JP2010282261A - Management server, automatic transaction device, automatic transaction system, and automatic transaction method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enhance security without complicating an operation, in a transaction of an automatic transaction device. <P>SOLUTION: This management server is connected to the automatic transaction device executing the transaction according to an input operation by a user, via a network, and includes a storage part 206 for storing card identification information for identifying a card carried by the user, user authentication information for authenticating the user, and transaction permission information for permitting the prescribed transaction by the card; a reception part 202 for receiving the card identification information, the user authentication information and the transaction permission information transmitted from the automatic transaction device in response to the input operation by the user; a user authentication part 204 for authenticating the user using the user authentication information; and a transaction permission part 208 for determining the propriety of permitting the prescribed transaction by the card, using transaction permission information. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a management server, an automatic transaction apparatus, an automatic transaction system, and an automatic transaction method, and more particularly to an automatic transaction method for determining rejection of a transaction in an automatic transaction apparatus.

  Conventionally, when a bank receives a payment or transfer instruction from an ATM (hereinafter referred to as an automatic transaction apparatus) or the like, the bank performs a withdrawal process from the bank account of the depositor. Generally, in a conventional automatic transaction apparatus, a predetermined process such as a withdrawal process is permitted if a password entered by a user matches a registered password. However, in this case, if the card and the password are leaked, there is a risk that the transaction is performed illegally.

  Therefore, as measures for avoiding illegal transactions, security is strengthened by using biometric authentication in addition to a personal identification number or setting a new second personal identification number (for example, patents). Literature 1, Patent Literature 2).

JP 2006-268098 A JP 2007-11755 A

However, in the case of using biometric authentication in addition to authentication by a normal password, it is necessary to add hardware for performing biometric authentication processing to the automatic transaction apparatus, which increases costs and makes operation complicated. There was a problem that. Further, when authentication is performed by setting a new second password, the user has to input a plurality of passwords, which causes a problem that the operation becomes complicated.
Therefore, the present invention has been made in view of the above problems, and an object of the present invention is a novel that can enhance security without complicating operations in transactions of an automatic transaction apparatus. Another object of the present invention is to provide an improved management server, automatic transaction apparatus, automatic transaction system, and automatic transaction method.

  In order to solve the above problems, according to an aspect of the present invention, a management server connected via an automatic transaction device that performs transactions according to a user's input operation, the card possessed by the user A storage unit that stores card identification information to be identified, user authentication information for authenticating the user, and transaction permission information for permitting a predetermined transaction with the card in association with each other, according to a user's input operation A receiving unit that receives card identification information, user authentication information, and transaction permission information transmitted from the automatic transaction apparatus, a user authentication unit that authenticates the user using the user authentication information, and transaction permission There is provided a management server, comprising: a transaction permission unit that determines whether or not a predetermined transaction by a card is permitted using information.

  According to such a configuration, the user is authenticated by the user authentication information transmitted from the automatic transaction apparatus in response to the user's input operation, and further, transaction permission information transmitted from the automatic transaction apparatus, and the storage unit It is determined whether or not the transaction is permitted by comparing with the transaction permission information stored in. As a result, it is possible to strengthen the security by making a transaction refusal determination using not only the user authentication information such as the card identification information and the personal identification number but also the transaction permission information such as the transaction amount. In addition to user authentication information such as personal identification number, security can be strengthened by a simple method of entering transaction permission information such as transaction amount without adding complicated functions and operations such as biometric authentication. It becomes.

  In addition, the user authentication unit is configured so that the user authentication information received by the reception unit matches the user authentication information corresponding to the card identification information of each user stored in the storage unit. You may make it determine with it being legitimate.

  The transaction permission unit permits a predetermined transaction when the transaction permission information received by the receiving unit matches the transaction permission information corresponding to the card identification information of each user stored in the storage unit. You may do it.

  Further, the user authentication information may be a personal identification number, and the transaction permission information may be a transaction amount.

  The storage unit stores a predetermined transaction amount as transaction permission information, and the transaction permission unit matches the transaction amount received by the receiving unit with the transaction amount stored in the storage unit. In some cases, a transaction with a transaction amount may be permitted.

  In addition, the storage unit stores a predetermined transaction amount for canceling the transaction amount restriction as the transaction permission information, and the transaction permission unit stores the transaction amount received by the receiving unit in the storage unit. The transaction amount restriction may be released when the transaction amount is for releasing the transaction amount restriction.

  In addition, the storage unit stores a range of a predetermined transaction amount as transaction permission information, and the transaction permission unit includes a transaction amount received by the receiving unit within a range of transaction amounts stored in the storage unit. In this case, the transaction with the transaction amount may be permitted.

  In order to solve the above-described problem, according to another aspect of the present invention, an automatic transaction apparatus that is connected to a management server via a network and performs a transaction in accordance with a user's input operation, is inserted by a user. The user authentication information is sent to the management server by the card server, the user authentication information input by the user, the transaction permission information for permitting a predetermined transaction by the card, and the management server. A receiving unit that receives a result of authentication of a user performed using the information and a result of approval or disapproval of a predetermined transaction performed using the transaction permission information, and a user authentication result and a predetermined transaction received by the receiving unit. An automatic transaction apparatus is provided that includes a display control unit that displays a result of acceptance or rejection on a display screen.

