から挿入されたカードを読み取った後、紙幣の出金を行う場合を例として説明する。 (A-3) Fraud detection processing:
(A-3-1) Processing sequence:
FIG. 6 is a sequence diagram showing how the fraud detection process is executed in a series of transaction processes executed by the main body control unit 100. In the example of FIG. 6, the banknote mechanism control unit is cited as an example of the cash control unit, the card mechanism control unit is cited as an example of the personal information control unit, and the main body control unit 100 reads the card inserted from the user. After that, a case where banknotes are withdrawn will be described as an example.
 利用者からのカードの挿入を検出した本体制御部100は、カード機構制御部500に対して、挿入されたカードの読み取りを要求する電文(命令コマンド)を送信する(ステップS12)。本体制御部100からの要求を受信したカード機構制御部500は、不正検知部110に不正検知処理の実行を要求する(ステップS14)。要求を受信した不正検知部110は、不正検知処理(詳細は後述)を実行する(ステップS16)。不正検知部110は、不正検知処理において不正を検知した場合はATM10を警戒状態とし、不正を検知しなかった場合は何もしない。不正検知部110は、不正検知処理終了後、処理が終了した旨を呼び出し元に通知する(ステップS18)。通知を受けたカード機構制御部500は、挿入されたカードの読み取り処理を行う(ステップS20)。その後、カード機構制御部500は、カードの読み取り処理の結果得られた個人情報(例えば、口座名義人名、カードの番号等)を本体制御部100へ通知する(ステップS22)。 The main body control unit 100 that has detected the insertion of the card from the user transmits a message (command command) requesting reading of the inserted card to the card mechanism control unit 500 (step S12). Upon receiving the request from the main body control unit 100, the card mechanism control unit 500 requests the fraud detection unit 110 to execute fraud detection processing (step S14). The fraud detection unit 110 that has received the request executes fraud detection processing (details will be described later) (step S16). The fraud detector 110 places the ATM 10 in a warning state when fraud is detected in the fraud detection process, and does nothing if no fraud is detected. The fraud detection unit 110 notifies the caller that the process has been completed after the fraud detection process is completed (step S18). Upon receiving the notification, the card mechanism control unit 500 performs a reading process for the inserted card (step S20). Thereafter, the card mechanism control unit 500 notifies the main body control unit 100 of personal information (for example, account holder name, card number, etc.) obtained as a result of the card reading process (step S22).
 その後、例えば、処理メニューの選択や暗証番号の入力等、利用者による更なる操作が行われ、本体制御部100は、操作内容に応じた処理を行う。詳細は省略する。 Thereafter, for example, further operation by the user such as selection of a processing menu or input of a personal identification number is performed, and the main body control unit 100 performs processing according to the operation content. Details are omitted.
 利用者からの出金の指示を受けた本体制御部100は、紙幣機構制御部600に対して、指示された金額の紙幣を出金するよう要求する電文(命令コマンド)を送信する(ステップS24)。本体制御部100からの要求を受信した紙幣機構制御部600は、不正検知部110に不正検知処理の実行を要求する(ステップS26)。要求を受信した不正検知部110は、不正検知処理を実行する(ステップS28)。詳細はステップS16と同様である。不正検知部110は、不正検知処理終了後、処理が終了した旨を呼び出し元に通知する(ステップS30)。通知を受けた紙幣機構制御部600は、本体制御部100から指示された金額の紙幣の出金処理を実行する(ステップS32)。その後、紙幣機構制御部600は、出金結果を本体制御部100へ通知する(ステップS34)。 Receiving the withdrawal instruction from the user, the main body control unit 100 transmits a message (command command) requesting the banknote mechanism control unit 600 to withdraw the banknote of the instructed amount (step S24). ). The banknote mechanism control unit 600 that has received the request from the main body control unit 100 requests the fraud detection unit 110 to execute fraud detection processing (step S26). The fraud detection unit 110 that has received the request executes fraud detection processing (step S28). Details are the same as in step S16. The fraud detection unit 110 notifies the caller that the process has ended after the fraud detection process ends (step S30). Receiving the notification, the bill mechanism control unit 600 executes a bill withdrawal process for the amount of money instructed by the main body control unit 100 (step S32). Thereafter, the bill mechanism control unit 600 notifies the main body control unit 100 of the withdrawal result (step S34).
(A-3-2)不正検知処理のフローチャート:
 図7は、不正検知処理の手順を示すフローチャートである。不正検知部110は、不正検知情報310を参照し、最初のエントリに格納された検知方法である「要求の傾向と一致しているか」の確認を実行する(ステップS102)。具体的には、不正検知部110は、ATM10の現在の内部状態と、実際に本体制御部100から機能部へなされた要求の種類(例えば、カード読み取り指令や、暗証番号読み取り指令、出金指令等)とを、要求傾向情報330と照らし合わせることで、本体制御部100から機能部へなされた要求が、許可される要求の種類と一致するか否かを判定する。 (A-3-2) Fraud detection processing flowchart:
FIG. 7 is a flowchart illustrating the procedure of fraud detection processing. The fraud detection unit 110 refers to the fraud detection information 310 and performs confirmation of “matches with request tendency”, which is the detection method stored in the first entry (step S102). Specifically, the fraud detection unit 110 determines the current internal state of the ATM 10 and the type of request actually made from the main body control unit 100 to the function unit (for example, a card reading command, a password reading command, a withdrawal command). Etc.) with the request tendency information 330, it is determined whether or not the request made from the main body control unit 100 to the function unit matches the type of request allowed.
 例えば、ATM10の現在の内部状態がアイドル状態であり、本体制御部100からカード機構制御部500へカード読み取り指令がなされているケース(図6:ステップS12)においては、図4の通り、ATM10の内部状態がアイドル状態である場合、カード機構制御部による処理と取引選択制御部による処理が可能であることから、当該処理の要求は許可されるべきものである(正しい)と判定される。一方、例えば、ATM10の現在の内部状態がアイドル状態であり、本体制御部100から紙幣機構制御部600へ出金指令がなされているケースにおいては、図4の通り、ATM10の内部状態がアイドル状態である場合、カード機構制御部と取引選択制御部以外の制御部による処理は不可能であることから、当該処理の要求は許可されない(不正である)と判定される。 For example, in the case where the current internal state of the ATM 10 is an idle state and a card reading command is issued from the main body control unit 100 to the card mechanism control unit 500 (FIG. 6: step S12), as shown in FIG. When the internal state is the idle state, the processing by the card mechanism control unit and the processing by the transaction selection control unit are possible, so it is determined that the request for the processing should be permitted (correct). On the other hand, for example, in the case where the current internal state of the ATM 10 is an idle state and a withdrawal command is issued from the main body control unit 100 to the bill mechanism control unit 600, the internal state of the ATM 10 is an idle state as shown in FIG. In this case, since the processing by the control unit other than the card mechanism control unit and the transaction selection control unit is impossible, it is determined that the request for the processing is not permitted (illegal).
 ステップS102において、処理の要求は許可されるべきものであると判定された場合、不正検知部110は、要求の傾向と一致している(すなわち、不正は検知されない)と判定し(ステップS104:NO)、処理をステップS106へ遷移させる。 If it is determined in step S102 that the request for processing should be permitted, the fraud detector 110 determines that the request tendency matches (that is, fraud is not detected) (step S104: NO), the process proceeds to step S106.
