JP2006260534A - Personal identification number management system and personal identification number management method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To increase safety in processing for confirming a person himself by PIN (personal identification number), used mainly in processing, represented by payment from a bank account by a card from an automated teller machine (ATM) in a bank, without impairing the existing convenience. <P>SOLUTION: A user requires inputting of a plurality of PINs by several number of times of operation in operation for transactions, such as payment performed at a terminal, and the number of digits of the PIN to be substantially inputted is increased, without changing the operation method each time and to enhance the function of personal confirmation. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

The present invention relates to personal identification processing using a personal identification number, which is mainly used in processing represented by withdrawal from a deposit account using a card from an ATM (automatic teller machine) or the like in a bank.

Conventionally, when a withdrawal is made from an account using ATM or the like, it is essential to enter a personal identification number.
This personal identification number is used to confirm the card user himself / herself, and only one account is set for the individual. If the personal identification number matches, the withdrawal amount is within the balance of the deposit account. Is possible.

Currently, this PIN is stolen when it is used, and it is exposed to considerable risks, such as a simple analogy when a birthday or home phone number is used. Also, passwords are systematically stolen by criminal acts such as skimming, and the damage has become a social problem.

Banks have begun to introduce biometric authentication methods such as fingerprints as a new means of identity verification, but even with that method, the processing method varies from bank to bank, so the ATM network connected between the banks cannot be used, Even if the system can be unified, it will take more time to disseminate due to the cost of remodeling ATMs in all banks.

In general, a four-digit number is used as a personal identification number, but only 10,000 ways from 0000 to 9999 can be selected. In addition, to increase the number of digits of the PIN, it is necessary for banks participating in the ATM network to simultaneously upgrade the system and remodel the ATM, which is difficult to achieve in a short time.
JP 2004-199251 A

In order to be able to introduce a more secure system using a personal identification number without losing the convenience of an ATM network interconnected between banks and at an early stage, banks participating in the ATM network are particularly It would be desirable to be able to provide it individually and easily by itself without linking with a bank.

In particular, the posting service that relies on a four-digit password is highly convenient, but a serious problem has emerged in terms of safety, and an essential flaw in the card society is being revealed.

SUMMARY OF THE INVENTION An object of the present invention is to provide a strengthening scheme for managing a personal identification number that can be implemented at an early stage without sacrificing existing convenience and without costing much.

In order to achieve such an object, the invention of claim 1 is a personal identification number management system for determining whether or not a transaction can be made based on a personal identification number input to a terminal, for example, a personal identification number for a transaction such as withdrawal. A plurality of passwords to be input, a storage means for storing the plurality of passwords to be input in advance, and the password input in each operation is one of these stored password numbers It is characterized by comprising identification means for identifying whether they match, and determination means for determining whether all of the stored passwords have been input.

Conventionally, when a transaction such as withdrawal is performed through ATM, etc., one password is input by one operation. In the invention of claim 1, a plurality of predetermined passwords are used. Since it is possible to make a transaction for the first time by performing a single operation, the number of input digits of the personal identification number is substantially increased while assuming the current input method in which only one personal identification number can be input in one operation. be able to.

Here, the transaction refers to withdrawal or the like, but is not limited to the withdrawal transaction in general, and may mean, for example, withdrawal exceeding a certain limit. Further, the transaction is not limited to the withdrawal process, and for example, the address change or the withdrawal limit change performed from the terminal is included in the transaction. The same applies to the following claims.

The operation is not an input of individual items, but an entire input procedure performed from the first input to the completion input, that is, from when the terminal enters the next use waiting state. Therefore, one operation means the entire input procedure performed in the state from when the terminal is in the waiting state to the next waiting state, that is, in the in-use state. Means that the terminal once returns to the waiting state between the first and second operations. That is, each operation is another operation that is formally independent. The same applies to the following claims unless otherwise specified.

The invention of claim 2 is also a personal identification number management system that determines whether or not a transaction can be made based on the personal identification number entered in the terminal, and for example, a plurality of operations involving the input of the personal identification number for transactions such as withdrawals. A plurality of passwords that need to be input, storage means for storing information indicating the number of times the passwords should be input, and passwords input in each operation are stored. It is characterized by comprising identification means for identifying which of the personal identification numbers matches, and determination means for judging whether or not all of the stored personal identification numbers have been inputted a predetermined number of times.
In other words, the invention of claim 2 allows the input of the same personal identification number a plurality of times, and makes a transaction only when the predetermined personal identification number is input a predetermined number of times.

The invention of claim 3 is a personal identification number management system that determines whether or not a transaction can be made based on a personal identification number input to a terminal. For example, for a transaction such as withdrawal, a user can perform a plurality of personal identifications by a plurality of operations. It is necessary to input a number, and a storage means for storing a password to be input in each subsequent operation with respect to the plurality of operations, and a password entered in each subsequent operation are stored in the storage means. A first determination unit that determines whether or not the personal identification number to be input in the next operation matches, and a second determination unit that determines whether or not all personal identification numbers stored in the storage unit have been input. It is characterized by.

Here, the round means the first time, the second time, etc., and the password to be input in each subsequent operation means which password must be input in what number of operations. The same applies to the following claims.

According to a fourth aspect of the present invention, in the first to third aspects of the present invention, the apparatus further comprises means for determining whether a plurality of passwords are continuously input. This is intended to allow the input of a predetermined plurality of passwords to be performed in a continuous operation from the viewpoint of accident prevention, assuming actual operation.

According to a fifth aspect of the present invention, in the first to third aspects of the present invention, the apparatus further comprises means for determining whether a plurality of passwords are input by an operation within a predetermined time. Similarly, assuming an actual operational aspect, from the viewpoint of accident prevention, a plurality of passwords are entered within a predetermined time.

The invention of claim 6 is a personal identification number management method for determining whether or not a transaction can be made based on a personal identification number input to a terminal, and requires, for example, a user to operate multiple times for transactions such as withdrawal. A method for determining a password to be input in the next operation based on a result of the previous operation performed by the user, and a first step of returning the result to the previous operation performed by the user; A second step of receiving a password entered in the next operation performed by the user, and the entered password matches a password determined based on the result of the previous operation by a predetermined method. And a third step of determining whether or not. A higher security is realized by dynamically determining the personal identification number.

However, in this claim, “operation” is not “input of individual items, but from the first input to the completion input, that is, from the time when the terminal enters the next use waiting state. It is not limited to “the entire input procedure to be performed (paragraph 0012)”, but “information is input to a terminal waiting for input, and the information is transmitted from the terminal to the center computer. Is returned to the terminal, and a series of processes until the terminal again enters an input waiting state ”.

The invention of claim 7 is a personal identification number management system having a function of permitting withdrawal from an account within a predetermined withdrawal limit when a predetermined personal identification number is input for one account. A plurality of personal identification numbers and an input order of the personal identification numbers are determined in advance for the account, and determination means for determining whether the plurality of personal identification numbers are input in the predetermined input order; And a withdrawal permitting means for permitting withdrawal from an account that exceeds the withdrawal limit when all of the plurality of passwords are entered in a predetermined entry order.
Here, the withdrawal from the account includes not only the cash withdrawal from the ATM but also the withdrawal and transfer withdrawal from the account using the cash card from the ATM. In other words, it doesn't matter how to dispose of funds after they are withdrawn from your account.