  The display control unit may display an authentication information input screen for inputting user authentication information and a transaction permission information input screen for inputting transaction permission information on the display screen in response to user input.

  The transaction permission information input screen displayed on the display screen may be a transaction amount input screen on which a predetermined transaction amount is input.

  In order to solve the above problem, according to another aspect of the present invention, an automatic transaction apparatus that performs transactions in accordance with a user's input operation and a management server that permits or rejects predetermined transactions in the automatic transaction apparatus via a network. The management server connects the card identification information for identifying the card possessed by the user, the user authentication information for authenticating the user, and the transaction that permits a predetermined transaction using the card. A storage unit that stores the permission information in association with each other, a receiving unit that receives card identification information, user authentication information, and transaction permission information transmitted from the automatic transaction apparatus in response to a user's input operation; A user authentication unit that authenticates the user using the user authentication information, and a transaction permission unit that determines whether or not a predetermined transaction using the card is permitted using the transaction permission information. The transaction device receives, by the management server, a reception unit that receives a result of user authentication performed using the user authentication information and a result of approval / disapproval of a predetermined transaction performed using the transaction permission information. There is provided an automatic transaction system comprising: a display control unit that displays a result of authentication of a user and a result of approval or disapproval of a predetermined transaction on a display screen.

  Moreover, in order to solve the said subject, according to another viewpoint of this invention, it performs in the automatic transaction apparatus which transacts according to a user's input operation, and the management server which permits the predetermined transaction in an automatic transaction apparatus. An automatic transaction method, wherein a management server receives card identification information, user authentication information, and transaction permission information transmitted from an automatic transaction apparatus in response to a user input operation, and user authentication A step of authenticating a user using information, a step of determining whether or not to permit a predetermined transaction by a card using transaction permission information, and a user authentication information by an administration server in an automatic transaction apparatus. A step of receiving a user authentication result and a result of accepting or rejecting a predetermined transaction performed using the transaction permission information, and a user authentication received by the receiving unit. Characterized in that it comprises the result and a step of displaying on the display screen permission result of a predetermined transaction, the automatic transaction system is provided.

  As described above, according to the present invention, security can be enhanced without complicating operations in transactions of an automatic transaction apparatus.

It is explanatory drawing explaining the outline | summary of the automatic transaction system concerning one Embodiment of this invention. It is a block diagram which shows the function structure of the automatic transaction apparatus and account type | system | group host concerning the embodiment. It is explanatory drawing explaining the memory content memorize | stored in the memory | storage part. It is a flowchart which shows the 1st operation example of an automatic transaction apparatus. It is explanatory drawing explaining the content of the display screen of an automatic transaction apparatus. It is a flowchart which shows the 1st operation example of an account type | system | group host. It is explanatory drawing explaining the memory content memorize | stored in the memory | storage part. It is a flowchart which shows the 2nd operation example of an automatic transaction apparatus. It is explanatory drawing explaining the content of the display screen of an automatic transaction apparatus. It is explanatory drawing explaining the content of the display screen of an automatic transaction apparatus. It is a flowchart which shows the 2nd operation example of an accounting type | system | group host. It is explanatory drawing explaining the memory content memorize | stored in the memory | storage part. It is a flowchart which shows the 3rd operation example of an automatic transaction apparatus. It is explanatory drawing explaining the content of the display screen of an automatic transaction apparatus.

  Exemplary embodiments of the present invention will be described below in detail with reference to the accompanying drawings. In addition, in this specification and drawing, about the component which has the substantially same function structure, duplication description is abbreviate | omitted by attaching | subjecting the same code | symbol.

Further, the “detailed description of the embodiments” will be described in the order shown below.
[1] Purpose of this embodiment [2] Outline of automatic transaction system [3] Functional configuration of automatic transaction apparatus and management server [4] First operation example of automatic transaction system [5] Second operation of automatic transaction system Example of Operation [6] Third Example of Automatic Transaction System

[1] Purpose of this Embodiment First, the purpose of this embodiment will be described. Conventionally, when a bank receives a payment or transfer instruction from an ATM (hereinafter referred to as an automatic transaction apparatus) or the like, the bank performs a withdrawal process from the bank account of the depositor. Generally, in a conventional automatic transaction apparatus, a predetermined process such as a withdrawal process is permitted if a password entered by a user matches a registered password. However, in this case, if the card and the password are leaked, there is a risk that the transaction is performed illegally.

  Therefore, as measures for avoiding unauthorized transactions, security is strengthened by using biometric authentication in addition to a personal identification number or setting a new second personal identification number. However, in the case of using biometric authentication in addition to authentication by a normal password, it is necessary to add hardware for performing biometric authentication processing to the automatic transaction apparatus, which increases costs and makes operation complicated. There was a problem that. Further, when authentication is performed by setting a new second password, the user has to input a plurality of passwords, which causes a problem that the operation becomes complicated.

  Then, the automatic transaction system 1 concerning embodiment of this invention came to be created focusing on the above situations. According to the automatic transaction system 1 according to the present embodiment, it is possible to enhance security without making the operation complicated in the transaction of the automatic transaction apparatus.