 不正検知部110は、不正検知情報310に格納された検知方法の最後まで確認を行ったか否かを判定する(ステップS106)。検知方法の最後まで確認を行っていない場合(ステップS106:NO)、不正検知部110は、処理をステップS102へ遷移させ、不正検知情報310の次のエントリに格納された検知方法についての確認、すなわち、「処理の要求を受信したポートは、TCP/IP通信の割り当てられているポートであるか」の確認を継続する。 The fraud detector 110 determines whether confirmation has been made to the end of the detection method stored in the fraud detection information 310 (step S106). If confirmation has not been performed to the end of the detection method (step S106: NO), the fraud detection unit 110 shifts the processing to step S102, and confirms the detection method stored in the next entry of the fraud detection information 310. That is, the confirmation of “whether the port receiving the processing request is a port to which TCP / IP communication is assigned” is continued.
 一方、検知方法の最後まで確認を終えた場合(ステップS106:YES)、不正検知部110は、処理をステップS108へ遷移させ、要求傾向を学習する(ステップS108)。具体的には、不正検知部110は、ステップS102において判定に用いた実際の要求の種類と、ATM10の内部状態との組合せが未知の(すなわち、要求傾向情報330に登録されていない)組合せである場合、当該情報を用いて要求傾向情報330の内容を更新する。なお、この更新の際は、要求傾向情報330の既存の情報の上書きを行ってもよいし、要求傾向情報330の既存の情報はそのままにして、新たな情報の追加を行ってもよい。図8は、要求傾向の学習により更新された要求傾向情報330の一例を示している。図8の例では、アイドル状態からの通帳の取り扱いを可能とするために、領域NFの部分の情報が更新されている。 On the other hand, when the confirmation has been completed to the end of the detection method (step S106: YES), the fraud detection unit 110 shifts the process to step S108 and learns the request tendency (step S108). Specifically, the fraud detector 110 is a combination in which the combination of the actual request type used for determination in step S102 and the internal state of the ATM 10 is unknown (that is, not registered in the request trend information 330). If there is, the content of the request trend information 330 is updated using the information. In this update, the existing information of the request trend information 330 may be overwritten, or new information may be added while the existing information of the request trend information 330 remains unchanged. FIG. 8 shows an example of the request tendency information 330 updated by learning of the request tendency. In the example of FIG. 8, the information in the area NF is updated in order to enable handling of the bankbook from the idle state.
 不正検知部110は、標準I/F認識処理(詳細は後述)を実行する(ステップS110)。 The fraud detection unit 110 executes standard I / F recognition processing (details will be described later) (step S110).
 標準I/F認識処理終了後、不正検知部110は、呼び出し元である機能部に対して、処理が終了した旨を通知する(ステップS112)。その後、図6に示すように、取引処理が継続される。 After completion of the standard I / F recognition process, the fraud detection unit 110 notifies the function unit that is the caller that the process has been completed (step S112). Thereafter, the transaction process is continued as shown in FIG.
 ステップS102において、処理の要求は許可されないと判定された場合、不正検知部110は、要求の傾向と一致しない(すなわち、不正が検知された)と判定し(ステップS104:YES)、処理をステップS114へ遷移させる。 If it is determined in step S102 that the processing request is not permitted, the fraud detection unit 110 determines that the request tendency does not match (that is, fraud has been detected) (step S104: YES), and the process is stepped. The process proceeds to S114.
 不正検知部110は、不正検知情報310のうち、該当エントリの状態フィールドの内容を参照する(ステップS114)。不正検知部110は、状態フィールドの内容が「取引許可」であるか否かを判定する(ステップS116)。取引許可である場合(ステップS116:YES)、不正検知部110は、ジャーナル制御部700に対して、取引処理のトレースを記録するよう要求し(ステップS118)、ステップS110へ遷移する。一方、取引許可でない場合(ステップS116:NO)、不正検知部110は、本体制御部100に対して、ATM10を取引中止状態とするよう要求し(ステップS120)、処理を終了させる。 The fraud detection unit 110 refers to the contents of the status field of the corresponding entry in the fraud detection information 310 (step S114). The fraud detector 110 determines whether or not the content of the status field is “transaction permitted” (step S116). When the transaction is permitted (step S116: YES), the fraud detector 110 requests the journal controller 700 to record a transaction processing trace (step S118), and the process proceeds to step S110. On the other hand, when the transaction is not permitted (step S116: NO), the fraud detection unit 110 requests the main body control unit 100 to place the ATM 10 in a transaction suspension state (step S120), and ends the process.
 このように、不正検知部110は、不正検知情報310の検知方法「要求の傾向と一致しているか」の確認において、要求傾向情報330を用いて、本体制御部100を介して行われる、個人情報制御部または現金制御部に対する処理の要求が許可されるものであるか否かを確認する。そして、不正検知部110は、許可されない要求(換言すれば、要求の傾向と一致しない要求)を受信した場合、当該要求は、不正プログラムにより発行された予期しない順序の予期しない要求である(すなわち、不正が検知された)と判定し、ATM10を警戒状態に遷移させることができる。 As described above, the fraud detection unit 110 uses the request tendency information 330 to check the detection method “whether it matches the request tendency” of the fraud detection information 310, and performs the individual It confirms whether the request | requirement of the process with respect to an information control part or a cash control part is permitted. When the fraud detection unit 110 receives a request that is not permitted (in other words, a request that does not match the tendency of the request), the request is an unexpected request in an unexpected order issued by the malicious program (that is, It is determined that fraud has been detected), and the ATM 10 can be shifted to the alert state.
 また、不正検知部110は、不正検知情報310の検知方法「処理の要求を受信したポートは、TCP/IP通信の割り当てられているポートであるか」および「処理の要求元である装置のIPアドレスやMACアドレスは、ATM10にアクセスが許可されている装置のIPアドレスやMACアドレスと一致するか」の確認において、本体制御部100が受信した要求の出所を確認する。そして、不正検知部110は、本体制御部100が上記条件に一致しない要求を受信した場合、当該要求は、不正な発行元からの不正なアクセスによる予期しない要求である(すなわち、不正が検知された)と判定し、ATM10を警戒状態に遷移させることができる。 The fraud detection unit 110 also detects the detection method of the fraud detection information 310 “whether the port that received the processing request is an assigned port for TCP / IP communication” and “the IP of the device that is the processing request source. In confirming whether the address and MAC address match the IP address and MAC address of the device that is permitted to access the ATM 10, the origin of the request received by the main body control unit 100 is confirmed. When the main body control unit 100 receives a request that does not match the above condition, the fraud detection unit 110 is an unexpected request due to an unauthorized access from an unauthorized issuer (that is, fraud is detected). It is possible to make the ATM 10 transition to the alert state.
(A-3-3)標準I/F認識処理のフローチャート:
 図9は、標準I/F認識処理の手順を示すフローチャートである。標準I/F認識処理は、不正検知処理のサブルーチンである。不正検知部110は、I/F認識情報320の最初のエントリに格納された特徴のうちの少なくとも1つが、本体制御部100から各機能部への要求として送信される電文(命令コマンド)の構造と一致するかを確認する(ステップS202)。 (A-3-3) Standard I / F recognition processing flowchart:
FIG. 9 is a flowchart showing the procedure of the standard I / F recognition process. Standard I / F recognition processing is a subroutine of fraud detection processing. The fraud detection unit 110 has a structure of a message (command command) in which at least one of the features stored in the first entry of the I / F recognition information 320 is transmitted as a request from the main body control unit 100 to each function unit. (Step S202).