The invention of claim 8 is a personal identification number management system having a function of permitting withdrawal from an account within a predetermined withdrawal limit when a predetermined personal identification number is input for one account. A plurality of personal identification numbers are predetermined for the account, and a determination means for determining whether the inputted personal identification number is any of the predetermined personal identification numbers, and the plurality of personal identification numbers are It is characterized by comprising withdrawal permission means for allowing withdrawal from an account exceeding the withdrawal limit when all are entered. Here, the input order of a plurality of passwords is not limited.

The invention of claim 9 is the personal identification number management system according to claim 7 or claim 8, wherein the input of the personal identification number is not correct unless the withdrawal is permitted for the entered personal identification number. It is characterized by outputting a message to that effect.

Other than the withdrawal PIN entered when withdrawal is made, even if a PIN for canceling the withdrawal limit is entered, it is the same as when other normal wrong PIN is entered. By doing this process, a third party other than the principal does not notice that the entered password is a password having a special meaning of canceling the withdrawal limit check.

The invention of claim 10 is the personal identification number management system according to claim 7 or claim 8, which is different from a transaction for making withdrawals from an account that exceeds the withdrawal limit performed by ATM. It is characterized in that it includes the password entered in the transaction as a determination target. This is because the same effect can be obtained by combining a plurality of transactions for inputting a personal identification number.

The invention of claim 11 is a personal identification number management system for permitting withdrawal with a personal identification number entered in an ATM, wherein a personal identification number for withdrawal and a personal identification number for canceling a withdrawal limit are predetermined for one account. The first withdrawal that allows withdrawal from the account within the predetermined withdrawal limit when the withdrawal PIN is entered without entering the withdrawal limit release PIN. A second withdrawal that allows withdrawals from an account that exceeds the withdrawal limit when a withdrawal permit is entered and a withdrawal number is entered. And a permission means.

According to the first aspect of the present invention, it is substantially possible to input a plurality of passwords by a plurality of operations, instead of determining whether or not the transaction is possible by inputting one password in an operation such as withdrawal. Since the same effect as increasing the number of digits of the password can be created, safety can be improved.
Since the operation method for each time is not different from the conventional one, it is not necessary to modify the terminal such as ATM or change the input program, and it can be handled only by the program of the center computer that manages the ledger.

According to the second aspect of the present invention, since duplicate input is allowed for a plurality of passwords to be input, combinations of inputs with a greater degree of freedom are possible. For example, even if only two passwords a and b are used, it is possible to make a setting such as allowing withdrawal only when a is entered twice and b is entered once. Even if you do not remember your PIN, you can achieve a high level of safety depending on the combination.

According to the invention of claim 3, the code number to be input in each operation and the order thereof are determined, and it becomes possible to conduct a transaction only when these are all input by a plurality of operations. Safety is high.

According to the fourth aspect of the present invention, it is possible to limit the input of a predetermined plurality of passwords by successive operations, and thus it is possible to improve safety from the operational aspect.

According to the invention of claim 5, since it is possible to limit the input of a plurality of passwords by an operation within a predetermined time, it is possible to improve safety from the operational aspect.

According to the sixth aspect of the present invention, the personal identification number to be input is determined based on the return result of another operation performed before the input operation. Therefore, the personal identification number is determined dynamically, and the fixed personal identification number is fixed. A higher level of security can be achieved than with numbers.

According to the invention of claim 7, in a withdrawal transaction from an account, it is possible to withdraw more than a normally set withdrawal limit by inputting a plurality of passwords in a predetermined order. Can do.

According to the invention of claim 8, in a withdrawal transaction from an account, by entering all of a plurality of predetermined PINs regardless of the order, withdrawals exceeding the normally set withdrawal limit can be made. Can be possible.

According to the invention of claim 9, since the processing other than the password for withdrawal is the same as the processing of the normal input of the wrong security code, the password entered by a third party other than the principal is the withdrawal limit. You can avoid noticing that it is a PIN with a special meaning of unchecking the amount. Therefore, even if there is a third party who can know a series of entered passwords, it is difficult for the person to notice that there was a special meaning in the order or combination of the entered password numbers. Even if you enter only the PIN number for which you made money, you can only withdraw less than the withdrawal limit. In addition, by doing so, it is not necessary to revise the program on the terminal side, and it can be easily used in an ATM network in which inter-bank transfer is performed.

According to the invention of claim 10, a password entered by a transaction different from a transaction for withdrawing money exceeding the withdrawal limit is also subject to determination. It can also be used when moving to ATMs, and it becomes less known to third parties by using different transactions.

According to the invention of claim 11, it is not essential to enter a PIN for canceling the withdrawal limit, and it is possible to withdraw within the withdrawal limit by entering only the PIN for normal withdrawal. If you enter a PIN for canceling the withdrawal limit before entering the PIN, you can withdraw more than the withdrawal limit, so you can manage withdrawal limits according to your intentions. . As a result, except for special cases where a large amount of money is withdrawn beyond the withdrawal limit, it is usually necessary to enter a PIN code for withdrawal to ensure safe withdrawal processing under withdrawal limit management. It can be carried out.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
FIG. 1 shows a main configuration of a bank system for realizing Examples 1 to 9 described later. The personal identification number management system in this embodiment is provided in the bank system.

In FIG. 1, reference numeral 101 denotes a bank ATM, which is installed at a bank branch 100, accepts a customer's cash card, reads a customer's ledger account number from the cash card, and pays out cash by entering a personal identification number. It has a function. The ATM 101 can be the same as the conventional one.

In the present invention, ATM is a generic term for terminals having a cash payout function that allow a user to withdraw cash by inserting a cash card and inputting a personal identification number. Hereinafter, the term “branch” means a bank branch.

Reference numeral 102 denotes a terminal that can be used for various books other than ATMs installed in a branch office.

A branch server 103 is connected to the ATM 101 and various terminals 102 and transmits / receives data input / output to / from a terminal to / from a communication control apparatus 111 (described later) installed in a computer center 110 of the bank.

A communication control device 111 is installed in the computer center 110 of the bank and performs data transmission / reception between the branch server 103 and the external center 130 of the bank branch 100 and the center computer of the bank.

Reference numeral 112 denotes a central processing unit, that is, a CPU, which executes information processing related to banking operations, and also performs cash card authentication (identity confirmation) processing related to the present invention and information processing described later related thereto. The central processing unit 112 and the large-capacity storage device 113 when performing this processing function as the personal identification number management system of the present invention.

Reference numeral 113 denotes a mass storage device such as a hard disk storage device. The mass storage device 113 stores a program executed in the present invention and a ledger database for managing bank customers' deposit accounts and the like.

Reference numeral 114 denotes a management terminal used by the administrator, which inputs an instruction for information processing to be executed to the central processing unit 112, receives an information processing result from the central processing unit 112, and outputs it to a display device or the like To do.

Reference numeral 121 denotes an ATM at another bank, which is connected to the center computer 122 at the other bank and enables withdrawal of the bank depositor through an ATM interconnection service between banks.

Reference numeral 122 designates another bank computer, which sends and receives ATM withdrawal data via the ATM partner center 130 and the ATM computer interconnection service.

Reference numeral 130 denotes a computer center installed for connecting center computers between banks in order to provide an ATM interconnection service between banks.

2 to 8 show processing procedures for Embodiments 1 to 7 executed by the central processing unit 112, respectively. This processing procedure is stored in a hard disk in the mass storage device 113 in the form of a program, and is loaded into the memory and executed by the central processing unit 112 at the time of execution.

FIG. 9 shows information relating to the input of a plurality of personal identification numbers used by the customer in the present invention, which is stored in the above ledger database.

