JP2011145906A - Transaction processing device and transaction processing method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication method that makes compatible both security and convenience while mainly considering user convenience, and an ATM 100 that uses the authentication method. <P>SOLUTION: A transaction processing device includes a step S202 for obtaining authentication level data 50 that are a combination of authentication methods predetermined for a user from a plurality of kinds of authentication methods; a plurality of kinds of authentication mechanism units 110 for performing user personal authentication; a step S203 for performing user's personal authentication using the authentication mechanism unit 110 determined by the authentication level data 50; and a step S302 for determining whether or not transaction is possible based on the result of authentication by the step S203. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to, for example, a transaction processing apparatus that performs a predetermined transaction with a user, a transaction processing apparatus that performs a transaction via the Internet, and a transaction processing method. The present invention relates to a transaction processing apparatus and a transaction processing method.

  2. Description of the Related Art In recent years, a transaction processing apparatus such as an ATM (Automatic Teller Machine) that realizes a desired transaction by receiving a touch operation from a user has been remarkable. In addition, the provision of a net banking service capable of performing transactions equivalent to transactions performed by a transaction processing apparatus via the Internet has become common. With the spread of such transaction processing devices and services and the increase in users, many various cases have occurred. For example, there has been a case where an easy password is guessed by another person and the account is illegally used. In addition, there is a case in which information related to an account in a user's computer leaks due to infection with a computer virus, and an unauthorized access is made to a net bank account based on the leaked information. For this reason, securing and improving safety and convenience at the time of transactions are required.

  Usually, the transaction processing apparatus and the net banking service described above perform some kind of authentication when performing a transaction. As a result, it is confirmed whether or not the person who is going to conduct the transaction is the user himself / herself, thereby preventing unauthorized transactions.

  An example of a typical authentication method is a password authentication method in which a user inputs a number and determines the identity with a previously registered number.

  However, there is a problem that such an authentication method such as a personal identification number “determined by inputting a correct value” enables account transactions by impersonation. In other words, this authentication method is based on the premise that no one other than the principal knows the correct value, and when someone other than the principal obtains the correct password by some method, the account transaction is performed in the same manner as the principal.

  Conventionally, such a problem has been dealt with by a method in which an easily guessable number is not used as a password. Patent Document 1 discloses a system that guides a user to grasp the degree of danger of a used personal identification number and change it to a safe personal identification number.

  In recent years, it has been attempted to further improve safety by introducing an authentication method using a biometric pattern of a user that is difficult to replicate, or by combining a plurality of authentication methods. As an authentication method using a biometric pattern, for example, a transaction processing technique related to finger vein authentication in which authentication is performed using a finger vein pattern of a user registered in advance is disclosed (see Patent Document 2).

  A method of combining a plurality of authentication methods is also conceivable. However, while safety is improved, the time required for authentication increases in proportion to the number of authentication methods to be used, and there is a problem that convenience for the user is impaired.

  A method of setting a plurality of passwords on various cards issued by financial institutions has also been proposed (Patent Document 3). A method is disclosed in which transactions corresponding to each combination of passwords are registered while realizing improved safety, and the required time for the entire transaction is shortened by simplifying transaction operations. This system also mentions a special PIN that is disclosed when threatened by another person and that automatically reports to the police when used.

  Also, in situations where there are multiple users who want to conduct transactions and are waiting for a turn to conduct transactions, the longer the time required for authentication, the longer it takes for the congestion to be resolved. Feels dissatisfied. On the other hand, a technique has been proposed in which the authentication is changed to simple authentication when the system side determines that there is no problem in safety at the time of congestion (see Patent Document 4). This patent document 4 discloses a system that can easily change the security inspection level according to the situation.

  However, according to the above-described prior art of Patent Document 1, on the basis of user information that can be referred to by the system, in order to guide a password that can be easily guessed by another person to be changed to a safe password, There was a problem that the danger could not be judged if the password was easily guessed by others based on the user information that the system could not refer to.

  Moreover, in the technique described in Patent Document 2, since the authentication method using the biometric pattern is a relatively new authentication method, it is not yet generally used as authentication for performing an account transaction alone, In most cases, it is used in combination with other authentication methods, and there is a problem that it is not possible to greatly reduce the time required for authentication.

  Further, when a plurality of authentication methods are combined, safety is improved, but it is necessary to perform many authentications, and there is a problem that the time required for the user to complete the transaction increases. From the viewpoint of convenience, this places a burden on the user.