 ステップS202において、I/F認識情報320内の特徴が、要求の電文の構造と一致すると判定された場合、不正検知部110は、特徴と一致すると判定し(ステップS204:YES)、処理をステップS214へ遷移させる。 If it is determined in step S202 that the feature in the I / F recognition information 320 matches the structure of the requested message, the fraud detection unit 110 determines that the feature matches the feature (step S204: YES), and the process is stepped. The process proceeds to S214.
 不正検知部110は、標準インタフェースの特徴を学習する(ステップS214)。具体的には、不正検知部110は、ステップS202において判定に用いた実際の要求の電文が、未知の(すなわち、I/F認識情報320に登録されていない)構造の電文である場合、当該電文の構造を用いて、I/F認識情報320の内容を更新する。なお、この更新の際は、I/F認識情報320の既存の情報の上書きを行ってもよいし、I/F認識情報320の既存の情報はそのままにして、新たな情報の追加を行ってもよい。さらに、不正検知部110は、ステップS202において判定に用いた実際の要求の電文のうち、電文の構造と、特徴フィールドの内容とは一致するが、バージョンが異なるものに対して、I/F認識情報320の当該エントリのバージョンフィールドの内容を更新してもよい。 The fraud detector 110 learns the characteristics of the standard interface (step S214). Specifically, if the actual request message used for the determination in step S202 is an unknown message (that is, not registered in the I / F recognition information 320), the fraud detection unit 110 The contents of the I / F recognition information 320 are updated using the structure of the message. In this update, the existing information in the I / F recognition information 320 may be overwritten, or new information is added while the existing information in the I / F recognition information 320 remains unchanged. Also good. Further, the fraud detection unit 110 performs I / F recognition on the actual request message used in the determination in step S202 for the message structure that matches the content of the feature field but has a different version. The contents of the version field of the entry of information 320 may be updated.
 ステップS202において、I/F認識情報320内の特徴が、電文の構造と一致しないと判定された場合、不正検知部110は、特徴と一致しないと判定し(ステップS204:NO)、処理をステップS206へ遷移させる。 In step S202, when it is determined that the feature in the I / F recognition information 320 does not match the structure of the message, the fraud detector 110 determines that the feature does not match the feature (step S204: NO), and the process is stepped. The process proceeds to S206.
 不正検知部110は、I/F認識情報320に格納された特徴の最後まで確認を行ったか否かを判定する(ステップS206)。最後まで確認を行っていない場合(ステップS206:NO)、不正検知部110は、処理をステップS202へ遷移させ、I/F認識情報320の次のエントリに格納された特徴についての確認を継続する。 The fraud detector 110 determines whether or not confirmation has been made to the end of the feature stored in the I / F recognition information 320 (step S206). If the confirmation has not been performed to the end (step S206: NO), the fraud detection unit 110 shifts the process to step S202 and continues to confirm the feature stored in the next entry of the I / F recognition information 320. .
 一方、特徴の最後まで確認を終えた場合(ステップS206:YES)、不正検知部110は、処理をステップS208へ遷移させ、I/F認識情報320のうち、電文の構造と、特徴フィールドの内容とが一致したエントリの状態フィールドの内容を参照する(ステップS208)。不正検知部110は、状態フィールドの内容が「取引中止」であるか否かを判定する(ステップS210)。取引中止である場合(ステップS210:YES)、不正検知部110は、本体制御部100に対してATM10を取引中止状態とするよう要求し(ステップS218)、処理を終了させる。 On the other hand, when the confirmation has been completed to the end of the feature (step S206: YES), the fraud detection unit 110 shifts the processing to step S208, and the structure of the message and the content of the feature field in the I / F recognition information 320. Reference is made to the contents of the status field of the entry that matches (step S208). The fraud detector 110 determines whether or not the content of the status field is “transaction canceled” (step S210). When the transaction is canceled (step S210: YES), the fraud detection unit 110 requests the main body control unit 100 to place the ATM 10 in the transaction stopped state (step S218), and ends the process.
 一方、取引中止でない場合(ステップS210:NO)、不正検知部110は、状態フィールドの内容が「取引許可(トレース記録)」であるか否かを判定する(ステップS212)。取引許可(トレース記録)である場合(ステップS212:YES)、不正検知部110は、ジャーナル制御部700に対して、取引処理のトレースを記録するよう要求し(ステップS216)、処理を終了させる。一方、取引許可(トレース記録)でない場合(ステップS212:NO)、不正検知部110は、処理を終了させる。 On the other hand, when the transaction is not canceled (step S210: NO), the fraud detector 110 determines whether or not the content of the state field is “transaction permission (trace recording)” (step S212). If the transaction is permitted (trace recording) (step S212: YES), the fraud detection unit 110 requests the journal control unit 700 to record a transaction processing trace (step S216), and ends the processing. On the other hand, when it is not transaction permission (trace recording) (step S212: NO), fraud detection part 110 ends processing.
 このように、不正検知部110は、I/F認識情報320に格納された、標準インタフェースごとの電文の構造の特徴を用いて、個人情報制御部または現金制御部が本体制御部100から受信した電文の構造を監視する。そして、不正検知部110は、個人情報制御部または現金制御部が予期しない構造の電文を受信した場合、当該電文は、不正な標準インタフェースに基づいて発行された予期しない要求である(すなわち、不正が検知された)と判定し、ATM10を警戒状態に遷移させることができる。 As described above, the fraud detection unit 110 is received by the personal information control unit or the cash control unit from the main body control unit 100 using the characteristics of the message structure for each standard interface stored in the I / F recognition information 320. Monitor the structure of the message. When the fraud detection unit 110 receives a telegram having an unexpected structure, the personal information control unit or the cash control unit is an unexpected request issued based on an invalid standard interface (that is, the fraud Is detected), and the ATM 10 can be shifted to the alert state.
(A-4)処理情報変更:
 図10は、不正検知処理における処理情報の変更に使用される設定画面の一例を示す説明図である。設定画面EWは、管理者による操作を取得した本体制御部100が、係員操作部44のディスプレイ上に表示させる画面である。管理者は、設定画面EWを用いることによって、不正検知情報310およびI/F認識情報320の状態フィールドの内容(すなわち、処理情報)を変更することができる。 (A-4) Processing information change:
FIG. 10 is an explanatory diagram illustrating an example of a setting screen used for changing processing information in the fraud detection processing. The setting screen EW is a screen that is displayed on the display of the clerk operation unit 44 by the main body control unit 100 that has acquired the operation by the administrator. The administrator can change the contents (that is, the processing information) of the status fields of the fraud detection information 310 and the I / F recognition information 320 by using the setting screen EW.
 設定画面EWは、項目表示部EFと、取引中止選択ボタンCBと、取引許可(トレース記録)ボタンOBと、次へボタンNBと、中止ボタンBBとを含んでいる。項目表示部EFには、不正検知情報310の検知方法フィールドの内容、もしくは、I/F認識情報320の特徴フィールドの内容を表示するためのフィールドである。取引中止選択ボタンCBと、取引許可(トレース記録)ボタンOBは、項目表示部EFに表示されている検知方法(または特徴)に対して、いずれの状態(処理情報)を割り当てるかを指定するためのボタンである。次へボタンNBは、次の検知方法(または特徴)を設定画面EWに表示させるためのボタンである。中止ボタンBBは、設定画面による変更処理を中止するためのボタンである。 The setting screen EW includes an item display section EF, a transaction cancel selection button CB, a transaction permission (trace recording) button OB, a next button NB, and a cancel button BB. The item display portion EF is a field for displaying the contents of the detection method field of the fraud detection information 310 or the contents of the feature field of the I / F recognition information 320. The transaction stop selection button CB and the transaction permission (trace recording) button OB are used to specify which state (processing information) is assigned to the detection method (or feature) displayed on the item display unit EF. It is a button. The next button NB is a button for displaying the next detection method (or feature) on the setting screen EW. The cancel button BB is a button for canceling the change process on the setting screen.