FIG. 10 shows an input message received by the central processing unit 112 when a withdrawal operation is performed at the ATM.
Since only one password is input in one operation during the withdrawal operation, only one input password 1007 exists in the input message. In addition, the input message includes various information described in the embodiments described later.

FIG. 11 shows information for specifying a branch to be applied to the multi-code number system realized by the present invention when using ATM, which is stored in the above ledger database.

FIG. 12 shows information for designating a branch stored in the above-mentioned ledger database when applying a plurality of code numbers different depending on the branch when using ATM.

FIG. 13 shows information related to the input of the respective passwords when the plural password method different depending on the branch is applied when using the ATM in conjunction with FIG. 12 and stored in the above ledger database.

FIG. 14 shows information for specifying a withdrawal reference amount in the case of applying a plurality of code numbers that are different depending on the withdrawal amount, stored in the above ledger database.

FIG. 15 is a reference diagram for explaining the eighth embodiment.

FIG. 16 shows a specific example of the information shown in FIG. 13 described in the eighth embodiment.

FIG. 17 shows a processing procedure for the ninth embodiment executed by the central processing unit 112.

In the following description of the embodiment, it is assumed that a card used for withdrawing from a deposit account using ATM is issued only to the depositor himself, and is not considered to issue an agent card.

In the first embodiment, two personal identification numbers are held in the ledger of the deposit account. One is called the first password and the other is called the second password.

Only one PIN is entered at a time in one operation at ATM.
Conventionally, there was only one personal identification number, so it was only necessary to input the personal identification number when making a withdrawal. However, in the present invention, the first password number and the second password number are used, and the withdrawal can be made only when the both password numbers are input by different operations and the withdrawal operation is performed. If you enter only one of the passwords, it will be an error and you will not be able to withdraw.

Specifically, the first password is entered and the withdrawal operation is performed. After an error occurs, the withdrawal can be made only when the second PIN is entered and the withdrawal operation is performed. Become.
Hereinafter, a method of processing when each password is input will be described with reference to FIG.

First, when the first password is input to the ATM 101 (or ATM 121), the input message 1000 is delivered to the bank center computer that manages the deposit account through the existing network (201). This is no different from the conventional one.

The central processing unit 112 of the bank's center computer reads the deposit account information from the ledger based on the information such as the ledger account number 1006 displayed on the input message 1000 in the same manner as before (202).

Since the first account number and the second code number are held in the deposit account, these pieces of information (FIG. 9 (a)) are also read out together with the input displayed on the input message 1000. It is determined whether the personal identification number 1007 matches the personal identification number (901a-1, 902a-1) held in the deposit account (203). In the following description, these processes are referred to as “verification of possessed password”.

If the entered password 1007 and the password 901a-1 held in the deposit account match, an indication that the first password has been entered and the date / time entered are entered. Information related to the terminal (bank code, branch code, terminal number, etc.) is recorded in a predetermined column (901a-2 to 901-7) (in the following description, these processes are referred to as recording of input information of the first password). (211). Then, an error message is sent back to the ATM indicating that the withdrawal is impossible (212).

Here, the input bank code (901a-3), the input branch code (901a-4), and the input terminal number (901a-5) are grasped from the input message 1000, but the input date (901a-6), As the input time (901a-7), information on the processing date and time grasped by the central processing unit 112 can be used.

In addition, although the bank code of the terminal used is displayed in the input message from the other bank ATM, the bank code is not included in the input message from the ATM 101 connected to the branch of the own bank. In some cases, the bank code of your bank is supplemented by a program. The same applies to the following embodiments.

The reason why the bank code is included here is to uniformly manage the ATM 101 of the bank and the ATM 121 of the other bank used via the ATM interconnection network between the banks.

Next, a case where the second password is input will be described. In this case as well, the process up to collation with the personal identification number held in the ledger is the same as that for the first personal identification number.

If it is determined that the second password has been input, it is determined whether the display of the input of the first password (901a-2) is recorded (205). If the input display is not recorded, an error message is sent back to the ATM indicating that the withdrawal is not possible (212). In the following description, these processes are referred to as “first password input check”.

If the input display has been recorded, the proximity of the terminal environment (date / time / place) where these two passwords are input is checked.

First, the date / time related to the input of the first personal identification number recorded in the predetermined column (901a-2 to 901), information on the terminal (bank code, branch code, terminal number, etc.) are grasped, and the date and the terminal are related. It is determined whether the information matches the date on the input message and the information related to the terminal (206). The bank code is handled in the same manner as described above when the bank ATM 101 is used.

If the result of the determination is that they do not match, it is determined that there is no proximity to the input of the first password and the second password, the display of the first password recorded in the ledger has been entered, the first password After deleting the date / time when the ID is input and the information regarding the input terminal (in the following description, these processes are referred to as “deleting the input information of the first personal identification number”), it is determined that the withdrawal is impossible. An addressed error is returned (209-210).

If they match, it is determined whether the time when the first password is input and the time when the second password is input are within a certain time interval (input proximity determination) (206). ). This time interval may be freely determined, for example, about 10 minutes. In the following description, these processes regarding the use environment of the terminal performed after the input check of the first password are referred to as “input proximity check with the first password”.

If it does not fall within this time interval, it is determined that there is no proximity to the input of the first security code and the second security code, and after the input information record of the first security code is erased, the withdrawal is not allowed. It returns an error addressed to ATM (209-210).

If it falls within this time interval, the input information record of the first password is erased and the withdrawal process is permitted (207-208). It goes without saying that this withdrawal process is the same as when a correct password has been input in the past, and the balance is checked and whether or not it is an accident card is separately determined. The same applies to the following embodiments.

By the way, this input proximity check is performed in order to prevent an operational accident, and although it increases the utility value of the present invention, it is not an essential requirement. Therefore, only the continuity of the input operation may be checked, and the time taken for the input operation and the physical proximity of the terminal may not be checked. The same applies to the following embodiments.

If the input security code is neither the first security code nor the second security code (204 is NO), either the first security code or the second security code held in the deposit account read from the ledger Therefore, after erasing the input record of the first password, it returns an error addressed to ATM indicating that the withdrawal is impossible (209-210).

Here, when a password that is neither the first password nor the second password is input, the input record is erased and returned to the initial state even if the first password has already been input. You don't have to do that. In the case of returning to the initial state, the sequential continuity of the input operation is strictly ensured. For example, when the second password is entered after the first password is entered, the wrong password is inadvertently entered. And everything will be redone.

Therefore, for example, even if a password that is neither the first password nor the second password is input, the input record of the first password is not erased. Instead, the above-mentioned input proximity (relationship between date / time and place) ) May be checked to prevent operational accidents. The handling of whether or not to delete the input record of the already-entered personal identification number when a personal identification number that should not be originally entered is the same in the following embodiments.

In the above example, the terminal-related information has been described including the terminal number, but the terminal number is not necessarily included. Of course, when the terminal number is not included in the input message sent from the ATM, the terminal number is omitted in the recording of the input information of the password and the input proximity check of the password even if the terminal number is included. Also good.

For example, after a first PIN is entered using a specific ATM among a plurality of ATMs arranged side by side, the ATM becomes an obstacle and the second PIN is entered at another ATM. It is also possible. In this case, if the check of the terminal number is not removed, it is necessary to start from the input of the first personal identification number, which places a burden on the user.

Whether or not to include the terminal number may be determined as appropriate by the bank implementing the present invention. The same applies to the following embodiments.