  In the technique described in Patent Document 3, a plurality of passwords are used for authentication. However, unlike the authentication using the biometric pattern, the personal identification number is an authentication method in which anyone can succeed in authentication if the correct number is known. For this reason, compared with the case where a plurality of authentication methods are combined, safety is low. Moreover, since the transaction corresponding to each combination of the personal identification number is registered, when performing a plurality of transactions continuously, the user may be inconvenienced.

  Also, there will be as many “correct” passwords as there are registered transactions, and the probability of fraudulent use of an account will increase, for example, when a malicious third party attempts to enter a secret code. . The special password that is disclosed when it is threatened and that is automatically notified to the police when it is used is effective only when there is an opportunity to convey the disclosed password.

  A method of setting a password that is easy to guess to this password has also been proposed, but if a malicious third party does not refer to the user's information, the correct password must be changed before the disclosed password. There is a possibility to arrive. In addition, when a malicious third party intends to gain unauthorized access to a net bank account, there is a problem that it is very difficult to deal with, especially when they are trials by an unspecified majority.

  In addition, the system described in Patent Document 4 that can be changed to simplify authentication according to the situation allows changes such as simplifying the authentication method according to the situation, and does not reduce the convenience for the user. However, the authentication method change by this system is adapted to the convenience of the system side. For this reason, even if the user feels inconvenience during normal times and desires to simplify the authentication method, the authentication method cannot be freely changed, and the convenience of the user is not considered.

  As described above, in the above-described conventional technology, the system side is mainly used for authentication. For this reason, the user is always required to perform advanced authentication in order to ensure safety, and the convenience on the user side is impaired in exchange for safety. Even if the user recognizes that the safety will be reduced, and even if he wants to use it with simple authentication etc., it will not be able to execute it and the convenience will be greatly impaired. There was a problem of being.

JP 2009-217771 A Japanese Patent No. 3770241 JP-A-2005-63389 JP 2009-80730 A

  The present invention has been made in view of the above-described problems, and is an authentication method that achieves both safety and convenience while focusing on the convenience of the user, not the convenience of the system as in the prior art, And it aims at providing the transaction processing apparatus using the said authentication method.

  The present invention provides an acquisition means for acquiring authentication method information that is a combination of authentication methods predetermined for a user from a plurality of types of authentication methods, a plurality of types of authentication means for performing user authentication, and the authentication method. Transaction processing comprising: authentication processing execution means for executing user authentication by the authentication means determined by information, and transaction availability determination means for determining whether the transaction is possible based on an authentication result by the authentication processing execution means It is a device.

  According to the present invention, it is possible to provide an authentication method that balances safety and convenience while placing the convenience on the user side as a subject, and a transaction processing apparatus using the authentication method.

The perspective view which shows the structure of a financial institution system. The block diagram which shows the structure of ATM. Explanatory drawing of the screen displayed on the operation part of ATM. The block diagram which shows the data structure of authentication level data. The flowchart of the account reading related operation | movement which ATM performs. The flowchart of the operation | movement regarding re-authentication which ATM performs. The flowchart of the operation | movement relevant to the authentication system combination determination which ATM performs. The flowchart of the operation | movement relevant to the authentication which ATM performs. The flowchart of the operation | movement regarding an authentication failure which ATM performs.

An embodiment of the present invention will be described below with reference to the drawings.
FIG. 1 is a perspective view showing a configuration of a financial institution system 1 according to the present embodiment. FIG. 2 is a block diagram showing the configuration of the ATM 100 according to the present embodiment.
The financial institution system 1 includes a transaction processing apparatus (hereinafter referred to as ATM: Automatic Teller Machine) 1 and a host computer 120 that are communicably connected by a communication network 300. The communication network 300 is a general communication network such as a WAN (Wide Area Network).

  In addition, in the following description, the case where the transaction processing apparatus is applied to the financial institution system 1 is described. However, the transaction processing apparatus is applied to a stand-alone case in which such a network is not configured or other systems other than the financial institution system. Is also possible. First, the ATM 100 will be described.

  The ATM 100 is a device that accepts user operations and performs various transactions such as cash deposits and withdrawals. As shown in FIG. 2, the ATM 100 includes a control unit 102, an operation unit 103, a card / detail slip mechanism unit 104, a passbook mechanism unit 105, a banknote deposit / withdrawal mechanism unit 106, and a coin deposit / withdrawal mechanism unit 107. A line connection unit 108, a voice guidance unit 109, an authentication mechanism unit 110 as an authentication unit, and a power source unit 111 are included.

The control unit 102 includes a processor such as a CPU (Central Processing Unit), and controls the operation of each unit of the ATM 100.
The operation unit 103 includes, for example, a touch panel having a touch input unit and a display unit, and accepts designation of various transactions such as authentication method selection and authentication processing, payment processing and withdrawal processing, balance inquiry from the user, Alternatively, an input screen for accepting the designation is displayed on the display unit.