 図10の例では、項目表示部EFには、不正検知情報310の番号2で識別されるエントリの検知方法フィールドの内容が表示されている。また、不正検知情報310の番号2で識別されるエントリは、現在、状態フィールドの内容が「取引中止」であるため、対応する取引中止選択ボタンCBはグレーアウトされている。ATM10の管理者は、不正検知情報310の番号2で識別されるエントリの状態フィールドの内容を「取引許可(トレース記録)」へと変更したい場合、取引許可(トレース記録)ボタンOBを押下すればよい。ボタン押下により、不正検知部110は、該当するテーブルの、該当するエントリの状態フィールドの内容を更新する。 In the example of FIG. 10, the content of the detection method field of the entry identified by the number 2 of the fraud detection information 310 is displayed in the item display portion EF. Further, the entry identified by the number 2 of the fraud detection information 310 is currently “transaction canceled” in the state field, so the corresponding transaction cancellation selection button CB is grayed out. If the administrator of the ATM 10 wants to change the contents of the status field of the entry identified by the number 2 of the fraud detection information 310 to “transaction permission (trace recording)”, he / she presses the transaction permission (trace recording) button OB. Good. By pressing the button, the fraud detector 110 updates the contents of the status field of the corresponding entry in the corresponding table.
 このようにすれば、ATM10の管理者からの処理情報の変更を受け付けることができる。この結果、ATM10の不正検知処理における利便性を向上させることができる。 In this way, it is possible to accept a change in processing information from the ATM 10 administrator. As a result, convenience in the fraud detection process of the ATM 10 can be improved.
 以上のように、第1実施例によれば、不正検知部110は、不正検知処理(不正検知情報310の検知方法「要求の傾向と一致しているか」の確認)の中で、本体制御部100を介して入力される個人情報制御部または現金制御部に対する処理の要求の種類が、要求傾向情報330において現在のATM10の内部状態に対して「不可能」であると対応付けられている場合に、当該要求が不正プログラムによるものであると検知するため、現在のATM10の内部状態では不可能とされている処理の要求、換言すれば、現在のATM10の内部状態では予定されていない処理の要求を、不正プログラムによるものであると検知することができる。そして、不正検知部110は、不正(不正プログラム)が検知された場合に、ATM10の状態を、通常の取引が可能な通常状態とは異なる警戒状態(取引中止、トレース記録)へと遷移させる。このため、ATM10において、ウィルスの特徴を含んだパターンファイルを用いることなく、セキュリティを向上させることができる。 As described above, according to the first embodiment, the fraud detection unit 110 performs the main body control unit during the fraud detection process (confirmation of whether the detection method of the fraud detection information 310 “matches the request tendency”). When the type of processing request to the personal information control unit or cash control unit input via 100 is associated with “impossible” for the current internal state of the ATM 10 in the request trend information 330 In addition, in order to detect that the request is due to a malicious program, a request for processing that is impossible in the current internal state of the ATM 10, in other words, a process that is not planned in the current internal state of the ATM 10. It can be detected that the request is caused by a malicious program. Then, the fraud detection unit 110 transitions the state of the ATM 10 to a warning state (transaction suspension, trace recording) different from the normal state in which a normal transaction is possible when fraud (fraud program) is detected. For this reason, in ATM10, security can be improved without using a pattern file including virus characteristics.
 さらに、不正検知部110は、不正検知処理(不正検知情報310の検知方法「処理の要求を受信したポート」および「処理の要求元である装置のIPアドレスやMACアドレス」の確認)の中で、本体制御部100を介して入力される個人情報制御部または現金制御部に対する処理の要求が規定とは異なる通信ポートから入力された場合と、本体制御部100を介して入力される処理の要求の発行元が予め許可された発行元とは異なる場合に、当該要求が不正アクセスによるものであると検知するため、要求の入力ポート情報と、要求の発行元情報とを用いて、不正アクセスの検知を行うことができる。そして、不正検知部110は、不正(不正アクセス)が検知された場合に、ATM10の状態を警戒状態へと遷移させる。このため、ATM10において、セキュリティをより向上させることができる。 Furthermore, the fraud detection unit 110 performs fraud detection processing (confirmation of the detection method of the fraud detection information 310 “the port that received the request for processing” and “the IP address or MAC address of the device that is the request source of processing”). When a request for processing for the personal information control unit or cash control unit input via the main body control unit 100 is input from a communication port different from the regulation, a request for processing input via the main body control unit 100 In order to detect that the request is due to unauthorized access when the issuer of the request is different from the issuer authorized in advance, the request input port information and the request issuer information are used to detect unauthorized access. Detection can be performed. Then, the fraud detection unit 110 transitions the state of the ATM 10 to a warning state when fraud (unauthorized access) is detected. For this reason, in ATM10, security can be improved more.
 さらに、不正検知部110は、不正検知処理(標準I/F認識処理)の中で、本体制御部100から入力される処理の要求に用いられている電文の構造が、I/F認識情報320において「不許可」であると対応付けられている場合に、当該要求に用いられている標準インタフェースが不正な標準インタフェースであると検知するため、電文の構造の特徴を用いて不正な標準インタフェースの検知を行うことができる。そして、不正検知部110は、不正(不正な標準インタフェース)が検知された場合に、ATM10を警戒状態へと遷移させる。このため、ATM10において、セキュリティをより向上させることができる。 Further, in the fraud detection unit 110, in the fraud detection process (standard I / F recognition process), the structure of the message used for the request for the process input from the main body control unit 100 is the I / F recognition information 320. If the standard interface used in the request is an invalid standard interface when it is associated with “non-permitted” in FIG. Detection can be performed. Then, the fraud detection unit 110 causes the ATM 10 to transition to a warning state when fraud (an illegal standard interface) is detected. For this reason, in ATM10, security can be improved more.
 さらに、記憶部300には、不正プログラムと、不正アクセスを検知するために用いられる不正検知情報310と、要求傾向情報330とが記憶され、また、不正な標準インタフェースを検知するために用いられるI/F認識情報320が記憶されている。不正検知情報310には、不正プログラムと、不正アクセスを検知するための方法情報(検知方法フィールド)と、警戒状態において実行される処理の内容に関する処理情報(状態フィールド)とが予め関連付けて記憶されている。I/F認識情報320には、不正な標準インタフェースを検知するための方法情報(特徴フィールド)と、警戒状態において実行される処理の内容に関する処理情報(状態フィールド)とが予め関連付けて記憶されている。これらの結果、不正検知部110は、不正を検知する際に用いた方法情報に応じて、警戒状態において、それぞれ個別の処理を実行することが可能となり、処理の柔軟性を向上させることができる。 Further, the storage unit 300 stores an unauthorized program, fraud detection information 310 used for detecting unauthorized access, and request tendency information 330, and an I used for detecting an unauthorized standard interface. / F recognition information 320 is stored. In the fraud detection information 310, an illegal program, method information for detecting unauthorized access (detection method field), and processing information (state field) regarding the contents of processing executed in the alert state are stored in association with each other. ing. In the I / F recognition information 320, method information (characteristic field) for detecting an illegal standard interface and processing information (state field) regarding the contents of processing executed in the alert state are stored in association with each other. Yes. As a result, the fraud detector 110 can execute individual processes in the alert state according to the method information used when detecting fraud, and can improve the flexibility of the process. .