If the bank code and the branch code cannot be used because the terminal to be used is a terminal outside the bank, the input proximity check may be performed using information on the connection path of the terminal. This is because the ATM connection mode may change in the future.

In the above description, the description has been made on the assumption that the input of the personal identification number is performed in the withdrawal operation. However, the input of the first personal identification number may not necessarily be performed in the withdrawal operation. This is because the input of the first password is a preparatory operation, not an operation for making a withdrawal.

For example, a special operation for inputting a personal identification number may be newly provided, or an existing operation such as a balance inquiry with input of a personal identification number may be used. In this case, after recording the input information of the first personal identification number (211), the balance may be returned normally without performing the error reply (212). The same applies to the following embodiments.

In the first embodiment, an example in which processing is performed using two passwords has been described, but three passwords may be used.

A method of processing in that case will be described with reference to FIG. 3 while avoiding duplication of description with the first embodiment.

Three personal identification numbers are held in the ledger of the deposit account (FIG. 9B). This is called a first password, a second password, and a third password.

In the second embodiment, first, the first password is entered to perform a withdrawal operation, and after an error is returned, the second PIN is entered to perform the withdrawal operation, and an error is further returned. Thereafter, the withdrawal can be made only when the third password is subsequently entered and the withdrawal operation is performed.

The specific processing method is as follows.
First, the process up to collation with the personal identification number when each personal identification number is input is the same as that in the first embodiment, and thus the description thereof is omitted. The processing described below is executed by the central processing unit 112 of the bank center computer.

The processing when the first password is input is the same as in the first embodiment.
Next, when the second password is input, the input of the first password is checked (310).

If the first password has already been entered, an input proximity check with the first password is subsequently performed (311), and if there is input proximity, input information of the second password is recorded (312). ), It returns an error addressed to ATM indicating that withdrawal is impossible (316). If there is no input proximity, the input information record of the already entered personal identification number is erased, and then an error is returned indicating that withdrawal is impossible (313 to 314). That is, it returns to the initial state.

If the first personal identification number has not been entered, the input information record of the personal identification number already entered is erased, and then an error is returned indicating that withdrawal is not possible (313 to 314). This is because the second password is input before the first password is input.

Next, when the third password is input, the second password is checked for input (306).

If the second password has already been entered, an input proximity check with the second password is next performed (307), and if there is an input proximity, the input information record of the already entered password is erased. After that, the withdrawal process is accepted (308 to 309). If there is no input proximity, the input information record of the already entered password is erased, and then an error is returned indicating that withdrawal is not possible (313 to 314). In other words, the initial state is restored here.

In this embodiment, the proximity of the input operation is determined between two consecutive operations. However, even when the third password is input, the input proximity is determined between the first password and the first password. It may be.

This requires that the entire operation be performed within a certain time. If you set a limit of 10 minutes between two consecutive operations, if you enter three passwords, you will be allowed to enter up to a total of 20 minutes to enter all, but between the first operation, Providing a restriction increases the proximity of a series of operations. The effect is different when you enter a large number of passwords.

If the second personal identification number has not been entered, the input information record of the personal identification number already entered is erased, and then an error is returned indicating that withdrawal is not possible (313 to 314).

If the entered security code is not one of the first security code, the second security code, or the third security code (NO in 305), the input information record of the already entered security code is erased, and the It returns an error addressed to ATM as refusing money (313-314).
The same applies to the case where the personal identification number is 4 or more, and a description thereof will be omitted.

Also in this case, the input of the first personal identification number and the second personal identification number may be performed using other operations such as a balance inquiry instead of the withdrawal operation.

In the first and second embodiments, the example in which the order in which the plurality of passwords are to be input is determined in advance has been described. However, in the case where the input order is not determined, an example in which two passwords are used is described. To do.

Hereinafter, differences will be described while avoiding duplication of description with the above-described embodiment.
First, the process up to collation with the personal identification number when each personal identification number is input is the same as that in the first embodiment, and thus the description thereof is omitted. The processing described below is executed by the central processing unit 112 of the bank center computer.

When the first password is entered, the second password is checked for input (414).

If the second personal identification number has not been entered, the input information of the first personal identification number is recorded, and then an error addressed to the ATM is returned as an indication that withdrawal is impossible (417 to 418).

If the second password has already been entered, the input proximity check with the second password is subsequently performed (415). If there is input proximity, the input information record of the already entered password is erased. After that, the withdrawal process is accepted (407 to 408).

If there is no input proximity to the second password, the input information record of the second password is erased, the input information of the first password is recorded, and then an error addressed to the ATM is returned to indicate that withdrawal is not possible (416) ~ 418). The first password is handled as if it was input first.

When the second password is input, the same processing as when the first password and the second password are exchanged in the above processing is performed (405-408, 410-411, 418).

If the entered security code is neither the first security code nor the second security code (404 is NO), the input information record of the already entered security code is erased, and then withdrawal to the ATM is deemed impossible. An error is returned (412 to 413).

In the above description, the description has been made on the premise that the plurality of passwords are different from each other. However, when the same password is allowed to be input a plurality of times, another embodiment is possible.

In the fourth embodiment, this processing method in the case where the input order of passwords is designated will be described with reference to FIG.
The description overlapping with the above description is omitted.

Upon receiving the input message 1000, the central processing unit 112 reads the management information (FIG. 9 (a) or (b)) of the personal identification number held in the ledger, and grasps the input number and the uninput personal identification number (501 to 501). 503). Then, it is determined whether or not the password entered this time is the password to be input first among the passwords not yet input (504). This can be done by referring to the input order and the input indication in FIG. 9 (a) or (b).

If the security code entered this time is different from the security code that should be entered first (NO in 504), after deleting the input information record of the security code already entered, an error addressed to ATM indicating that withdrawal is impossible. Reply (511-512).

If the password entered at this time is the password that should be entered first, the password entered from the record of the input date and time shown in FIG. 9 (a) or (b). The last input password is grasped (505).

If the password entered this time is the first entered in the current series of withdrawal operations (506 is NO), after the input information of the password entered this time is recorded (513). Then, an error message is sent back to the ATM indicating that the withdrawal is not possible (514).

If the password entered this time is not the one entered first in this series of withdrawal operations, check the input proximity with the password entered last among the already entered passwords. If there is no input proximity, the input information record of the already entered personal identification number is erased, and then an error addressed to ATM is returned as a withdrawal impossible (511 to 512).

If there is an input proximity, it is determined whether or not all the predetermined passwords have been input (508). If there is still a password to be input, the input information is recorded for the password that has been input this time. After that, an error addressed to the ATM is returned as it is impossible to withdraw money (513 to 514).

When it is determined that all the predetermined passwords have been input, the withdrawal process is permitted (509 to 510) after the input information record of the already input password is erased.

In this way, processing can be performed regardless of the difference in the password. Even if the same password is input a plurality of times, it is only necessary to register it in FIG. 9 (a) or (b). By doing so, it is possible to make withdrawal only when a predetermined password is input in a predetermined order.

Next, the fifth embodiment will be described with reference to FIG. 6 for processing in a case where the same password is allowed even when the password input order is not designated.
Since it largely overlaps with the fourth embodiment, only the differences will be described.

The central processing unit 112 that has received the input message 1000 reads out the management information (FIG. 9C) of the personal identification number held in the deposit account from the ledger, and grasps the existing input and the unentered personal identification numbers (601 to 602). ). Then, it is determined whether or not the password entered this time is included in the password that has not been entered (603). This can be done by referring to the input display in FIG.