[2] Overview of Automatic Transaction System Next, an overview of the automatic transaction system 1 according to an embodiment of the present invention will be described with reference to FIG. FIG. 1 is an explanatory diagram for explaining the outline of the automatic transaction system 1. The automatic transaction system 1 includes an automatic transaction apparatus 10, a billing system host 20, a network 30 and the like.

  In this embodiment, in particular, an automatic transaction system when using an automatic transaction apparatus (ATM) of a bank will be described as an example, but the present invention is not limited to such an example. For example, the present invention can be applied to an automatic transaction system such as a financial institution other than a bank. The automatic transaction apparatus is installed in various facilities such as a financial institution sales store, a convenience store, a station premises, a hotel, a hospital, an amusement park, a restaurant, and an office building.

  As shown in FIG. 1, the automatic transaction apparatus 10 includes a customer operation unit 11, a CRP 12, a PBPR 13, a JPR 14, an MCU 15, a COIN 16, and a CCAD 17.

  The customer operation part 11 has a function as a display part which displays the guidance screen of operation by a customer, and a customer operation part which detects customer operation. The function as the display unit is realized by, for example, a CRT (Cathode Ray Tube) display device, a liquid crystal display (LCD) device, or an OLED (Organic Light Emitting Diode) device. Moreover, the function as a customer operation part is implement | achieved by the touch panel, for example. In this specification, an example in which the functions of the display unit and the customer operation unit are integrally configured in the automatic transaction apparatus 10 will be described, but the functions of the display unit and the customer operation unit may be configured separately. .

  The CRP 12 functions as a magnetic card reader / writer and a detailed printer. As a magnetic card reader / writer, the magnetic card inserted in the automatic transaction apparatus 10 is read and written. The detail printer prints the transaction details after the transaction is executed.

  The PBPR 13 has a function as a passbook bookkeeping machine, and has a function of reading a magnetic stripe provided in a passbook inserted by a user and a function of printing on a passbook. For example, customer identification information such as an account number can be read from a passbook time stripe, and a customer transaction history acquired from the account host 20 based on the customer identification information can be recorded.

  The JPR 14 has a function as a receipt journal printer, and outputs a receipt in which transaction details are described. The MCU 15 functions as a control unit that controls the automatic transaction apparatus 10, and controls communication with the accounting system host 20, data reading, and the like.

  The COIN 16 functions as a coin deposit / withdrawal machine and performs coin deposit / withdrawal processing. The CCAD 17 functions as a bill deposit / withdrawal machine and performs bill deposit / withdrawal processing. The deposit process is, for example, a process of identifying the type of banknotes and coins and the number of banknotes and coins inserted by the user into the deposit port, and storing the banknotes and coins in a predetermined place. Also, the withdrawal process is a process of counting banknotes and coins corresponding to the amount specified in accordance with the user's operation and transporting them to the withdrawal port.

  The automatic transaction apparatus 10 is provided with a storage medium (not shown) for storing information. The storage medium stores, for example, a control program for controlling the overall operation of the automatic transaction apparatus 10, screen data to be displayed on the customer operation unit 11, information necessary for transactions performed by the customer, and the like. Here, the storage medium may be, for example, a magnetic recording medium such as a hard disk, an EEPROM (Electronically Erasable and Programmable Read Only Memory), a flash memory, an MRAM (Magnetically Memory Random Access). It is composed of a non-volatile memory such as PRAM (Phase change Random Access Memory).

  The account host 20 is connected to the automatic transaction apparatus 10 via the network 30 to authenticate a customer who operates the automatic transaction apparatus 10, or to make money such as deposit or transfer instructed by the customer at the automatic transaction apparatus 10. Perform transactions (account transaction processing). Further, the account host 20 is provided with a database in which the above customer information and transaction history indicating the contents of money transactions previously performed by the customer are recorded. The account host 20 manages customer information (account ledger) such as account number, personal identification number, name, address, age, date of birth, telephone number, occupation, family structure, annual income, and deposit balance in the database. The account host 20 having a database functions as a management server that performs transactions with the automatic transaction apparatus 10.

  The network 30 is a dedicated network, such as a financial institution network. The network 30 is configured by, for example, an IP-VPN (Internet Protocol-Virtual Private Network). The outline of the automatic transaction system 1 has been described above.

[3] Functional Configuration of Automatic Transaction Device and Management Server Next, the functional configuration of the automatic transaction device 10 and the billing system host 20 will be described with reference to FIG. FIG. 2 is a block diagram showing functional configurations of the automatic transaction apparatus 10 and the billing system host 20.

  As shown in FIG. 2, the automatic transaction apparatus 10 includes a reading unit 102, a transmission unit 104, a reception unit 106, a display control unit 108, and the like. The reading unit 102 has a function of reading card information of a card inserted by the user and detecting input operation information input by the user. The reading unit 102 reads a user's account number, account information, and the like recorded on a magnetic stripe, an IC chip, or the like of a card inserted into the automatic transaction apparatus 10.

  The transmission unit 104 is an interface with the account host 20 and has a function of transmitting various information to the account host 20 via the network 30. Specifically, the account number and account information of the user read by the reading unit 102, user authentication information for authenticating the user, transaction permission information for permitting a predetermined transaction using the card, and requested by the user The contents of the executed money transaction are transmitted to the account host 20.