The card / detail slip mechanism unit 104 inserts and ejects an IC card such as a cash card possessed by the user. The card / detail slip mechanism unit 104 reads / writes the magnetic stripe of the IC card or the IC chip included in the IC card, reads the image of the embossed portion of the IC card, and the like. Further, when the transaction content is printed on the statement slip by the printing unit (not shown), the card / detail slip mechanism unit 104 discharges the printed statement slip to the outside.
If the card is inserted when the account is locked, the card is collected. If the account is unlocked on the spot, the collected card is discharged.

  The passbook mechanism unit 105 accepts insertion of a passbook possessed by the user or discharges the inserted passbook. Further, the passbook mechanism unit 105 reads the magnetic stripe portion of the inserted passbook. Furthermore, the passbook mechanism unit 105 discharges the printed passbook to the outside when the result of the transaction executed according to the transaction designation received by the operation unit 103 is printed by a printing unit (not shown). Further, when the bankbook is inserted when the account is locked, the bankbook is collected, and when the account lock is released on the spot, the collected bankbook is discharged.

  The banknote deposit / withdrawal mechanism unit 106 receives banknote deposits from the user, discriminates the received banknotes, and then transports the banknotes after the discrimination to a banknote storage (not shown).

  The coin deposit / withdrawal mechanism unit 107 accepts deposit of coins from the user, discriminates the accepted coins, and then conveys the identified coins to a coin storage (not shown).

  The line connection unit 108 includes a communication device such as a NIC (Network Interface Card), and transmits / receives various information to / from the host computer 120 via the communication network 300.

  The voice guidance guidance unit 109 guides guidance for performing the next operation by a voice output device (not shown) such as a speaker when the user operates the operation unit 103. In addition, an operation to warn by voice when the account is locked is also executed.

  The authentication mechanism unit 110 reads the biometric information such as the user's fingerprint or vein, compares the biometric information thus read with the biometric information registered in advance in the IC card or the host computer 120, and the user is legitimate. It authenticates whether or not the user is a user.

  The power source unit 111 is a main power source that AC / DC converts power supplied via an external power cord (not shown) and supplies the converted power to each part of the ATM 100.

  Similar to the control unit 102 of the ATM 100, the host computer 120 includes a processor such as a CPU (Central Processing Unit) and various devices such as a storage unit, a display unit, and an input unit. The storage unit of the host computer 120 is configured by a storage device (not shown) such as an HDD (Hard Disk Drive). In addition to the user's account number and store number, a plurality of patterns of “provided authentication methods” "A combination of arbitrarily selected authentication methods", transactions that can be executed with each authentication combination, information such as the number of times authentication may fail, and account information are recorded.

  The host computer 120 transmits / receives various types of information to / from the ATM 100 via the communication network 300, and is necessary for the ATM 100 depending on the type of authentication and transaction accepted by the operation unit 103 of the ATM 100 from the user. When performing processing, refer to a storage device such as an HDD (Hard Disk Drive) and make an authentication decision or make a transaction. For example, when performing a withdrawal process, subtract the withdrawal amount from the balance amount. Perform bookkeeping.

FIG. 3 is an explanatory diagram of a screen displayed on the operation unit 103 of the ATM 100.
FIG. 3A shows a configuration diagram of the authentication type selection screen 10. The authentication type selection screen 10 includes an account number input unit 11, a plurality of authentication method selection frame buttons 12, and a cancel button 13.

  The account number input unit 11 is a part that displays the account number input when the account number is input by the operation unit 103 of the ATM 100. The account number input unit 11 does not display when the account number can be read from the card inserted into the card / detail slip mechanism unit 104.

The authentication method selection frame buttons 12 are buttons for registering authentication methods in order from 1, and nine buttons are provided in the illustrated example. When pressed, a separate authentication method selection screen (not shown) is displayed. On this selection screen, an authentication method such as a password, finger vein authentication, or palm authentication is selected, and the selected authentication method is selected as an authentication method selection frame. Register for each button 12.
The cancel button 13 is a button for canceling the process, and when selected, cancels the transaction process and shifts to the customer waiting screen.

  In this authentication type selection screen 10, it is required to select at least one authentication method. Preferably, at least one authentication method is selected at a low authentication level, and at least one authentication method is selected at a medium authentication level in addition to an authentication method at a low authentication level, and a medium authentication level at a high authentication level. In addition to the authentication method, one or more authentication methods are further selected. Thus, the authentication method with a higher authentication level is configured to have a larger number of authentication methods.