If it is determined that the security code entered this time is not included in the security code that has not been entered (NO in 603), after the input information record of the security code already entered is erased, the withdrawal is made An error addressed to ATM is returned as impossible (610 to 611).

If it is determined that the password entered at this time is included in the password that has not been entered, the password entered in the input date and time record shown in FIG. In step 604, the last entered password is checked. Since the subsequent processing is the same as that of the fourth embodiment, the description thereof is omitted.

In this way, processing can be performed regardless of the difference in the password. If it is necessary to input the same personal identification number a plurality of times, it is only necessary to register the same personal identification number in FIG. In this way, it is possible to withdraw money only when a predetermined password is input a predetermined number of times.

Further, according to the fourth and fifth embodiments, since it is not premised that the number of digits of the code number input by one operation is fixed, for example, the maximum number of digits of the code number that can be input by one operation. It is also possible to presuppose a system in which an arbitrary number of digits of one or more digits can be input within the range.

For example, in a system in which numbers from 1 digit to 4 digits can be entered as a PIN in one operation, 7 digits are divided into 4 digits and 3 digits, the former being the first PIN and the latter being the second PIN The invention of Example 4 or Example 5 may be applied in advance.

In this way, it may be considered that an expanded password number that exceeds the number of digits of the password number that can be input in one operation is divided and input in multiple operations. In this case, even if there are the same divided passwords, it can be considered that the original expanded password is composed of such numbers.

In Examples 1-5, although the example which does not limit ATM to utilize was demonstrated, you may limit ATM to utilize.

The ATM can be limited by, for example, a bank code or a branch code of a branch to which the ATM is connected. This is because, at present, in an ATM interconnection network between banks, a 4-digit bank code and a 3-digit branch code are displayed in a message sent and received by an ATM withdrawal operation.

FIG. 7 shows a processing procedure in the case where the above-described plural passwords are used only in ATMs connected to two branches represented by the bank code 0001, the branch code 123, the bank code 0002, and the branch code 456, respectively. It explains according to.

First, the bank account and branch code using a plurality of passwords are held in the ledger of the deposit account together with the plurality of passwords used (FIG. 11).

When a withdrawal operation is performed at the ATM 101 (or ATM 121) and the input message 1000 is delivered to the bank center computer that manages the deposit account, the central processing unit 112 of the bank center computer uses the same method as the conventional method to store the deposit account. Are read from the ledger (701-702).

Next, whether or not the bank code 1001 and the branch code 1002 displayed on the input message 1000 match the bank code = 0001, the branch code = 123 or the bank code = 0002, and the branch code = 456 read from the ledger. Determine (703).

If they do not match, it is an ATM withdrawal that does not use a plurality of passwords, so a withdrawal process with one password is performed as usual (705).
If they match, the processing described in the first to fifth embodiments is performed (704).

Here, the branches that use a plurality of passwords are limited, but branches that do not use a plurality of passwords may be limited.

In this case, in the above process, if the bank code and branch code displayed on the input message match the bank code and branch code read from the ledger, the ATM code that does not use a plurality of code numbers is used. Since it is gold, the withdrawal process with one personal identification number is performed as usual, and when they do not match, the process described in the first to fifth embodiments is performed.

In this way, by limiting branches that do not use a plurality of passwords, or branches that are not used, for example, when using ATMs in a limited number of branches that users use on a daily basis, a viewpoint that emphasizes convenience Thus, withdrawing with one PIN number as usual, when using ATMs at other branches, withdrawals using a plurality of PIN numbers can be made from the viewpoint of safety.

As shown in FIG. 12 and FIG. 13, if a bank code and a branch code are associated with a plurality of passwords to be input, for example, by holding them in the ledger, each branch using ATM It is also possible to use a plurality of passwords using different passwords.

The above-described method using a plurality of passwords can also be used according to the withdrawal amount.

The damage is serious in the case where the funds of the deposit account are scammed by ATM when the amount is large.

However, since there may be cases where the depositor wants to withdraw a large amount of money, there is a great sacrifice in convenience if the deposit amount is limited and guarded uniformly.

Therefore, a plurality of passwords may be used when the withdrawal amount in one withdrawal operation exceeds a certain amount, for example, 100,000 yen. In this case, daily withdrawals of 100,000 yen or less are made with one PIN number as usual, and convenience is emphasized, and withdrawals of 100,000 yen or more are made twice or more using multiple PIN numbers. By requiring a withdrawal operation, safety can be increased while maintaining minimum convenience.
Hereinafter, the processing mechanism will be described with reference to FIG.

First, the deposit account ledger holds a withdrawal reference amount in one withdrawal operation when using a plurality of passwords together with a plurality of passwords to be used (FIG. 14).

When a withdrawal operation is performed at the ATM 101 (or ATM 121) and the input message 1000 is delivered to the bank center computer that manages the deposit account, the central processing unit 112 of the bank center computer uses the same method as the conventional method to store the deposit account. Is read from the ledger (801-802).

Next, the withdrawal amount 1008 displayed on the input message is compared with the withdrawal reference amount read from the ledger, and it is determined whether the withdrawal amount uses a plurality of passwords (803). .

If the withdrawal amount does not use a plurality of passwords, the withdrawal process using one password is performed as usual (806).

In the case of the withdrawal amount using a plurality of passwords, the processing described in Examples 1 to 5 is performed (804 to 805).

In this example, the case where the necessity of using a plurality of PINs is determined by the amount of money withdrawn in one withdrawal operation has been described. However, the necessity of using a plurality of PINs is determined by the accumulated amount per day. May be determined.

In this case, first, it is necessary to record the accumulated withdrawal amount per day on the ledger. This processing is already performed at the bank, and there is nothing new.

Then, the deposit account ledger holds the accumulated withdrawal amount per day, which is a reference when using the plurality of passwords together with the plurality of passwords to be used.

When a withdrawal operation is performed at the ATM 101 (or ATM 121) and the input message 1000 is delivered to the bank center computer that manages the deposit account, the central processing unit 112 of the bank center computer uses the same method as the conventional method to store the deposit account. Read information from the ledger.

And the sum of the withdrawal amount displayed on the input message and the sum of the sum of the amount of sunrises read from the ledger is the sum of the amount of withdrawals per day, which is also a reference read from the ledger. Judge whether or not.

If it does not exceed, it is a withdrawal when a plurality of passwords are not used, so that the withdrawal process with one password is performed as usual.
When exceeding, the process demonstrated in Examples 1-5 below is performed.

Note that these reference amounts may be provided in two stages to change the processing method.
For example, if the withdrawal amount in a single withdrawal operation is 100,000 yen or less, one PIN is used as before, two PINs are used if it is 100,000 yen or more and 1,000,000 yen or less, and three PINs are used if it is more than 1,000,000 yen. You may make it do (FIG. 14 (a)).

This can be achieved by associating a reference amount and a plurality of code numbers used when the reference value is exceeded in the ledger in association with, for example, a code number code (FIGS. 13 and 14A).

In this way, there are various ways to determine the reference amount, but when any reference amount is used, a plurality of PIN numbers to be entered are specified in relation to the amount of withdrawal performed by entering the PIN number. become.

The use of a plurality of passwords is not limited to the cases described in the first to seventh embodiments. For example, a combination of the branch used and the withdrawal amount may be used.
A typical use case in this case will be described.

In this embodiment, the two branches where the user uses the ATM on a daily basis are branch A (bank code = 0001, branch code = 123) and branch B (bank code = 0002, branch code = 456), respectively. The maximum amount of money to be withdrawn daily at the branch office is 100,000 yen, and withdrawal under this condition can be withdrawn with one password (for example, 1111) as usual.