  The receiving unit 106 is an interface with the accounting host 20 and has a function of receiving various information from the accounting host 20 via the network 30. Specifically, the authentication result of the user authenticated by the account host 20 and the result of approval / disapproval of a predetermined transaction are received. The reception unit 106 provides the display control unit 108 with the authentication result and the permission / refusal result received from the accounting host 20.

  The display control unit 108 has a function of displaying an operation guidance screen, a transaction result, and the like by the customer on the display unit described above. Specifically, an authentication information input screen for inputting user authentication information in response to a user input and a transaction permission information input screen for inputting transaction permission information are displayed on the display screen. The transaction permission information input screen is a transaction amount input screen for inputting a predetermined transaction amount. Further, the display control unit 108 has a function of causing the display unit (display screen) to display the user authentication result provided by the receiving unit 106 and the result of approval or disapproval of a predetermined transaction. The functional configuration of the automatic transaction apparatus 10 has been described above.

  Next, the functional configuration of the accounting host 20 will be described. As shown in FIG. 2, the billing system host 20 includes a receiving unit 202, a user authentication unit 204, a storage unit 206, a transaction permission unit 208, and a transmission unit 210.

  The receiving unit 202 is an interface with the automatic transaction apparatus 10 and has a function of receiving various information from the automatic transaction apparatus 10 via the network 30. Specifically, the user's account number and account information transmitted from the transmission unit 104 of the automatic transaction apparatus 10, user authentication information for authenticating the user, transaction permission information, contents of money transaction, etc. are received. . The receiving unit 202 provides the received user account number and the like to the user authentication unit 204 and the transaction permission unit 208.

  The user authentication unit 204 has a function of performing user authentication using the user authentication information provided from the reception unit 202. Specifically, the user authentication unit 204 includes user authentication information provided from the receiving unit 202 and user authentication information corresponding to user card identification information stored in the storage unit 206 described later. If they match, it is determined that the user is valid. The card identification information is information given to identify each card when issuing the card. The card identification information is also provided from the receiving unit 202 to the user authentication unit 204. The user authentication information is information that only each user can know. For example, a 4-digit password can be used.

  The storage unit 206 includes, for example, a magnetic recording medium such as a hard disk, an EEPROM (Electronically Erasable and Programmable Read Only Memory), a flash memory, an MRAM (Magnetic Memory Random Access), and an MRAM (Magnetic Memory Random Access). A non-volatile memory such as Phase change Random Access Memory.

  The storage unit 206 stores card identification information for identifying a card possessed by the user, user authentication information for authenticating the user, and transaction permission information for permitting a predetermined transaction using the card in association with each other. ing. As described above, the password is used as the user authentication information. As the transaction permission information, a transaction permission amount is used in the present embodiment. The transaction permission information stored in the storage unit 206 will be described in detail later.

  The transaction permission unit 208 has a function of determining whether or not a predetermined transaction using a card is permitted using the above-described transaction permission information. Specifically, if the transaction permission information provided from the receiving unit 202 matches the transaction permission information corresponding to each user's card identification information stored in the storage unit 206, the predetermined transaction is permitted. To do. As described above, the transaction permission information is a transaction amount, and the storage unit 206 stores in advance a transaction amount that can be transacted by the user as the transaction permission information.

  Moreover, as transaction permission information, the transaction amount which a user can trade is set, for example. In this case, when the transaction amount input by the user matches the transaction amount as transaction permission information stored in the storage unit 206, the transaction permission unit 208 permits the transaction with the transaction amount. To do. This embodiment will be described later in detail as a first operation example of the automatic transaction system 1.

  Further, as the transaction permission information, for example, a transaction amount for releasing the transaction amount restriction stored in the storage unit 206 is set. In this case, the transaction permission unit 208 cancels the transaction amount restriction when the transaction amount input by the user is a transaction amount for releasing the transaction amount restriction stored in the storage unit 206. This embodiment will be described in detail later as a second operation example of the automatic transaction system 1.

  Moreover, as transaction permission information, the range of the transaction amount which a user can transact is set, for example. In this case, when the transaction amount input by the user is within the range of the transaction amount stored in the storage unit 206, the transaction permission unit 208 permits a transaction with the transaction amount. This embodiment will be described later in detail as a third operation example of the automatic transaction system 1.

  The transmission unit 210 is an interface with the automatic transaction apparatus 10 and has a function of transmitting various types of information to the automatic transaction apparatus 10 via the network 30. Specifically, the result of permission or disapproval of a predetermined transaction provided from the transaction permission unit 208 is transmitted to the automatic transaction apparatus 10. The user authentication result is also transmitted from the transmission unit 210 to the automatic transaction apparatus 10.

  As described above, it is possible to enhance security by determining transaction approval / disapproval using not only user authentication information such as card identification information and a personal identification number but also transaction permission information such as a transaction amount. Furthermore, in addition to user authentication information such as a password, security can be strengthened by a simple method of inputting a transaction amount without adding complicated functions and operations such as biometric authentication. The functional configuration of the accounting host 20 has been described above.

[4] First operation example of automatic transaction system As described above, in addition to user authentication information such as a personal identification number, the transaction amount is used as transaction permission information, so that security can be achieved without complicating operations. Can be strengthened. As the transaction permission information, for example, a transaction amount that can be traded by the user is set in advance and stored in the storage unit 206. Hereinafter, a first operation example of the automatic transaction system 1 will be described with reference to FIGS.