 さらに、不正検知部110は、不正検知処理(図7)のステップS108において、個人情報制御部または現金制御部に対する処理の要求が、未知の種類である場合に、当該要求の種類と順序を学習する。また、不正検知部110は、不正検知処理の標準I/F認識処理(図9)のステップS214において、個人情報制御部または現金制御部に対する処理の要求が、未知の電文構造である場合に、当該要求の電文構造を学習する。この結果、不正検知情報310、I/F認識情報320、要求傾向情報330の自動更新が可能となり、ATM10の管理に要するコストを低減させることができる。 Further, in step S108 of the fraud detection process (FIG. 7), the fraud detection unit 110 learns the type and order of the request when the request for processing to the personal information control unit or the cash control unit is an unknown type. To do. In addition, the fraud detection unit 110, in step S214 of the standard I / F recognition process (FIG. 9) of the fraud detection process, when the processing request to the personal information control unit or the cash control unit is an unknown message structure, The message structure of the request is learned. As a result, the fraud detection information 310, the I / F recognition information 320, and the request tendency information 330 can be automatically updated, and the cost required for managing the ATM 10 can be reduced.
 さらに、不正検知部110は、不正(不正プログラム、不正アクセス、不正な標準インタフェース)を検知した場合、ATM10の状態を、休止状態(取引中止状態)と、トレース記録状態のいずれかに遷移させることができる。 Further, when the fraud detection unit 110 detects fraud (illegal program, unauthorized access, unauthorized standard interface), the fraud detection unit 110 changes the state of the ATM 10 to either a dormant state (transaction suspension state) or a trace recording state. Can do.
B.第2実施例:
 本発明の第2実施例では、現金自動取引装置が、外部に設けられたサーバに接続され、当該サーバによって不正検知処理を行う構成について説明する。以下では、第1実施例と異なる構成および動作を有する部分についてのみ説明する。なお、図中において第1実施例と同様の構成部分については先に説明した第1実施例と同様の符号を付し、その詳細な説明を省略する。 B. Second embodiment:
In the second embodiment of the present invention, a configuration in which an automatic teller machine is connected to a server provided outside and performs fraud detection processing by the server will be described. Below, only the part which has a different structure and operation | movement from 1st Example is demonstrated. In the figure, the same components as those of the first embodiment are denoted by the same reference numerals as those of the first embodiment described above, and detailed description thereof is omitted.
(B-1)ネットワーク構成:
 図11は、第2実施例における現金自動取引システム1000の概略構成を示す説明図である。現金自動取引システム1000は、ATM10aと、サーバ20とを備えている。ATM10aと、サーバ20とは、ローカルエリアネットワーク(LAN)NNによって接続されている。 (B-1) Network configuration:
FIG. 11 is an explanatory diagram showing a schematic configuration of an automatic cash transaction system 1000 in the second embodiment. The automatic cash transaction system 1000 includes an ATM 10 a and a server 20. The ATM 10a and the server 20 are connected by a local area network (LAN) NN.
 ATM10aは、第1実施例(図1、2)のATM10と、不正検知部110および記憶部300を備えない点において異なる。サーバ20は、図示しないCPUやメモリ、ハードディスク、ネットワークインタフェース等を備えるサーバコンピュータとして構成されている。サーバ20は、不正検知部110と、記憶部300を、機能部として備えている。不正検知部110と、記憶部300とは、第1実施例と同様の機能を有している。 The ATM 10a differs from the ATM 10 of the first embodiment (FIGS. 1 and 2) in that it does not include the fraud detection unit 110 and the storage unit 300. The server 20 is configured as a server computer including a CPU, a memory, a hard disk, a network interface, and the like (not shown). The server 20 includes a fraud detection unit 110 and a storage unit 300 as functional units. The fraud detection unit 110 and the storage unit 300 have the same functions as in the first embodiment.
(B-2)不正検知処理:
 第2実施例では、ATM10aの本体制御部100が実行する一連の取引処理において、不正検知処理の部分だけをサーバ20が行うこととなる。具体的には、図6のステップS14において、カード機構制御部500は、通信部400を介して、サーバ20の不正検知部110に対して不正検知処理の実行を要求する。また、図6のステップS18において、サーバ20の不正検知部110は、通信部(図示せず)を介して、処理が終了した旨を呼び出し元(ATM10aのカード機構制御部500)に通知する。ステップS26、S30についても同様である。 (B-2) Fraud detection processing:
In the second embodiment, in the series of transaction processing executed by the main body control unit 100 of the ATM 10a, the server 20 performs only the fraud detection processing portion. Specifically, in step S <b> 14 of FIG. 6, the card mechanism control unit 500 requests the fraud detection unit 110 of the server 20 to execute fraud detection processing via the communication unit 400. Further, in step S18 of FIG. 6, the fraud detection unit 110 of the server 20 notifies the caller (card mechanism control unit 500 of the ATM 10a) that the processing has been completed via a communication unit (not shown). The same applies to steps S26 and S30.
 以上のように、第2実施例によれば、不正検知部110を外部のサーバに備えるATM10aにおいても、第1実施例と同様の効果を得ることができる。さらに、このような構成とすれば、外部に設けられたサーバ20で一括して不正プログラムや不正アクセス、不正な標準インタフェースの検知を行うことができるため、ATM10aの処理負荷を軽減させることができる。さらに、不正プログラムや不正アクセス、不正な標準インタフェースに関する情報(不正検知情報310、I/F認識情報320、要求傾向情報330)をサーバ20側で一元管理できるため、複数のATM10aを備えるシステムとして考えた場合、運用が容易な現金自動取引システムを構築することができる。 As described above, according to the second embodiment, the same effect as that of the first embodiment can be obtained even in the ATM 10a provided with the fraud detector 110 in the external server. Furthermore, with such a configuration, it is possible to detect unauthorized programs, unauthorized access, and unauthorized standard interfaces all at once with the server 20 provided outside, so that the processing load on the ATM 10a can be reduced. . Furthermore, since information related to unauthorized programs, unauthorized access, and unauthorized standard interfaces (fraud detection information 310, I / F recognition information 320, request tendency information 330) can be centrally managed on the server 20 side, it is considered as a system including a plurality of ATMs 10a. In this case, it is possible to construct an automatic cash transaction system that is easy to operate.
C.変形例:
 なお、この発明は上記の実施例や実施形態に限られるものではなく、その要旨を逸脱しない範囲において種々の態様において実施することが可能であり、例えば次のような変形も可能である。 C. Variation:
The present invention is not limited to the above-described examples and embodiments, and can be implemented in various modes without departing from the gist thereof. For example, the following modifications are possible.
C1.変形例1:
 上記実施例では、現金自動取引装置、および、現金自動取引システムの構成や機能を説明した。しかし、上記実施例で示した態様は、あくまで一例に過ぎず、本発明の要旨を逸脱しない範囲において種々の変形をすることができる。 C1. Modification 1:
In the said Example, the structure and function of the cash automatic transaction apparatus and the cash automatic transaction system were demonstrated. However, the embodiment shown in the above embodiment is merely an example, and various modifications can be made without departing from the scope of the present invention.
 例えば、現金自動取引装置は、USBインタフェースや無線通信部等の他の構成を備えてもよい。 For example, the automatic teller machine may include other configurations such as a USB interface and a wireless communication unit.
 例えば、現金自動取引装置は、さらに、パーソナルコンピュータ等から構成される監視装置に接続されてもよい。この場合、不正検知部は、不正検知処理の結果として不正が検知された場合に、不正が検知された旨と、必要な情報とを、監視装置に対して送信することが好ましい。そうすれば、現金自動取引装置における異常(不正の検知)に関する情報を取得しやすくなる。 For example, the automatic teller machine may be further connected to a monitoring device composed of a personal computer or the like. In this case, when a fraud is detected as a result of the fraud detection process, the fraud detection unit preferably transmits information indicating that the fraud has been detected and necessary information to the monitoring device. If it does so, it will become easy to acquire the information regarding abnormality (detection of fraud) in an automatic teller machine.