When making withdrawals of more than 100,000 yen and less than 1 million yen at branch A and branch B, two PIN numbers (for example, 1111 and 2222) are required. For example, it is assumed that inputs 1111, 2222, and 3333) are required.

On the other hand, when making withdrawals of 1 million yen or less at other branches that are not frequently used on a daily basis, two PIN numbers (for example, 1111 and 2222) are used. Assume that input of a password (for example, 1111, 2222, and 3333) is required. These preconditions are summarized in FIG.

In this case, the information shown in FIGS. 11, 14, and 16 is recorded in the ledger of the user's deposit account when the depositor reports the conditions of use to the bank. FIG. 16 specifically shows what is shown in FIG. 13 according to the present embodiment.

When the user performs a withdrawal operation at the ATM, it is first determined whether or not the used branch corresponds to the branches A and B by referring to the information shown in FIG.

If it is determined that the use is in one of the branches A and B, then the withdrawal amount is determined based on the information shown in FIG.

If the withdrawal amount is 100,000 yen or less, since a plurality of PIN numbers are not recorded as the amount to be used in the information shown in FIG. 14A, the withdrawal process with one PIN number (1111) is performed as usual. Is called.

If the withdrawal amount is more than 100,000 yen and less than 1 million yen, the code number is 1, so that 1111 and 2222 are set in this order as the first code number and the second code number based on the information shown in FIG. The withdrawal process can be performed only when the input is made.

In this case, the user first inputs 1111 to perform a withdrawal operation, but is returned as an error to the ATM. Then, when the user subsequently inputs 2222 and performs the withdrawal operation again, the withdrawal can be performed for the first time.

When the withdrawal amount is over 1 million yen, the code number is 2, and 1111, 2222, and 3333 are used as the first code number, the second code number, and the third code number based on the information shown in FIG. However, the processing method is the same.

If it is determined that the use is in a branch other than the branches A and B, then the withdrawal amount is determined based on the information shown in FIG.

In the information shown in FIG. 14 (b), the PIN code is 1 for withdrawals of 1 million yen or less, and the PIN code is 2 for withdrawals of 1 million yen or more. 16 is processed in the same manner as described above.

When such a method is used, even when the withdrawal is possible only with the personal identification number 1111, since the branch offices that can be used are limited to the branch offices A and B, even if the abuser knows the personal identification number, this branch office It cannot be used unless it knows itself. Moreover, even if the branch office can be known, the amount of money that can be withdrawn is limited, so the amount of damage can be reduced.

In this way, detailed management is possible according to the user's behavior, and there is an advantage that both convenience and safety can be realized.

In the description of Embodiments 1 to 8 described so far, the information in FIGS. 9, 11 to 14, and 16 is described as being held in the deposit account information on the ledger. It is not a thing. A management database may be provided in the mass storage device 113 and held therein.

In addition, the withdrawal from the ATM has been described on the assumption that the withdrawal is from a deposit account. However, for example, the withdrawal may be from a loan account such as a card loan instead of a deposit account.

Further, since the object of the present invention is to realize a higher level of security in the personal identification process using the personal identification number, it goes without saying that the service provided after the personal identification is completed is not limited to the withdrawal service. Yes.

In the above-described embodiments, examples have been described in which standards are set for ATMs to be used and withdrawal amounts. However, the method of setting the standards is not limited to these, and standards are set for use time, use date, and the like. May be.

In the embodiments described so far, it is assumed that the password is entered by the user in advance. However, the following embodiments may be adopted.

First, when the first password is input for the first time, after the input information of the first password is recorded, a certain number is returned from the central processing unit 112 to the ATM 101 (or ATM 121).
This number is called the reply value.

The user performs a withdrawal operation by inputting a number determined based on the reply numerical value as a personal identification number by a method previously determined with the bank.

This determination method may be any method. For example, there is a method in which the first four digits of the sum obtained by adding the reply numerical value to the first input secret number are used as the next secret number. For example, if the first password entered first is 1234 and the reply value is 9999, 1234 + 9999 = 111233, so 1123 is set as the second password.

In this case, it differs from the above-described embodiments in that the second password to be input is not predetermined.

The feature of the invention shown in this embodiment is that the password entered in each operation is not fixed in advance, but the result returned when the operation is performed first is reflected in the password entered in the next operation. It is.

If this is explained in contrast to Example 1, the input of the first password and the second password is not changed, but it is stored in the ledger when determining whether or not it is the second password. It is not compared with the personal identification number as it is, but with a personal identification number generated based on a predetermined personal identification number determination method. Processing after the comparison does not change.

These processes will be described with reference to FIG.
First, when the first personal identification number is input, a reply numerical value is generated, and the reply numerical value is recorded on the ledger together with the input information of the first personal identification number (1712-1713). Then, a reply numerical value is returned to the terminal (1714).

Next, if there is an input of the second personal identification number, it is confirmed that it does not match the first personal identification number read from the ledger (1703 is NO), and then it should be input using the reply value read simultaneously. A second password is generated (1704). For example, this generation method may be patterned, and the pattern number may be recorded in the ledger and read out. For example, in the case of pattern 1, the first four digits of the sum of the first password number and the reply value, and in pattern 2, the last four digits of the sum of the first password number and the reply value are set.

By comparing with the second password generated in this way, it can be recognized that the second password has been correctly input. Subsequent processing is the same as in the first embodiment.

In this case, as described above, the second password is not fixed in advance, but is generated each time, which is different from the first embodiment. However, in terms of determining that the two operations are related to each other, and the operation to be performed next is limited by the first operation, and the limited operation is performed next, the operation is performed by the correct person. Common. In fact, even when two passwords are determined in advance, in the method in which the input order is not limited, the password to be input next is limited depending on which password is input first. It is.

In the present embodiment, an example is shown in which the second personal identification number is determined by four arithmetic operations using the first personal identification number and a reply value. However, the present invention is not limited to this. For example, a numerical value that serves as a reference for generating the second personal identification number may be stored in the ledger in advance, and a personal identification number that is input based on the reference numerical value and the reply numerical value may be generated.

Alternatively, a plurality of password number candidates to be input as the second password number may be stored in advance in the ledger, and one of them may be selected based on the reply value. This can be easily realized by combining the present embodiment with the first embodiment.

For example, two passwords of the first password, the second password, and the third password are held in the ledger in the same manner as in the second embodiment, and if the reply value when the first password is input is 0, the first password is 0. If the return code is 1, the third password is input by the following operation.

In such a case, the operation performed to obtain the reply numerical value does not necessarily have to be accompanied by the input of the (first) personal identification number. Since it is only necessary to obtain a reply numerical value, a special operation for obtaining a reply numerical value may be newly provided, or a reply numerical value may be obtained using an existing operation.

By the way, in the description of Examples 1 to 9 so far, the description has been made on the assumption that the personal identification number is explicitly input as the personal identification number. However, what is different in form from the code number, such as the amount of money, can also be used as the code number.

For example, when a predetermined specific amount is input, it is regarded as a personal identification number.

For example, since withdrawals of 100 million yen or more with ATMs are not normally performed, if a withdrawal operation of 123,456,789 yen is performed, it can be considered that a PIN has been entered.

In terms of processing, this can be realized, for example, by replacing the input determination of the first password with the determination of the withdrawal amount.

In this way, numbers entered for purposes other than the original purpose can be used as passwords. This is because it is a special number that only the person can know.