  Further, the authentication type selection screen 10 can be classified into levels by an appropriate method. For example, it is possible to display one authentication type selection screen 10 for each authentication level and determine a combination of authentication methods at each authentication level. Alternatively, a part of the authentication method selection frame button 12 (for example, the first stage) is used for all authentication levels, another part (for example, the second stage) is used for medium and high authentication levels, and the remaining part (for example, the third stage). ) Can be a high authentication level. In this case, the number of authentication methods increases as the authentication level increases, such as only the first step at a low authentication level, the first and second steps at a medium authentication level, and the first to third steps at a high authentication level. Can be increased.

  FIG. 3B shows a configuration diagram of the re-authentication screen 20. The re-authentication screen 20 includes a message display unit 21, a yes button 22, and a no button 23.

The message display unit 21 displays a message “This account is locked. Do you want to re-authenticate and release the lock?” And prompts the user to decide whether or not to perform unlocking by re-authentication. .
The Yes button 22 and the No button 23 send the input “Yes” or “No” input signal to the control unit 102.

  FIG. 3C shows a configuration diagram of the authentication level restriction notification screen 30. The authentication level restriction notification screen 30 includes a message display unit 31, a yes button 32, and a no button 33.

The message display unit 31 displays a message “You cannot perform the selected transaction at the current authentication level. Do you want to perform authentication at a higher level?” And whether to re-authenticate by increasing the authentication level. Let the user choose.
The yes button 32 and the no button 33 send the inputted “yes” or “no” input signal to the control unit 102.

  FIG. 3D shows a configuration diagram of an account lock notification screen 40 as a notification means. The account lock notification screen 40 includes a message display unit 41 and a yes button 42.

The message display unit 41 displays a message “The number of authentication failures has exceeded the set value. The account will be locked for safety” and notifies the user that the account has been locked.
The Yes button 42 sends the input “Yes” input signal to the control unit 102.

FIG. 4 is a configuration diagram showing a data configuration of authentication level data 50 as authentication method information and level-specific authentication method information.
The authentication level data 50 includes an authentication level 51, an authentication method combination 52, and a possible transaction type 53.

  The authentication level 51 stores the authentication level. In this example, the authentication level 51 is stored in three stages of “low”, “medium”, and “high”.

  The authentication method combination 52 indicates a combination of authentication methods required for the authentication level 51, and stores one or more authentication method numbers. The number of combinations of authentication methods increases as the authentication level increases. The higher authentication level includes all combinations of authentication methods required at a lower authentication level.

  The possible transaction type 53 stores a transaction type permitted when authentication is successful in all authentication methods requested at the authentication level 51. The lower the authentication level, the more limited the transaction types are.

  The authentication level data 50 is selected and set by the user when the account is opened. The authentication level data 50 is preferably stored in the host computer 120, but may be configured appropriately, such as stored in a card possessed by the user or stored in the ATM 100.

  More specifically, the user registers an authentication combination of a plurality of patterns in advance at the time of opening an account, and at the same time registers an authentication level necessary for executing various transactions. The authentication level here is based on the type and number of authentication methods to be combined, and hereinafter, the higher the type and number of authentication methods to be combined, the higher the authentication level.

  For example, transactions that do not change the account balance, such as balance confirmation, can be executed even at a low authentication level, and transactions that change the account balance, such as transfer or transfer, can no longer be performed if they are not authenticated at a high authentication level. By setting, when the user only wants to check the balance of the account, it is possible to reduce the time required for authentication by authenticating at a low authentication level.

  Specifically, as shown in the authentication type selection screen 10 in FIG. 3A, a plurality of authentication method selection frame buttons 12 are displayed and selected. In the example shown in FIG. 3A, nine authentication method selection frame buttons 12 are provided, but this number may be changed. When each authentication method selection frame button 12 is selected, a pop-up window is opened, and a request is made to select one of the authentication methods presented in the window.

  The authentication method here is, for example, a password, password, finger vein authentication, palm authentication, fingerprint authentication, handwriting authentication, voiceprint authentication, and the like. Authentication methods presented as options can be introduced other than the authentication methods listed here, and any authentication method that functions as authentication may be introduced.

  A user registers in advance which authentication method is applied to which part from among a plurality of displayed frames, and the combination itself is also used for authentication. For example, a password is selected for the authentication method selection frame 1, a password is selected for the authentication method selection frame 3, and finger vein authentication is selected for the authentication method selection frame 7. A combination of the authentication method selection frame and the authentication method type itself is also used as one authentication. To do.