 例えば、上記構成を、現金自動取引装置に代えて、各種の自動販売機や自動券売機、両替機等に転用してもよい。 For example, the above configuration may be diverted to various types of vending machines, ticket vending machines, currency exchange machines, etc. instead of the cash automatic transaction apparatus.
C2.変形例2:
 上記実施例では、本体制御部が実行する一連の取引処理において、不正検知処理が実行される様子の一例(図6)を示した。しかし、不正検知処理が実行されるタイミングは図6の場合に限られない。具体的には、不正検知処理は、図4に挙げた現金制御部や、個人情報制御部が、本体制御部からの要求を受信した都度、ステップS14、S26と同様に、要求を受信した機能部によって呼び出されて実行される。 C2. Modification 2:
In the said Example, an example (FIG. 6) of a mode that a fraud detection process is performed in the series of transaction processes which a main body control part performs was shown. However, the timing at which the fraud detection process is executed is not limited to the case of FIG. Specifically, the fraud detection process is performed when the cash control unit shown in FIG. 4 or the personal information control unit receives a request from the main body control unit, as in steps S14 and S26. Called and executed by the department.
 図6の例では、現金制御部や、個人情報制御部に対して要求があれば、その都度不正検知処理が実行されるものとした。しかし、例えば、一連の取引処理の最初にのみ、不正検知処理を実行し、その後の現金制御部や、個人情報制御部に対する要求については、不正検知処理を省略してもよい。さらに、例えば、取引が行われる時間帯や、混雑状況等に応じて、不正検知処理の実行有無を切り替えても良い。 In the example of FIG. 6, if there is a request to the cash control unit or the personal information control unit, the fraud detection process is executed each time. However, for example, the fraud detection process may be executed only at the beginning of a series of transaction processes, and the fraud detection process may be omitted for requests to the subsequent cash control unit or personal information control unit. Furthermore, for example, the execution / non-execution of the fraud detection process may be switched according to the time zone in which the transaction is performed, the congestion situation, or the like.
 また、例えば、要求の送信元装置のIPアドレスやMACアドレスを、予め作成されたブラックリストと照合し、当該ブラックリストに該当する要求にのみ、不正検知処理を実行してもよい。さらに、例えば、要求の送信元装置のIPアドレスやMACアドレスを、予め作成されたホワイトリストと照合し、当該ホワイトリストに該当しない要求にのみ、不正検知処理を実行してもよい。 Also, for example, the IP address or MAC address of the request source device may be checked against a black list created in advance, and the fraud detection process may be executed only for requests corresponding to the black list. Further, for example, the IP address or MAC address of the request source apparatus may be checked against a white list created in advance, and the fraud detection process may be executed only for a request that does not correspond to the white list.
C3.変形例3:
 上記実施例の不正検知処理(図7)および標準I/F認識処理(図9)では、不正を検知した不正検知部が、本体制御部に対して現金自動取引装置を警戒状態とするよう要求するものとした。しかし、例えば、不正検知部が不正検知処理の結果、不正を検知した場合は、その旨を呼び出し元の機能部、もしくは、本体制御部に通知することとし、通知された機能部または本体制御部が、現金自動取引装置を通常状態から警戒状態へ遷移させてもよい。 C3. Modification 3:
In the fraud detection process (FIG. 7) and the standard I / F recognition process (FIG. 9) in the above embodiment, the fraud detection unit that detects fraud requests the main body control unit to place the automatic cash transaction apparatus in a vigilance state. To do. However, for example, when the fraud detection unit detects fraud as a result of the fraud detection process, the function unit or the main unit control unit notified of the fact is notified to the calling function unit or the main body control unit. However, the automatic teller machine may be changed from the normal state to the alert state.
C4.変形例4:
 上記実施例の不正検知処理(図7)のステップS108、および、標準I/F認識処理(図9)のステップS214では、未知の要求を学習することとした。しかし、当該学習処理は省略可能である。 C4. Modification 4:
In step S108 of the fraud detection process (FIG. 7) of the above embodiment and step S214 of the standard I / F recognition process (FIG. 9), an unknown request is learned. However, the learning process can be omitted.
C5.変形例5:
 上記実施例の不正検知処理(図7)および標準I/F認識処理(図9)では、不正検知情報およびI/F認識情報に格納された全ての方法情報についての確認を行うものとしたが、この点に関しても種々の変形が可能である。例えば、方法情報に対して優先順位を付与し、優先順位が高い順番に確認を行うこととしてもよい。 C5. Modification 5:
In the fraud detection process (FIG. 7) and the standard I / F recognition process (FIG. 9) in the above embodiment, all method information stored in the fraud detection information and the I / F recognition information is confirmed. Various modifications can be made in this respect. For example, priority may be given to the method information, and confirmation may be performed in order of higher priority.
C6.変形例6:
 上記実施例では、現金自動取引装置の警戒状態として、休止状態(取引中止状態)と、トレース記録状態とを例示した。しかし、警戒状態は、通常の取引が可能な通常状態と異なっていれば良く、種々の状態を採用することができる。 C6. Modification 6:
In the said Example, the dormant state (transaction stop state) and the trace recording state were illustrated as a warning state of an automatic teller machine. However, the alert state only needs to be different from the normal state in which normal transactions are possible, and various states can be adopted.
 例えば、不正を検知した不正検知部は、本体制御部や呼び出し元機能部に対して、エラーである旨の応答を返し、当該取引処理のみを続行させない構成とすることもできる。また、不正を検知した不正検知部は、本体制御部や呼び出し元機能部に対して、最大出金枚数に制限をつける旨の要求を行ってもよい。さらに、不正を検知した不正検知部は、現金自動取引装置のネットワーク接続を遮断してもよい。 For example, the fraud detection unit that has detected fraud may return a response indicating an error to the main body control unit or the caller function unit, so that only the transaction processing is not continued. Further, the fraud detection unit that has detected fraud may request the main body control unit and the caller function unit to limit the maximum number of withdrawals. Furthermore, the fraud detector that has detected fraud may block the network connection of the automatic teller machine.
10…現金自動取引装置(ATM)
  20…サーバ
  22…カード機構
  24…通帳機構
  26…明細票機構
  32…硬貨機構
  34…紙幣機構
  42…顧客操作部
  44…係員操作部
  50…制御ユニット
  60…ジャーナル印字機構
  100…本体制御部
  110…不正検知部
  200…タッチパネル制御部
  300…記憶部
  310…不正検知情報
  320…I/F認識情報
  330…要求傾向情報
  400…通信部
  500…カード機構制御部
  510…通帳機構制御部
  520…明細票機構制御部
  600…紙幣機構制御部
  610…硬貨機構制御部
  700…ジャーナル制御部
  1000…現金自動取引システム
  EW…設定画面 10 ... Automatic teller machine (ATM)
DESCRIPTION OF SYMBOLS 20 ... Server 22 ... Card mechanism 24 ... Passbook mechanism 26 ... Statement mechanism 32 ... Coin mechanism 34 ... Bill mechanism 42 ... Customer operation part 44 ... Personnel operation part 50 ... Control unit 60 ... Journal printing mechanism 100 ... Main body control part 110 ... Fraud detection unit 200 ... Touch panel control unit 300 ... Storage unit 310 ... Fraud detection information 320 ... I / F recognition information 330 ... Request tendency information 400 ... Communication unit 500 ... Card mechanism control unit 510 ... Passbook mechanism control unit 520 ... Statement slip mechanism Control unit 600 ... bill mechanism control unit 610 ... coin mechanism control unit 700 ... journal control unit 1000 ... automatic cash transaction system EW ... setting screen