  First, the contents of the storage unit 206 will be described with reference to FIG. FIG. 3 is an explanatory diagram for explaining the storage content 2060 stored in the storage unit 206. As shown in FIG. 3, in the first operation example, the storage unit 206 stores an account number 2061 as card identification information for identifying a card, a personal identification number 2062 as user authentication information, and transaction permission information. Are stored in association with each other.

  The account number 2061 is a number uniquely determined when the user opens a bank account, and is an alphanumeric number of about 12 digits including a bank code and a branch code. The personal identification number is also a number that is set when the user opens a bank account, and is usually set to about four digits. The transaction amount is also set in advance when an account is opened. The transaction amount is normally set at the terminal at the window, but the user may change the transaction amount on the input screen of the automatic transaction apparatus 10.

  Next, a first operation example of the automatic transaction apparatus 10 will be described with reference to FIGS. 4 and 5. FIG. 4 is a flowchart showing a first operation example of the automatic transaction apparatus 10. FIG. 5 is an explanatory diagram for explaining the contents of the display screen displayed on the display unit of the automatic transaction apparatus 10.

  First, the transaction selection screen of the display screen 401 shown in FIG. 5 is displayed on the display unit of the automatic transaction apparatus 10. On the transaction selection screen, for example, a plurality of selectable transaction lists such as “withdrawal” and “balance inquiry” are displayed. As shown in FIG. 4, for example, “withdrawal” is selected from the transaction list in accordance with a user operation, and a payment transaction is started (S <b> 102).

  And according to a user's operation, a card is inserted in automatic transaction device 10 (S104). The reading unit 102 of the automatic transaction apparatus 10 reads the card information of the card inserted in step S104. The card information read by the reading unit 102 reads the account number of the user as described above. Thereafter, a screen for instructing the user to input a password is displayed on the display unit. Then, a personal identification number is input according to the user's operation (S106).

  As shown in FIG. 3, for example, when a user who has a card with an account number “AAAAAAAAAAAAA” inputs a personal identification number “1212”, the account host 20 authenticates the user as valid. The If the user is authenticated by the password entered in step S106, a screen for guiding the payment amount input operation is displayed on the display unit. Then, the payment amount is input according to the user's operation (S108).

  In step S108, for example, the display screen 402 is displayed on the display unit of the automatic transaction apparatus 10. On the display screen 402, a number that can be pressed by the user is displayed together with a message “Please enter the transaction amount”. The user inputs, for example, “50,000 yen” by pressing the number on the display screen.

  Thereafter, the transmission unit 104 of the automatic transaction apparatus 10 transmits the transaction amount and the like input in step S108 to the account host 20 (S110). When the transaction amount or the like is transmitted to the account host 20 in step S110, “in communication” is displayed on the display unit of the automatic transaction apparatus 10 as in the display screen 403 of FIG.

  Then, based on the user authentication result and the transaction refusal result notified by the account host 20, it is confirmed whether or not the personal identification number and the transaction amount match (S112). When the transaction amount associated with the account number of the card possessed by the user is “50,000 yen” in the storage unit 206 of the account host 20, “inputted by the user in step S 108. The transaction amount stored with “50,000 yen” matches. In this case, the transaction permission is notified from the account host 20.

  In step S112, if the personal identification number and the transaction amount match and a transaction permission notification is made, the automatic transaction apparatus 10 prints a receipt of the transaction result (S114). Thereafter, the cash, card and details worth the amount of money (50,000 yen) that can be traded are discharged (S116). When the processing up to step S116 is completed, a transaction selection screen for inputting payment transaction start is displayed on the display screen (S120).

  In step S112, if the passwords do not match or the transaction amounts do not match, the transaction is not permitted, so that the transaction is not permitted on the display screen (S118). And in order to guide the start input of payment transaction again, a transaction selection screen is displayed on a display screen (S120). Heretofore, the first operation example of the automatic transaction apparatus 10 has been described.

  Next, a first operation example of the billing system host 20 will be described with reference to FIG. FIG. 6 is a flowchart showing a first operation example of the accounting host 20. As shown in FIG. 6, the account host 20 first receives card information, a password, a transaction amount, etc. from the automatic transaction apparatus 10 (S202).

  Then, it is determined whether or not the personal identification number received in step S202 matches the personal identification number corresponding to the card information stored in the storage unit 206 (S204). If it is determined in step S204 that the personal identification number received in step S202 matches the personal identification number stored in the storage unit 206, the process of step S206 is executed.

  If it is determined in step S204 that the personal identification number received in step S202 does not match the personal identification number stored in the storage unit 206, an automatic transaction is made to the effect that the user cannot be authenticated. The device 10 is notified (S205).

  If it is determined in step S204 that the password received in step S202 matches the password stored in the storage unit 206, it is determined whether the transaction amounts match (S206). In the determination in step S206, it is determined whether or not the transaction amount received in step S202 matches the transaction amount corresponding to the card information stored in the storage unit 206.

  If it is determined in step S206 that the received transaction amount matches the transaction amount stored in the storage unit 206, a notification of transaction permission is sent to the automatic transaction apparatus 10 (S208). On the other hand, if it is determined in step S206 that the received transaction amount does not match the transaction amount stored in the storage unit 206, a transaction rejection notice is transmitted to the automatic transaction apparatus 10 (S210). ).