  At this time, the same authentication method is selected for a plurality of authentication method selection frames, such as a security code for the authentication method selection frame 1 and the authentication method selection frame 3, and finger vein authentication for the authentication method selection frame 7 and the authentication method selection frame 8. It is also possible to do. Furthermore, when selecting the same authentication method for a plurality of authentication method selection frames, different values, for example, right finger index finger and right hand little finger for finger vein authentication, and 1357 and 2468 for PIN numbers are valid. It is also possible to register as a value.

  In addition, in order to use the combination of the authentication method selection frame and the authentication method type as a single authentication, the authentication method selection that allows the user to select the authentication method to be used after the authentication method selection frame is selected at the time of authentication. It is preferable to display a screen or execute authentication using an appropriate authentication method without selecting an authentication method, and determine whether the executed authentication method is correct. Whether or not the executed authentication method is correct can be determined as an authentication method error when, for example, a finger is placed on the finger vein reader where authentication is to be performed with the password, and authentication should be performed with the password. If the password is entered, it can be determined that the authentication method is correct.

  Next, a processing procedure performed by the ATM 100 of the financial institution system 1 described above will be described. FIG. 5 to FIG. 9 are flowcharts showing processing procedures for selecting, executing, and ending a transaction after the ATM 100 starts transaction processing and authenticating a user, and processing procedures for locking or unlocking an account. . In the following description, it is assumed that the user is in a state of trying to execute a transaction with the ATM 100.

  As shown in FIG. 5, when the transaction is started, the control unit 102 of the ATM 100 (hereinafter referred to as “ATM 100”) displays the authentication type selection screen 10 of FIG. S1). At this time, the ATM 100 determines whether or not the user has inserted a medium into the card mechanism / detail slip mechanism 104 or the passbook mechanism 105 (step S2). The card mechanism unit / detail slip mechanism unit 104 accepts insertion of a card as a medium, and the passbook mechanism unit 105 accepts insertion of a passbook as a medium. Hereinafter, these passbooks and cards are referred to as media.

  When the medium is inserted (step S2: Yes), the ATM 100 automatically reads information such as an account number from the medium (step S3). If an account number exists in the read information, the account number input in the authentication type selection screen 10 is omitted.

  When the medium is inserted in this way, it is possible to specify the account that the user wants to conduct the transaction by reading the medium information, so the ATM 100 proceeds to the lock account determination (step S101) shown in FIG. To do. The user here means the original owner of the account. Hereinafter, when simply describing as a user, it refers to the original owner of the account.

  When the medium is not inserted (step S2: No), the ATM 100 uses whether to insert the medium or enter the account number in the account number input field in the authentication type selection screen 10 in order to specify the user. The user is selected (step S4).

  When the user selects “Cancel” in the authentication type selection screen 10 displayed on the operation unit 103 (step S4: No), the ATM 100 determines that the user does not intend to make a transaction, and performs transaction processing. Exit.

  If the user does not select “Cancel” in the authentication type selection screen 10 (step S4: Yes) and performs either medium insertion or account number input, the ATM 100 acquires the account number (step S5). When the medium is inserted, the account number is read, and when the account number is input, the input account number is acquired. And ATM100 transfers to lock account determination (step S101).

  As shown in FIG. 6, the ATM 100 communicates with the host computer 120 to execute a lock account determination that determines whether the acquired account number is a locked account (step S101).

  This account lock is a function for preventing accounts other than users from conducting account transactions. Account lock is executed when authentication fails more than the number of times set in advance by the user. The process for locking the account will be described with reference to FIG. While the account is locked, the user cannot do any transactions. For this reason, in order to conduct the transaction again, the user needs to release the lock.

  When it is determined that the account is a lock account in the lock account determination (step S101: Yes), the ATM 100 displays a re-authentication screen 20 (see FIG. 3B) asking whether to release the account lock on the operation unit 103. (Step S102).

  The ATM 100 determines the user's selection as to whether or not to execute re-authentication (step S103). When “Yes” on the re-authentication screen 20 is selected (step S103: Yes), the ATM 100 functions as a re-authentication unit, executes re-authentication (step S104), and selects “No” that does not re-authenticate If it has been done (step S103: No), the transaction process is terminated.

  Here, as a situation where the re-authentication (step S104) is executed, in addition to the case where the user happens to fail in the authentication, the authentication fails when the malicious third party tries to conduct the transaction illegally, and the account is locked. It is necessary to assume the case. Therefore, re-authentication can be performed only with the combination of authentication methods used in advance, the combination of authentication methods used and the highest number of authentication methods being used.

  The ATM 100 executes re-authentication permission determination (step S105) for determining whether the authentication combination selected for re-authentication is the combination with the highest authentication level described above. This determination is executed depending on whether or not the authentication method combination having the highest authentication level in the user authentication level data 50 is selected.