Even if it is not a code number formally, if such a number is entered for identity verification, the present invention interprets it as a code number.

In the above embodiment, after a series of items are input, transmission is performed from the terminal to the center computer, and when the processing result is returned from the center computer, the terminal returns to the free state after outputting the result. The description has been made on the assumption of a simple processing form.

However, in actual operation, there is a case in which another transaction can be continuously input to the user without returning to the free state.

Taking an ATM withdrawal transaction as an example, after inserting a cash card and entering a PIN and withdrawal amount, the ATM sends it to the center computer, returns the processing result, and then the terminal This is a case where a message such as “Do you want to continue the transaction?” Is output, and the terminal is not returned to the free state, and new transactions are continuously performed while holding the user.

Also, when important information such as a PIN or account number is entered, it is sent to the center computer once without waiting for other items to be entered, and the validity of the entered content is checked. Depending on the situation, subsequent processing may be determined.

For example, in a withdrawal process at an ATM, a cash card is inserted, a password is entered, and then sent from the ATM to the center computer. The center computer determines whether the password is correct and the correct password is This is a case where a withdrawal amount input request is returned to the terminal when it is input, and a re-input request of the password is returned to the terminal when an incorrect password is input.

Therefore, in the above-described embodiment, “operation” means “from the first input to the completion input, not the input of individual items, that is, from the waiting state to the next waiting state for the terminal. The input procedure is not limited to the entire input procedure (paragraph 0012), and some information is input to the terminal waiting for input, and the information is transmitted from the terminal to the center computer. It can also be referred to as “a series of processing until the processing result is returned to the terminal and the terminal again enters an input waiting state”.

Next, an example of the withdrawal transaction in the latter form is shown (see FIGS. 1, 10, 18, 19, and 20).

In this embodiment, two passwords are used: a password for withdrawal and a password for releasing the limit of withdrawal.

On the ledger (1800), in addition to the account number (1801), at least the account balance (1805), these two personal identification numbers (1802, 1803), the accumulated withdrawal amount (1806) and the personal identification number input error count ( 1804) is recorded.

Whether the withdrawal limit check is necessary or not can be done by providing a “limit release flag” on the memory. Normally, when the ledger information is expanded on the memory, the limit release flag is set to “off” and the initial value is set. .

When a PIN is input to the ATM together with the insertion of a cash card, the input message 1000 is delivered to a bank center computer that manages the deposit account through an existing network (1901).

The central processing unit 112 of the bank center computer reads the account information from the ledger based on the information such as the ledger account number 1006 displayed on the input message 1000 by the same method as before (1902). In this case, for the first input, the limit release flag is initialized.

Then, the input password displayed on the input message 1000 is compared with the withdrawal password displayed on the ledger (1903). As a result, if they match, the central processing unit 112 of the bank center computer clears the input error count of the personal identification number (1904), and then sends a request for input of the withdrawal amount to the ATM (1905).

The security code input error count is used to stop the use of the security code for safety when a wrong security code is entered more than a predetermined number of times in succession, and is not directly related to the present invention. Is a commonly used technique and is usually held in the ledger (1804).

If the input security code and the withdrawal security code do not match, the security code input error count is added (1908), and a password re-input request (1909) is sent to the ATM. However, in the present embodiment, before performing these processes, it is determined whether or not the input password is a limit release password (1906).

If it is the limit release password, the limit release flag provided on the memory is changed to “ON”, and the withdrawal limit management is released (1907).

After that, in order to request the input of the password for withdrawal, a password re-input request (1909), which is a message indicating that the password has not been correctly input, is returned to the ATM. By doing this, it is difficult to know that the PIN number for withdrawal limit cancellation has been entered, and safety is improved, and there is no need to revise the program on the ATM side. It can be easily installed under existing ATM networks.

As a result of the determination (1906), if the input security code is not the limit release security code, the security code input error count is added (1908) as before, and a message indicating that the security code is not entered correctly is displayed. A re-input request (1909) of a certain password is returned to the ATM.

When the password is re-input, the above process is repeated again (1901-1909).

Next, when the withdrawal amount is input to the ATM, the input message 1000 is delivered to the bank center computer managing the deposit account through the existing network (2001).

The central processing unit 112 of the bank center computer does not read the deposit account information again because it has already been read from the ledger. Of course, it may be read out each time.

Then, the state of the limit release flag provided on the memory is determined (2002). If the content of the flag is “OFF”, the process proceeds to the withdrawal limit check as usual, and a series of processing is performed (2003 to 2006). Finally, the limit release flag is reset to OFF (2007).

The withdrawal limit is determined in advance for one withdrawal amount or the accumulated amount per day, and is usually held in a program developed in the center computer.

If the limit release flag is on, that is, if the content of the flag is “no withdrawal limit check required”, the process proceeds directly to checking the balance without performing the withdrawal limit check (2004). The subsequent processing is the same as the normal processing (2004 to 2007).

In this embodiment, when the PIN code for withdrawal is input first, it is possible to withdraw below the withdrawal limit without requiring the input of an additional PIN. The safety aspect of the ATM withdrawal system is maintained.

On the other hand, when the password number for withdrawal limit cancellation is input first, the withdrawal limit cancellation processing is performed while asking for re-entry of the security code, as in the case of an incorrect input of the security code. Since this withdrawal limit release process is not explicitly notified to the user, the intended user is only aware of it in detail, and cannot be known in appearance. In other words, we are trying not to know that it is temporarily unprotected.

In the tenth embodiment, a “password for releasing withdrawal limit” that is different from the “password for withdrawal” is provided and the withdrawal limit check is released. As a personal identification number, the withdrawal limit check may be canceled according to the input order and number of times.

In the example shown in FIG. 21 and FIG. 22, two passwords for withdrawal limit cancellation (which are referred to as “limit release password 1” and “limit release password 2”) are provided. The withdrawal limit is canceled when both numbers are entered. The order of input does not matter.

Only differences from the tenth embodiment will be described.
First, the limit release password 1 (1813) and the limit release password 2 (1814) are held on the ledger (1810). Others are the same as Example 10.

Then, “limit release flag 1” and “limit release flag 2” are provided on the memory for determining whether or not the withdrawal limit check is necessary. Normally, when the ledger information is first developed on the memory, these two flags are set to “OFF” and set to initial values.

FIG. 21 shows the processing flow when the password is entered. The same parts as those in FIG. 19 are given the same numbers, and the differences are shown in bold and given new numbers (2101). ~ 2104).

If the entered security code is the same as the limit release code 1, the limit release flag 1 is turned on (2101, 2102). If the entered code is the same as the limit release code 2, the limit release flag 2 is turned on. (2103, 2104). Others are the same as the case of Example 10.

Next, FIG. 22 shows a processing flow when the withdrawal amount is input. Again, the parts different from FIG. 20 are displayed in bold and given new numbers.

Unlike the case of the tenth embodiment, whether or not the withdrawal limit check is necessary is managed by two flags, so that the withdrawal limit check is canceled only when both of these two flags are on (2201). Others are the same as the case of Example 10.

In the eleventh embodiment, it is assumed that the withdrawal limit check is canceled when both the limit releasing password 1 and the limit releasing password 2 are input regardless of the input order.

However, it is also possible to cancel the withdrawal limit check when the limit releasing password 1 and the limit releasing password 2 are input in this order.

The processing flow in this case is shown in FIG.
FIG. 23 is basically the same as FIG. 21 except for the portions (2301, 2302) shown in bold.