  The first operation example of the accounting host 20 has been described above. According to the first operation example, a transaction cannot be performed with a transaction amount other than the transaction amount stored in the storage unit 206 of the account host 20. For this reason, it becomes possible to reinforce the security without performing a complicated operation as compared with the case where the transaction is performed using only the personal identification number.

[5] Second Operation Example of Automatic Transaction System Next, a second operation example will be described with reference to FIGS. In the first operation example, a transaction can be performed only with a transaction amount registered in advance. However, in the second operation example, as with the first operation example, it is possible to perform a transaction with a free amount while enhancing security with a simple operation. In the following, in addition to the first operation example, dummy amount data for removing the transaction amount restriction once is set in the storage unit 206 of the account host 20. Hereinafter, a second operation example of the automatic transaction system 1 will be described.

  First, the contents of the storage unit 206 will be described with reference to FIG. FIG. 7 is an explanatory diagram for explaining the storage content 2160 stored in the storage unit 206. As shown in FIG. 7, in the second operation example, the storage unit 206 stores an account number 2161 as card identification information for identifying a card, a personal identification number 2162 as user authentication information, and transaction permission information. Transaction amount 2163 and a dummy amount 2164 for releasing the transaction amount restriction are stored in association with each other.

  The account number 2161, personal identification number 2162, and transaction amount 2163 have the same contents as those in the first operation example, and thus detailed description thereof is omitted. The dummy amount 2164 is amount data for removing the transaction amount restriction a predetermined number of times. The dummy amount is normally set at the terminal of the window, but the user may change the dummy amount on the input screen of the automatic transaction apparatus 10.

  Next, a second operation example of the automatic transaction apparatus 10 will be described with reference to FIGS. 8 and 9. FIG. 8 is a flowchart showing a second operation example of the automatic transaction apparatus 10. FIG. 9 is an explanatory diagram for explaining the contents of the display screen displayed on the display unit of the automatic transaction apparatus 10. Hereinafter, detailed description of the same operations as those in the first operation example will be omitted.

  First, the transaction selection screen of the display screen 411 shown in FIG. 9A is displayed on the display unit of the automatic transaction apparatus 10. As shown in FIG. 8, for example, “withdrawal” is selected from the transaction list according to the user's operation, and a payment transaction is started (S 302).

Then, a card is inserted into the automatic transaction apparatus 10 in accordance with the user's operation (S304).
The reading unit 102 of the automatic transaction apparatus 10 reads the card information of the card inserted in step S304. The card information read by the reading unit 102 reads the account number of the user as described above. Thereafter, a screen for instructing the user to input a password is displayed on the display unit. Then, a password is input according to the user's operation (S306).

  As shown in FIG. 7, for example, when a user who has a card with an account number “AAAAAAAAAAAAAA” inputs a personal identification number “1212”, the account host 20 authenticates the user as valid. The When the user is authenticated by the password entered in step S306, a screen for guiding the payment amount input operation (display screen 412 in FIG. 9A) is displayed on the display unit. Then, a dummy amount is input according to the user's operation (S308).

  In step S308, the user inputs, for example, “9,999 yen” by pressing a number on the display screen. As the dummy amount, an amount other than “50,000 yen” or “100,000 yen”, which is normally used for withdrawal, is set. For example, “9,999” or “99,999” is set as the dummy amount.

  Thereafter, the transmission unit 104 of the automatic transaction apparatus 10 transmits the dummy amount or the like input in step S308 to the accounting host 20 (S310). When a dummy amount or the like is transmitted to the billing system host 20 in step S310, “in communication” is displayed on the display unit of the automatic transaction apparatus 10 as in the display screen 413 of FIG. 9B.

  Then, based on the user authentication result and the transaction refusal result notified by the account host 20, it is confirmed whether or not the personal identification number and the dummy amount match (S312). If the dummy amount associated with the account number of the card possessed by the user is “9,999” in the storage unit 206 of the account host 20, “9,999” input by the user in step S308. , 999 ”and the stored dummy amounts match. In this case, the account host 20 notifies the transaction amount re-input instruction.

  The display screen of the automatic transaction apparatus 10 displays a display screen for inducing re-input of the transaction amount, and the transaction amount (500,000 yen) is input again according to the user operation (S314). In step S314, when the transaction amount is input again, the card information, the password, and the transaction amount are transmitted to the account host 20 again (S316).

  In step S312, when the dummy amounts do not match, the transaction amount restriction is not removed, so that the transaction is performed when there is a transaction restriction as in the first operation example (S318). Since the transaction when there is a transaction restriction in step S318 is the same as the first operation example, detailed description thereof is omitted.

  Then, it is determined again whether or not the passwords transmitted in step S316 match (S320). In step S320, when it is determined by the accounting host 20, the transaction is executed and a receipt of the transaction result is printed (S322). Thereafter, cash, cards and details worth the amount of money traded (500,000 yen) are discharged (S324). When the processing up to step S324 is completed, a transaction selection screen for inputting payment transaction start is displayed on the display screen (S328).

  If it is determined in step S320 that the passwords do not match, a transaction non-permission is displayed (S326). And in order to guide the start input of payment transaction again, a transaction selection screen is displayed on a display screen (S328). Heretofore, the second operation example of the automatic transaction apparatus 10 has been described.