  If the combination is the highest authentication level in the re-authentication determination (step S105: Yes), the ATM 100 performs a re-authentication success determination (step S106) for determining whether the re-authentication is successful. In this re-authentication, the authentication mechanism unit 110 authenticates all authentication methods registered in the authentication method combination having the highest authentication level data 50, and determines that re-authentication is successful when all the authentications are successful.

  When the re-authentication is successful (step S106: Yes), the ATM 100 functions as a financial account freeze release unit to unlock the account (step S107), and proceeds to the transaction selection (step S301) shown in FIG. . The unlocking of the account is performed by updating the locked state (unusable) data registered for the user account data stored in the host computer 120 to unlocking (usable).

  When the combination selected in the re-authentication determination (step S105) is not the combination with the highest authentication level (step S105: No), or the combination with the highest authentication level in the re-authentication success determination (step S106). If the authentication fails (step S106: No), the ATM 100 does not release the account lock, makes a medium insertion presence / absence determination (step S108), and if the medium is inserted, collects the medium in the ATM 100 (step S108). S109).

  Subsequently, the ATM 100 executes crime countermeasure processing set in advance by the system side according to the environment, such as notification of a situation to a staff member or a monitoring device, or sounding a warning sound (step S110), and then ends the transaction processing.

  When it is determined by the lock account determination that the account is not locked (step S101: No), the control unit 102 of the ATM 100 functions as an authentication method selection unit and shifts to authentication type selection (step S201). A combination of authentication methods registered in advance by the user is selected from the authentication type selection screen 10 displayed in 103.

  As shown in FIG. 7, the ATM 100 that performs authentication type selection (step S201) causes the user to select a combination according to the convenience at that time among a plurality of pre-registered authentication combinations.

  The control unit 102 of the ATM 100 functions as a combination authentication unit, and the account number, the authentication type selected in the authentication type selection (step S201), and the combination of the authentication method selection frame and the authentication method displayed on the screen are correct. Whether or not the account number / authentication type combination is determined (step S202). The control unit 102 that performs this process functions as an acquisition unit. This determination is performed for the purpose of using the account number and the authentication type combination for the account itself as one authentication. Whether or not the combination of the authentication methods is correct is determined by referring to the authentication level data 50 registered in the host computer 120 and whether or not it matches the registered authentication method combination 52.

  When the authentication process is actually performed, the higher the authentication level, the higher the security can be secured. On the other hand, the time required for the authentication increases. Before performing, it is possible to determine whether or not the user is a user in a short time.

If the authentication combination is correct (step S202: Yes), the control unit 102 functions as an authentication process execution unit, and the process proceeds to authentication success determination (step S203).
In this authentication success determination (step S203), the authentication selected in the authentication type selection (step S201) is performed, and it is determined whether or not all authentications are successful.

  If both the account number / authentication type combination determination (step S202) and the authentication success determination (step S203) are successful, the ATM 100 proceeds to transaction selection (step S301) shown in FIG.

  If either the account number / authentication type combination determination (step S202) or the authentication success determination (step S203) fails, the ATM 100 proceeds to authentication failure count addition / recording (step S401) shown in FIG. It functions as an authentication failure information registration unit that records and stores the total number of failed authentications as failure information. Similarly, the date and place of authentication failure are recorded as authentication failure information.

As shown in FIG. 8, when the authentication is successful, the ATM 100 displays a transaction selection screen on the operation unit 103, and allows the user to select a desired transaction (step S301).
Thereafter, the control unit 102 of the ATM 100 functions as a transaction allowance determination unit, and determines whether or not the transaction selected by the user can be performed at the current authentication level (step S302).

  When it is determined that the selected transaction is possible at the current authentication level, the ATM 100 functions as a transaction unit, communicates with the host computer 120, and executes the transaction (step S303).

  When the transaction ends, the user is confirmed whether or not to continue the transaction (step S304). When the ATM 100 is selected to continue the transaction (step S304: Yes), the process proceeds to the transaction selection (step S301). When the ATM 100 is selected not to continue (step S304), the transaction process ends.

  When it is determined in the authentication level determination (step S302) that the selected transaction is not possible at the current authentication level (step S302: No), the ATM 100 displays the authentication level restriction notification screen shown in FIG. 30 is displayed on the operation unit 103 (step S305).

In the authentication level restriction notification screen 30, the user's will is confirmed as to whether or not to authenticate again at the authentication level at which the selected transaction is possible, and “Yes” on the authentication level restriction notification screen 30 is selected by the user (step) (S306: Yes), the ATM 100 proceeds to authentication type selection (step S201). Thereby, re-authentication at a high authentication level is executed.
When “No” is selected on the authentication level restriction notification screen 30 (step S306: No), the ATM 100 advances the process to the above-described step S304.