Claims (12)

  1.  自動取引装置であって、
     前記自動取引装置の各部を制御する本体制御部と、
     利用者の個人情報を取得する個人情報制御部と、
     現金の授受を行う現金制御部と、
     前記本体制御部を介して前記個人情報制御部または前記現金制御部に入力される処理の要求の種類と、一連の取引処理における前記自動取引装置の内部状態と、を用いて、前記要求が前記自動取引装置に内在する不正プログラムによるものであると検知した場合に、前記自動取引装置を、通常の取引が可能な通常状態とは異なる警戒状態へと遷移させる不正検知部と、
    を備える、自動取引装置。     Automatic transaction equipment,
    A main body control unit for controlling each part of the automatic transaction apparatus;
    A personal information control unit for acquiring personal information of the user;
    A cash control unit for sending and receiving cash;
    Using the type of processing request input to the personal information control unit or the cash control unit via the main body control unit, and the internal state of the automatic transaction apparatus in a series of transaction processing, the request is the A fraud detection unit that transitions the automatic transaction apparatus to a warning state different from a normal state in which a normal transaction is possible, when it is detected that it is due to an unauthorized program inherent in the automatic transaction apparatus;
    An automatic transaction apparatus comprising:
  2.  請求項1記載の自動取引装置であって、さらに、
     ネットワークを介して外部装置に接続され、前記外部装置との間で情報のやりとりを行う通信部を備え、
     前記不正検知部は、さらに、
     前記本体制御部を介して前記個人情報制御部または前記現金制御部に入力される処理の要求の発行元を確認し、前記要求が前記通信部を介した不正アクセスによるものであると検知した場合に、前記自動取引装置を前記警戒状態へと遷移させる、自動取引装置。     The automatic transaction apparatus according to claim 1, further comprising:
    A communication unit that is connected to an external device via a network and exchanges information with the external device;
    The fraud detector further includes:
    When the issuer of the request for processing input to the personal information control unit or the cash control unit via the main body control unit is confirmed, and it is detected that the request is due to unauthorized access via the communication unit And an automatic transaction apparatus for causing the automatic transaction apparatus to transition to the alert state.
  3.  請求項1または2記載の自動取引装置であって、
     前記不正検知部は、さらに、
     前記本体制御部を介して前記個人情報制御部または前記現金制御部に入力される処理の要求に用いられる電文の構造を確認し、前記要求に用いられている標準インタフェースが不正な標準インタフェースであると検知した場合に、前記自動取引装置を前記警戒状態へと遷移させる、自動取引装置。     The automatic transaction apparatus according to claim 1 or 2,
    The fraud detector further includes:
    The structure of a message used for a request for processing input to the personal information control unit or the cash control unit via the main body control unit is confirmed, and the standard interface used for the request is an invalid standard interface. An automatic transaction apparatus that transitions the automatic transaction apparatus to the alert state when it is detected.
  4.  請求項1ないし3のいずれか一項記載の自動取引装置であって、さらに、
     前記不正検知部における処理のために用いられる情報であって、前記不正プログラムと、前記不正アクセスと、前記不正な標準インタフェースと、の少なくともいずれか1つを検知するための方法に関する方法情報と、前記警戒状態において実行される処理の内容に関する処理情報と、が予め関連付けて記憶された記憶部を備える、自動取引装置。     The automatic transaction apparatus according to any one of claims 1 to 3, further comprising:
    Information used for processing in the fraud detection unit, method information relating to a method for detecting at least one of the fraudulent program, the fraudulent access, and the fraudulent standard interface; An automatic transaction apparatus comprising a storage unit in which processing information relating to the content of processing executed in the alert state is stored in association with each other.
  5.  請求項1ないし4のいずれか一項記載の自動取引装置であって、
     前記不正検知部は、さらに、
     前記個人情報制御部または前記現金制御部に入力される処理の要求が、未知の種類である場合と、未知の発行元から発行されている場合と、未知の電文構造である場合と、の少なくともいずれかである場合に、当該要求を学習する、自動取引装置。     The automatic transaction apparatus according to any one of claims 1 to 4,
    The fraud detector further includes:
    When the processing request input to the personal information control unit or the cash control unit is an unknown type, issued from an unknown issuer, and at least an unknown message structure An automatic transaction apparatus that learns the request if it is either.
  6.  請求項1ないし5のいずれか一項記載の自動取引装置であって、
     前記警戒状態において実行される処理は、前記自動取引装置の休止処理と、前記自動取引装置における各処理のトレース記録処理と、のいずれか一方である、自動取引装置。     The automatic transaction apparatus according to any one of claims 1 to 5,
    The process executed in the alert state is an automatic transaction apparatus that is one of a pause process of the automatic transaction apparatus and a trace recording process of each process in the automatic transaction apparatus.
  7.  請求項4ないし6のいずれか一項記載の自動取引装置であって、さらに、
     前記自動取引装置の管理者からの前記処理情報の変更を受け付けるための係員操作部を備える、自動取引装置。     The automatic transaction apparatus according to any one of claims 4 to 6, further comprising:
    An automatic transaction apparatus comprising an attendant operation unit for accepting a change in the processing information from an administrator of the automatic transaction apparatus.
  8.  請求項1ないし7のいずれか一項記載の自動取引装置であって、
     前記不正検知部は、さらに、
     前記不正プログラムと、前記不正アクセスと、前記不正な標準インタフェースと、の少なくともいずれか1つを検知した場合に、前記外部装置に対して、不正を検知した旨を通知する、自動取引装置。     The automatic transaction apparatus according to any one of claims 1 to 7,
    The fraud detector further includes:
    An automatic transaction apparatus that notifies the external apparatus that fraud has been detected when at least one of the unauthorized program, the unauthorized access, and the unauthorized standard interface is detected.
  9.  請求項1ないし8のいずれか一項記載の自動取引装置であって、
     前記記憶部には、さらに、
     前記一連の取引処理において前記自動取引装置がとりうる複数の前記内部状態に対して、前記処理の要求の種類ごとに、処理の実行の可能/不可能を対応付けた要求傾向情報が予め記憶され、
     前記不正検知部は、
     前記本体制御部を介して前記個人情報制御部または前記現金制御部に入力される処理の要求の種類が、前記要求傾向情報において、現在の前記自動取引装置の前記内部状態に対して不可能であると対応付けられている場合に、前記要求が前記不正プログラムによるものであると検知する、自動取引装置。     The automatic transaction apparatus according to any one of claims 1 to 8,
    The storage unit further includes
    Request trend information is stored in advance for each of the types of request for the processing, which indicates whether the processing can be executed or not, with respect to the plurality of internal states that the automatic transaction apparatus can take in the series of transaction processing. ,
    The fraud detector
    The type of processing request input to the personal information control unit or the cash control unit via the main body control unit is not possible with respect to the current internal state of the automatic transaction apparatus in the request trend information. An automatic transaction apparatus that detects that the request is caused by the unauthorized program when it is associated with the program.
  10.  請求項2または請求項2に従属する請求項3ないし9のいずれか一項記載の自動取引装置であって、
     前記不正検知部は、
     前記本体制御部を介して前記個人情報制御部または前記現金制御部に入力される処理の要求が規定とは異なる通信ポートから入力された場合と、前記本体制御部を介して前記個人情報制御部または前記現金制御部に入力される処理の要求の発行元が予め許可された発行元とは異なる場合に、前記要求が前記不正アクセスによるものであると検知する、自動取引装置。     An automatic transaction apparatus according to any one of claims 3 to 9 dependent on claim 2 or claim 2,
    The fraud detector
    When a request for processing input to the personal information control unit or the cash control unit via the main body control unit is input from a communication port different from a regulation, the personal information control unit via the main body control unit Alternatively, when the issuer of the processing request input to the cash control unit is different from the issuer authorized in advance, the automatic transaction apparatus detects that the request is due to the unauthorized access.
  11.  請求項3または請求項3に従属する請求項4ないし10のいずれか一項記載の自動取引装置であって、
     前記記憶部には、さらに、
     前記標準インタフェースごとに、前記電文の構造の特徴と、処理の実行の許可/不許可を対応付けたI/F認識情報が予め記憶され、
     前記不正検知部は、
     前記本体制御部を介して前記個人情報制御部または前記現金制御部に入力される処理の要求に用いられている電文の構造が、前記I/F認識情報において不許可であると対応付けられている場合に、前記要求に用いられている標準インタフェースが不正な標準インタフェースであると検知する、自動取引装置。     An automatic transaction apparatus according to any one of claims 4 to 10 dependent on claim 3 or claim 3,
    The storage unit further includes
    For each standard interface, I / F recognition information that associates the characteristics of the structure of the message with permission / non-permission of processing execution is stored in advance,
    The fraud detector
    The structure of a message used for a request for processing input to the personal information control unit or the cash control unit via the main body control unit is associated with being not permitted in the I / F recognition information. An automatic transaction apparatus that detects that the standard interface used in the request is an invalid standard interface.
  12.  現金自動取引システムであって、
     自動取引装置と、
     サーバと、
    を備え、
     前記自動取引装置は、
     前記自動取引装置の各部を制御する本体制御部と、
     利用者の個人情報を取得する個人情報制御部と、
     現金の授受を行う現金制御部と、
    を備え、
     前記サーバは、
     前記個人情報制御部または前記現金制御部が受信した処理の要求の種類と、一連の取引処理における前記自動取引装置の内部状態と、を用いて、前記要求が、前記自動取引装置に内在する不正プログラムによるものであるか否かを検知する不正検知部を備え、
     前記個人情報制御部と、前記現金制御部とは、
     前記本体制御部からの処理の要求を受信した際に、前記サーバへ、当該要求が前記不正プログラムによるものであるか否かを問い合わせ、
     前記不正検知部は、
     当該要求が前記不正プログラムによるものであると検知した場合に、前記自動取引装置を、通常の取引が可能な通常状態とは異なる警戒状態へと遷移させる、現金自動取引システム。     An automatic cash transaction system,
    An automatic transaction device;
    Server,
    With
    The automatic transaction apparatus is
    A main body control unit for controlling each part of the automatic transaction apparatus;
    A personal information control unit for acquiring personal information of the user;
    A cash control unit for sending and receiving cash;
    With
    The server
    Using the type of processing request received by the personal information control unit or the cash control unit and the internal state of the automatic transaction apparatus in a series of transaction processing, the request is an improper in the automatic transaction apparatus It is equipped with a fraud detector that detects whether it is a program,
    The personal information control unit and the cash control unit are:
    When receiving a processing request from the main body control unit, the server is inquired whether the request is due to the unauthorized program,
    The fraud detector
    An automatic cash transaction system that transitions the automatic transaction device to a warning state different from a normal state in which a normal transaction is possible when it detects that the request is due to the unauthorized program.
PCT/JP2012/002973 2011-05-13 2012-05-02 Automatic transaction device and automatic transaction system WO2012157199A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2011107957A JP5624938B2 (en) 2011-05-13 2011-05-13 Automatic transaction apparatus and automatic transaction system
JP2011-107957 2011-05-13