  Next, a second operation example of the accounting host 20 will be described with reference to FIG. FIG. 10 is a flowchart showing a second operation example of the accounting host 20. As shown in FIG. 10, first, the accounting host 20 receives card information, a password, a dummy amount, etc. from the automatic transaction apparatus 10 (S402).

  Then, it is determined whether or not the personal identification number received in step S402 matches the personal identification number corresponding to the card information stored in the storage unit 206 (S404). If it is determined in step S404 that the personal identification number received in step S202 matches the personal identification number stored in the storage unit 206, the process of step S406 is executed.

  If it is determined in step S404 that the personal identification number received in step S402 and the personal identification number stored in the storage unit 206 do not match, an automatic transaction is made to the effect that the user cannot be authenticated. The device 10 is notified (S405).

  If it is determined in step S404 that the password received in step S402 matches the password stored in the storage unit 206, it is determined whether the dummy amounts match (S406). In the determination in step S406, it is determined whether the transaction amount received in step S402 and the dummy amount corresponding to the card information stored in the storage unit 206 match.

  If it is determined in step S406 that the dummy amounts match, a transaction with no transaction amount restriction is permitted (S408). If it is determined in step S410 that the dummy amounts do not match, the transaction when the transaction amount is limited is permitted (S410). The second operation example of the accounting host 20 has been described above. According to the second operation example, when a transaction other than the transaction amount stored in the storage unit 206 of the account host 20 is performed, it is possible to remove the transaction amount restriction with a simple method while ensuring security. It becomes.

[6] Third Operation Example of Automatic Transaction System Next, a third operation example will be described with reference to FIGS. As described above, the third operation example is different from the first operation example in that the range of the transaction amount that the user can trade is preset. In the following, detailed description of operations similar to those in the first operation example is omitted. In the third operation example, as in the first operation example, in addition to the user authentication information such as a password, the transaction amount is used as transaction permission information, so that security can be achieved without complicating the operation. Can be strengthened.

  First, the contents of the storage unit 206 will be described with reference to FIG. FIG. 11 is an explanatory diagram for explaining the storage content 2260 stored in the storage unit 206. As shown in FIG. 11, in the third operation example, an account number 2261, a personal identification number 2262, and a transaction permission amount 2263 are stored in the storage unit 206 in association with each other. The transaction permitted amount 2263 is different from the first operation example in that an upper limit and a lower limit are set, and a range of the transaction permitted amount is set.

  In the third operation example, as described above, since the range of the transaction permission amount 2264 is set, if the transaction amount input by the user operation is within the set transaction permission amount range, the transaction is permitted. Will be.

  Since the third operation example of the automatic transaction apparatus 10 shown in FIG. 12 is substantially the same as the first operation example of the automatic transaction apparatus 10, detailed description thereof is omitted. In the third operation example, in step S512 of FIG. 12, it is confirmed whether or not the passwords match, and further, it is confirmed whether or not the transaction amount is within the set range. It is different from the example. Operations other than step S512 are the same as in the first operation example.

  Further, the third operation example of the account host 20 shown in FIG. 13 is substantially the same as the third operation example of the account host 20, and thus detailed description thereof is omitted. The third operation example is different from the third operation example in that it is determined in step S606 of FIG. 13 whether the transaction amount is within the set range. That is, it is determined whether or not the transaction amount received in step S602 is within the range of the transaction amount stored in the storage unit 206.

  For example, as shown in FIG. 11, when the upper limit of the transaction permission amount 2263 is 50,000 yen and the lower limit is 30,000 yen, the transaction amount input by the user is 40,000 yen. To do. In this case, since the transaction amount of 40,000 yen is within the range of the transaction permission amount (30,000 yen to 50,000 yen), the transaction with the transaction amount of 40,000 yen is permitted.

  The third operation example has been described above. According to the third operation example, the transaction cannot be performed with a transaction amount other than the range of the transaction amount stored in the storage unit 206 of the account host 20. For this reason, it becomes possible to reinforce the security without performing a complicated operation as compared with the case where the transaction is performed using only the personal identification number.

  The preferred embodiments of the present invention have been described in detail above with reference to the accompanying drawings, but the present invention is not limited to such examples. It is obvious that a person having ordinary knowledge in the technical field to which the present invention pertains can come up with various changes or modifications within the scope of the technical idea described in the claims. Of course, it is understood that these also belong to the technical scope of the present invention.

  For example, each step in the processing of the automatic transaction apparatus 10 and the billing system host 20 of this specification does not necessarily have to be processed in time series in the order described as the flowchart. That is, each step in the processing of the automatic transaction apparatus 10 and the billing system host 20 may include processing executed in parallel or individually (for example, parallel processing or processing by an object).

  In addition, hardware such as CPU, ROM, and RAM incorporated in the automatic transaction apparatus 10 and the billing system host 20 and the like are used to exhibit the same functions as the components of the automatic transaction apparatus 10 and the billing system host 20 described above. Computer programs can also be created. A storage medium storing the computer program is also provided.