  As shown in FIG. 9, the ATM 100 records and stores the total number of authentication failures, and executes addition / recording of authentication failure times (step S401). When the ATM 100 is equipped with a camera as an image pickup means and images and videos being traded are taken, the images and videos are also stored together.

  At this time, the location where the information is recorded and stored must be able to refer to and use the information at the time of the transaction, such as a host computer 120 that communicates with the ATM 100, a storage area that exists in a secure location that the host computer 120 can refer to There is. However, if this condition is satisfied, the location where information is recorded and stored can be set according to circumstances and is not particularly limited.

  By saving the date and place of the authentication failure and the image taken at the time of the transaction in this way, it helps to identify a malicious third party who tried to conduct the transaction illegally. By checking the date and time when authentication failed, the malicious third party identified by checking the location of the authentication failure and the images taken at the time of the transaction. It can be estimated whether the person is an unspecified number of people. For example, if the recorded location is limited to a specific region or time zone, there is no regularity or law in a specific person, location or time zone, and movement between recorded locations at the recorded time If it is physically impossible, it can be inferred that the number is unspecified. In any case, if the authentication level required for transactions that increase or decrease the amount of the account is above a certain level, other people cannot succeed in authentication, and the number of authentication failures exceeds the number registered in advance The account will be locked and no fraudulent transactions will take place.

  After recording the number of authentication failures in the addition / recording of authentication failure count (step S401), the ATM 100 performs the authentication failure count determination (step S402). In this authentication failure number determination, the ATM 100 determines whether or not a predetermined condition is satisfied. This predetermined condition is based on, for example, whether the current number of authentication failures exceeds a threshold set in advance by the user.

  When the number of authentication failures does not exceed the threshold (step S402: No), the ATM 100 proceeds to authentication type selection (step S201).

When the number of authentication failures exceeds the threshold value (step S402: Yes), the ATM 100 determines that a person other than the user is trying to trade illegally, and determines whether or not a medium is inserted (step S403).
When the medium has been inserted (step S403: Yes), the ATM 100 does not return the medium but collects it inside the ATM 100 (step S404).

  Subsequently, the ATM 100 executes crime countermeasure processing (step S405). Specifically, an operation set in advance by the system side is executed according to the environment, such as notification of a situation to a staff member or a monitoring device, and sounding a warning sound.

  Next, the ATM 100 communicates with the host computer 120, functions as a financial account freezing means, and performs account lock (step S406). With this account lock, the ATM 100 is set so that all transactions in the account cannot be performed unless the account lock is released. This setting is executed by registering the user account data stored in the host computer 120 as locked (unusable).

Then, the ATM 100 displays the account lock notification screen 40 shown in FIG. 3D on the operation unit 103 in order to notify that the account has been locked (step S407).
When “Yes” on the account lock notification screen 40 is selected, the ATM 100 proceeds to a re-authentication screen display (step S102).

  With the above configuration and operation, it is possible to register an authentication method combination for each authentication level registered in advance and a transaction that can be executed by performing authentication at each authentication level. Thereby, it becomes possible to perform authentication and transaction according to the convenience of the user, and it is possible to improve convenience while maintaining safety.

  That is, transactions with low risk such as balance inquiry can be authenticated and authorized with a low authentication level that is a combination of simple authentication methods (for example, only a 4-digit password). And for high-risk transactions such as cash withdrawals, it is possible to authenticate at a high authentication level using a combination of strong authentication methods (for example, biometric authentication etc.) and not allow transactions easily. . In this way, by changing the authentication level according to the transaction type, it is possible to improve convenience (simple authentication for simple transactions) and maintain safety (robust identity authentication for important transactions). Yes, user satisfaction can be improved.

  Further, by using the combination of the selected authentication methods as one of the authentications, the probability that a user other than the user succeeds in the authentication can be greatly reduced. In particular, the more authentication methods that can be selected, the more options are available, and the probability of successful authentication by anyone other than the user can be greatly reduced.

  In addition, as a step before executing all the authentication methods actually selected, the time required for authentication, in particular, the time required for authentication failure, is shortened by judging only whether the combination of authentication methods is correct or not. , User convenience can be improved.

  In addition, since each user can register each registered authentication combination and the transaction type permitted for the transaction, the user can register any setting according to his / her convenience. For example, for each transaction type, transactions such as balance inquiries where the amount of the account does not increase or decrease can be executed with a combination of authentication methods with a low number of authentication methods and types, but the amount of the account increases or decreases For transactions such as transfer, it can be set such that transactions cannot be executed unless authentication is performed with a combination of authentication methods having a high authentication level and a large number of authentication methods.