Limit release password 1 can be accepted only when limit release flag 1 is off, and limit release password 2 can be accepted only when limit release flag 1 is on and limit release flag 2 is off. In this way, it is possible to make the two limit releasing passwords the same number.

The processing when the withdrawal amount is input is the same as in the eleventh embodiment.

In the same way, the withdrawal limit check can be canceled using three or more PIN numbers.
As described above, the security can be enhanced as much as possible while using the mechanism for inputting the password at the ATM.

Next, as an ATM input method, when a cash card is inserted, a PIN number and withdrawal amount are entered, then sent to the center computer, and the PIN number does not match the withdrawal PIN number. FIG. 24 shows the processing flow in the case where only the input of the password is requested again. This is because some banks use this method.

This corresponds to a combination of FIG. 19 and FIG. 20, and instead of sending the withdrawal amount input request (1905) in FIG. 19, processing after receiving the withdrawal amount input message in FIG. 2002-2007). FIG. 24 is also obtained by connecting FIG. 19 and FIG. 20 at that portion, and the numbers of the respective processes are also given the same numbers. Description is omitted.

It is a block diagram which shows the structure of the bank system in the case of applying this invention to a bank system. 6 is a flowchart illustrating a processing procedure of a password number process according to the first embodiment. 12 is a flowchart illustrating a processing procedure of a password number process according to the second embodiment. 10 is a flowchart illustrating a processing procedure of a personal identification number process according to the third embodiment. 10 is a flowchart illustrating a processing procedure of a personal identification number process according to the fourth embodiment. 10 is a flowchart illustrating a processing procedure of a personal identification number process according to the fifth embodiment. 14 is a flowchart illustrating a processing procedure of a personal identification number process according to the sixth embodiment. 12 is a flowchart illustrating a processing procedure of a password number process according to the seventh embodiment. It is a figure which shows the input management table of the some PIN code hold | maintained on a ledger. It is a figure which shows the input message | telegram transmitted to a center computer, when withdrawal operation is carried out by ATM. It is a figure which shows the table for branch determination in Example 6. FIG. It is a figure which shows the table for the branch determination linked | linked with the PIN in Example 6. It is a figure which shows the input management table of the PIN code linked with branch determination in Example 6. It is a figure which shows the table for withdrawal amount determination in Example 7,8. It is a figure which shows the precondition in Example 8. FIG. 20 is a diagram illustrating an input management table for a password in the eighth embodiment. It is a flowchart which shows the process sequence of the PIN code process of Example 9. It is a figure which shows the content of the ledger in Example 10,11,12. It is a flowchart which shows the process sequence when the PIN code in Example 10 is input. It is a flowchart which shows the process sequence when the payment amount in Example 10 is input. It is a flowchart which shows the process sequence when the PIN code in Example 11 is input. It is a flowchart which shows the process sequence when the payment amount in Example 11 is input. It is a flowchart which shows the process sequence when the PIN code in Example 12 is input. 22 is a flowchart illustrating a processing procedure in the thirteenth embodiment.

Explanation of symbols

100 Own branch 101 Own ATM
102 Non-ATM terminal of own branch 103 Branch server 104 of own branch Own computer center 111 Communication control device 112 Central processing unit 113 of own center computer Mass storage device 114 of own center computer Administration terminal 120 of own center computer Other row Bank system 121 Other bank ATM
122 Other Bank Center Computer 130 ATM Partner Center 901a-1 First PIN Numbers 901a-2 to 7 Stored in the Ledger First Password Input Information 902a-1 Second PIN Number Stored in the Ledger 1000 Input message 1001 to 1008 Display information on input message 1800 Display information on ledger 1801 to 1806 Display information on ledger 1810 Display information on ledger 1811 to 1817 Display information on ledger

Claims (11)

A security code management system that determines whether or not transactions can be made based on a security code entered in a terminal,
You ’ll need to do multiple actions with a PIN for a specific transaction,
Storage means for storing a plurality of passwords to be input in the plurality of operations;
Identification means for identifying which of the plurality of stored passwords the password entered in each operation corresponds to;
A password management system comprising: determination means for determining whether all of the plurality of stored passwords have been input. A security code management system that determines whether or not transactions can be made based on a security code entered in a terminal,
You ’ll need to do multiple actions with a PIN for a specific transaction,
Storage means for storing a plurality of passwords to be input in the plurality of operations and information indicating the number of times to be input for the plurality of passwords;
Identification means for identifying which of the plurality of stored passwords the password entered in each operation corresponds to;
A password management system comprising: determination means for determining whether or not all of the number of times to be input are input for the plurality of stored passwords. A security code management system that determines whether or not transactions can be made based on a security code entered in a terminal,
You ’ll need to do multiple actions with a PIN for a specific transaction,
Storage means for storing a password to be input in each subsequent operation with respect to the plurality of operations;
First determination means for determining whether a password entered in each subsequent operation matches the stored password to be entered next;
A personal identification number management system comprising: second determination means for determining whether all personal identification numbers stored in the storage means have been input. The personal identification number management system according to any one of claims 1 to 3,
The personal identification number management system further comprising another determination means for determining whether or not the plurality of personal identification numbers are input by a continuous operation. The personal identification number management system according to any one of claims 1 to 3,
The personal identification number management system further comprising: another determination means for determining whether the plurality of personal identification numbers are input by an operation within a predetermined time. A code number management method for determining whether or not a transaction can be made based on a code number input to a terminal,
You need to do multiple actions for a particular transaction,
Based on the result of the previous operation, a method for determining the password to be input in the next operation is predetermined,
A first step of returning a result of the previous operation;
A second step of receiving a password entered in the next operation;
And a third step of determining whether the personal identification number received in the second step matches the personal identification number determined based on the result of the previous operation by the predetermined method. PIN code management method. A password management system having a function of permitting withdrawal from an account within a predetermined withdrawal limit when a predetermined password for an account is input from an ATM,
A plurality of passwords for one account and the input order of these passwords are predetermined,
Determination means for determining whether or not a plurality of passwords are input in the predetermined input order;
Withdrawing permission means for allowing withdrawal from the account exceeding the withdrawal limit when all of the predetermined plurality of passwords are input in the predetermined input order. PIN code management system. A password management system having a function of permitting withdrawal from an account within a predetermined withdrawal limit when a predetermined password for an account is input from an ATM,
Multiple passwords are pre-determined for one account,
Determining means for determining whether the input password is one of the plurality of passwords;
A password management system comprising: a withdrawal permission means for permitting withdrawal from the account that exceeds the withdrawal limit when all of the plurality of passwords are input. The personal identification number management system according to claim 7 or 8,
A password management system that outputs a message to the effect that the entered password is not correct unless the withdrawal is permitted for the entered password. The personal identification number management system according to claim 7 or 8,
The personal identification number determined by the determination means also includes a personal identification number entered in a transaction different from the transaction performed at the ATM and withdrawing from the account exceeding the withdrawal limit. Management system. A security code management system for permitting withdrawal with a password entered in an ATM,
For one account, a PIN for withdrawal and a PIN for canceling the withdrawal limit are set in advance.
A first withdrawal permission means for permitting withdrawal from the account within a predetermined withdrawal limit when a withdrawal PIN is entered without entering a withdrawal limit unlocking PIN; ,
Second withdrawal permitting means for allowing withdrawal from the account exceeding the withdrawal limit when the withdrawal PIN is entered after the withdrawal limit cancellation PIN is entered; A personal identification number management system characterized by comprising.

Images