Publications (1)

Publication Number Publication Date
WO2012157199A1 true WO2012157199A1 (en) 2012-11-22

Family

ID=47124278

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2012/002973 WO2012157199A1 (en) 2011-05-13 2012-05-02 Automatic transaction device and automatic transaction system

Country Status (3)

Country Link
JP (1) JP5624938B2 (en)
CN (1) CN102779370B (en)
WO (1) WO2012157199A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104063951A (en) * 2014-06-12 2014-09-24 昆山古鳌电子机械有限公司 Automatic transaction device
JP6310157B2 (en) * 2015-08-26 2018-04-11 日立オムロンターミナルソリューションズ株式会社 Automatic transaction apparatus and control method thereof

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0383166A (en) * 1989-08-26 1991-04-09 Omron Corp Transaction limiting fuzzy controller for automatic teller machine
JP2001188848A (en) * 2000-01-05 2001-07-10 Toshiba Tec Corp Electronic account settlement system
JP2004362012A (en) * 2003-06-02 2004-12-24 Hitachi Ltd Automatic transaction device detecting unauthorized access and malicious program
JP2005339400A (en) * 2004-05-28 2005-12-08 Glory Ltd Illicitness prevention system for transaction terminal device
JP2011113144A (en) * 2009-11-24 2011-06-09 Oki Electric Industry Co Ltd Automatic transaction device and automatic transaction system using the same
JP2011248594A (en) * 2010-05-26 2011-12-08 Dainippon Printing Co Ltd Authentication processing device, authentication processing method, authentication processing program, processing system, and automated teller machine

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2718594A1 (en) * 2008-03-19 2009-09-24 Websense, Inc. Method and system for protection against information stealing software
CN102473328B (en) * 2009-07-06 2015-08-12 光荣株式会社 The program installation system of money discriminator and program installation method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0383166A (en) * 1989-08-26 1991-04-09 Omron Corp Transaction limiting fuzzy controller for automatic teller machine
JP2001188848A (en) * 2000-01-05 2001-07-10 Toshiba Tec Corp Electronic account settlement system
JP2004362012A (en) * 2003-06-02 2004-12-24 Hitachi Ltd Automatic transaction device detecting unauthorized access and malicious program
JP2005339400A (en) * 2004-05-28 2005-12-08 Glory Ltd Illicitness prevention system for transaction terminal device
JP2011113144A (en) * 2009-11-24 2011-06-09 Oki Electric Industry Co Ltd Automatic transaction device and automatic transaction system using the same
JP2011248594A (en) * 2010-05-26 2011-12-08 Dainippon Printing Co Ltd Authentication processing device, authentication processing method, authentication processing program, processing system, and automated teller machine

Also Published As

Publication number Publication date
JP2012238254A (en) 2012-12-06
CN102779370B (en) 2014-12-03
JP5624938B2 (en) 2014-11-12
CN102779370A (en) 2012-11-14

Similar Documents

Publication Publication Date Title
US8395500B1 (en) Self-service device security alert response system
US20190164388A1 (en) Automatic transaction apparatus and control method thereof
JP2009110148A (en) Automatic transaction device, automatic transaction system, and operation method for automatic transaction device
JP2012203703A (en) Cash processor
US8988186B1 (en) Self-service device user asset condition alert
JP2006227769A (en) Automatic transaction device
JP2007087316A (en) Automatic transaction device and automatic transaction system
JP5624938B2 (en) Automatic transaction apparatus and automatic transaction system
JP5849860B2 (en) Automatic transaction apparatus and automatic transaction method
US8635159B1 (en) Self-service terminal limited access personal identification number (“PIN”)
CN208044754U (en) A kind of self-service processing equipment of deposit receipt
JP2016118875A (en) Currency processing system
JP7298084B2 (en) Piggy Bank, Savings System, Financial Institution Apparatus, Method and Program Therefor
US8380627B2 (en) Money processing system and money processing method
WO2015083443A1 (en) Transaction device and transaction method
JPWO2002075676A1 (en) Automatic transaction apparatus and transaction method therefor
CN108564731A (en) A kind of self-service processing equipment of deposit receipt and its operation principle
KR20130076103A (en) System for interlocking screen of financial transaction
JP2013120510A (en) Automatic transaction processing device and transaction processing system
JP7274174B2 (en) Important-item management device, important-item management system, and important-item management method
JP7236249B2 (en) Error coping method for money handling system and money handling machine
WO2022064811A1 (en) Information processing device, information processing program and screen control method
JP2022102570A (en) Deposit transaction system, deposit device, and deposit transaction method
JP6212672B2 (en) Automatic transaction apparatus monitoring system, monitoring apparatus, host apparatus, and monitoring method for automatic transaction apparatus monitoring system
KR101508504B1 (en) Automatic teller machine

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12785569

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12785569

Country of ref document: EP

Kind code of ref document: A1