  In addition, when authentication fails, record the date and time, the number of authentication failures, and when the number of authentication failures exceeds the number of times that the pre-registered authentication may be failed, until the account is locked and the account unlocked Account locks can be made impossible to execute any transaction. Thereby, it is possible to prevent unauthorized use by repeatedly performing authentication.

  Moreover, even if the account is locked, the lock can be released with the authentication with the highest authentication level, so the user can release the account lock with his / her own intention. For this reason, it is not necessary to carry out complicated procedures with the bank staff, and the convenience of both the user and the bank staff is not impaired when the account lock is released. Further, since the authentication is performed at the highest authentication level at the time of unlocking, it is possible to reduce the risk that the account is unlocked by another person.

  Further, since the medium such as a passbook or a card can be collected when the account is locked, the medium can be prevented from being illegally used thereafter.

  Further, according to the present authentication method, the user can freely select a combination of authentication methods. In other words, in the past, complicated and more complicated authentication than the user would like to do was forced into all transactions for the convenience of the system, but this authentication method is more complicated than the user wants. In addition, it is not necessary to perform complicated authentication.

  In addition, when a camera is installed in the ATM 100, the authentication date and time and the imaging information of the camera are recorded when authentication fails, so the recorded information is referred to, the situation is grasped, and the detailed information recorded is recorded. And imaging information can be submitted to the police.

  The present invention is not limited to the above-described embodiments as they are, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiments. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.

  For example, in the authentication type selection screen 10 shown in FIG. 3A, the authentication method is selected for each authentication method selection frame button 12. However, the present invention is not limited to this. You may make it the structure selected from authentication method combination. In this case, the determination of the authentication method can be facilitated.

  The present invention can be used for an apparatus for performing transactions such as a transaction processing apparatus called ATM.

40 ... Account lock notification screen, 50 ... Authentication level data, 51 ... Authentication level, 52 ... Authentication scheme combination, 53 ... Possible transaction types, 100 ... ATM, 102 ... Control unit, 110 ... Authentication mechanism unit

Claims (8)

An acquisition means for acquiring authentication method information that is a combination of authentication methods predetermined for a user from a plurality of types of authentication methods;
Multiple types of authentication means to authenticate users,
An authentication processing execution means for executing user authentication by the authentication means determined by the authentication method information;
A transaction processing apparatus comprising: a transaction availability determination unit that determines whether a transaction is possible based on an authentication result by the authentication process execution unit. The authentication method information is
The transaction processing apparatus according to claim 1, wherein a combination of authentication methods and a transaction type that can be obtained by the combination are configured by a plurality of authentication method information by level determined for each authentication level. The transaction availability determination means is
The configuration according to claim 2, wherein a combination of authentication methods successfully authenticated by the authentication means is compared with a combination of authentication methods of the authentication method information classified by level, and a transaction is permitted when a required authentication level is satisfied. Transaction processing device. If the authentication level corresponding to the combination of authentication methods that have been successfully authenticated is lower than the authentication level required for the transaction desired by the user, re-authentication is performed using the authentication method required for the required authentication level. 4. The transaction processing apparatus according to claim 3, further comprising re-authentication means. The transaction processing apparatus according to any one of claims 1 to 4, further comprising a transaction unit that executes the transaction when the transaction possibility determination unit determines that the transaction is possible. An authentication method selection means for allowing the user to select an authentication method to be authenticated;
The transaction processing apparatus according to any one of claims 1 to 5, further comprising combination authentication means for performing authentication by determining whether or not a combination of authentication methods selected by the user is correct. Authentication failure information registration means for registering authentication failure information that has failed authentication by the authentication means;
Financial account freezing means that freezes the corresponding financial account so that it cannot be used normally when the registered failure information reaches a predetermined condition,
An informing means for informing that the freeze has occurred;
7. A financial account freeze release means for executing re-authentication with a combination of authentication methods having the highest authentication level on a frozen financial account and releasing the freeze of the financial account if the authentication is successful. The transaction processing apparatus according to any one of the above. Acquire authentication method information that is a combination of authentication methods predetermined for the user from a plurality of types of authentication methods by the acquisition means,
Authenticate users with multiple types of authentication means,
User authentication is performed using the authentication means determined by the authentication method information by the authentication processing execution means,
A transaction processing method comprising: a transaction availability determination unit that determines whether a transaction is possible based on an authentication result by the authentication process execution unit.

Images