  In the above embodiment, a numerical value such as a transaction amount is input as the transaction permission information in addition to the password. However, the present embodiment is not limited to such an example. For example, when the user can input not only numbers but also characters via the automatic transaction apparatus 10, a character string such as “dog” or “cat” can be set as transaction permission information. In this case, the character string set in the storage unit 206 of the account host 20 is stored in association with the transaction possible amount. For example, “dog” and “50,000 yen”, “cat” and “30,000 yen” are stored in association with each other, and when “dog” is entered, the tradeable amount is “50,000 yen. When “cat” is entered, the transaction possible amount is “30,000 yen”.

DESCRIPTION OF SYMBOLS 10 Automatic transaction apparatus 102 Reading part 104 Transmission part 106 Reception part 108 Display control part 20 Account system host 202 Reception part 204 User authentication part 206 Storage part 208 Transaction permission part 210 Transmission part

Claims (12)

A management server connected via a network with an automatic transaction apparatus that performs transactions according to user input operations,
A storage unit that stores card identification information for identifying a card possessed by the user, user authentication information for authenticating the user, and transaction permission information for permitting a predetermined transaction by the card in association with each other. When,
A receiving unit for receiving the card identification information transmitted from the automatic transaction apparatus according to the input operation of the user, the user authentication information, and the transaction permission information;
A user authentication unit that authenticates the user using the user authentication information;
A transaction permission unit for determining whether or not to allow a predetermined transaction by the card using the transaction permission information;
A management server comprising:   The user authentication unit, when the user authentication information received by the receiving unit matches the user authentication information corresponding to the card identification information of each user stored in the storage unit The management server according to claim 1, wherein it is determined that the user is valid.   The transaction permission unit, when the transaction permission information received by the reception unit matches the transaction permission information corresponding to the card identification information of each user stored in the storage unit, The management server according to claim 1, wherein the transaction is permitted.   The management server according to claim 1, wherein the user authentication information is a personal identification number, and the transaction permission information is a transaction amount. The storage unit stores a predetermined transaction amount as the transaction permission information,
The transaction permission unit permits a transaction with the transaction amount when the transaction amount received by the receiving unit matches the transaction amount stored in the storage unit. The management server according to claim 4. The storage unit stores a predetermined transaction amount for releasing the transaction amount restriction as the transaction permission information,
The transaction permission unit cancels the transaction amount restriction when the transaction amount received by the receiving unit is a transaction amount for releasing the transaction amount restriction stored in the storage unit. The management server according to claim 4, wherein the management server is characterized. A range of a predetermined transaction amount is stored as the transaction permission information in the storage unit,
The transaction permission unit permits a transaction with the transaction amount when the transaction amount received by the receiving unit is within the range of the transaction amount stored in the storage unit. The management server according to claim 4. An automatic transaction apparatus that is connected to a management server via a network and performs transactions according to user input operations,
A transmitting unit for transmitting to the management server card information of the card inserted by the user, user authentication information input by the user, and transaction permission information permitting a predetermined transaction by the card;
A receiving unit that receives, by the management server, an authentication result of the user performed using the user authentication information and an approval / disapproval result of the predetermined transaction performed using the transaction permission information;
A display control unit for displaying on the display screen the authentication result of the user received by the receiving unit and the approval / disapproval result of the predetermined transaction;
An automatic transaction apparatus comprising:   The display control unit displays an authentication information input screen for inputting the user authentication information in response to an input of the user and a transaction permission information input screen for inputting the transaction permission information on the display screen. The automatic transaction apparatus according to claim 8.   The automatic transaction apparatus according to claim 9, wherein the transaction permission information input screen displayed on the display screen is a transaction amount input screen on which a predetermined transaction amount is input. An automatic transaction system in which an automatic transaction apparatus that performs a transaction in accordance with a user input operation and a management server that permits or rejects a predetermined transaction in the automatic transaction apparatus are connected via a network,
The management server
A storage unit that stores card identification information for identifying a card possessed by the user, user authentication information for authenticating the user, and transaction permission information for permitting a predetermined transaction by the card in association with each other. When,
A receiving unit for receiving the card identification information transmitted from the automatic transaction apparatus according to the input operation of the user, the user authentication information, and the transaction permission information;
A user authentication unit that authenticates the user using the user authentication information;
A transaction permission unit for determining whether or not to allow a predetermined transaction by the card using the transaction permission information;
With
The automatic transaction apparatus is
A receiving unit that receives, by the management server, an authentication result of the user performed using the user authentication information and an approval / disapproval result of the predetermined transaction performed using the transaction permission information;
A display control unit for displaying on the display screen the authentication result of the user received by the receiving unit and the approval / disapproval result of the predetermined transaction;
An automatic transaction system comprising: An automatic transaction method that is executed in an automatic transaction apparatus that performs transactions according to a user's input operation and a management server that allows or disallows a predetermined transaction in the automatic transaction apparatus,
In the management server,
Receiving the card identification information transmitted from the automatic transaction apparatus according to the input operation of the user, the user authentication information, and the transaction permission information;
Authenticating the user using the user authentication information;
Determining whether to allow a predetermined transaction by the card using the transaction permission information;
In the automatic transaction apparatus,
Receiving, by the management server, an authentication result of the user performed using the user authentication information and an approval / disapproval result of the predetermined transaction performed using the transaction permission information;
Displaying the authentication result of the user received by the receiving unit and the approval / disapproval result of the predetermined transaction on a display screen;
An automatic transaction method comprising:

Images