JP2010152506A - User authentication terminal, authentication system, user authentication method, and user authentication program - Google Patents

Abstract

[PROBLEMS] To provide a user authentication terminal that improves the convenience of a user and improves security by suppressing misidentification that another person is the user.
ATM1 receives input of a member number and a password by a user, and reads biometric information of the user. The ATM 1 transmits a user authentication request including the membership number, password, and biometric information to the upper apparatus 3 and receives an authentication result from the upper apparatus 3. If the authentication result cannot be authenticated, the ATM 1 waits for a predetermined waiting time to elapse and outputs the authentication result.
[Selection] Figure 1

Description

  The present invention relates to a user authentication terminal, an authentication system, a user authentication method, and a user authentication program for authenticating whether or not an operator is the user himself / herself using biometric information of a registered user.

  Conventionally, in an institution of a financial institution or a convenience store, an automatic teller machine that can process a plurality of types of transactions such as withdrawal transactions, deposit transactions, and transfer transactions for an account opened in a financial institution ( So-called ATM) is installed. The ATM accepts an operator's cash card (hereinafter simply referred to as a card) and reads card information such as an account number recorded on the card. In ATM, a password is entered to authenticate whether or not the operator is the user himself / herself (the owner of the card). When the operator can be authenticated as the user himself / herself (when the entered password is appropriate), various transactions such as requested withdrawal transaction and deposit transaction are processed.

  In order to improve security against password leakage, card loss, forgery, etc., in addition to the above passwords, the operator himself / herself uses biometric information such as finger veins, palm prints, irises and faces. It is also done to verify whether or not.

Further, as disclosed in Patent Document 1, an ATM that can process a transaction by authenticating whether or not an operator is a user by using only biometric authentication without using a card has been proposed. In the configuration of Patent Document 1, the user does not have to carry a card.
JP 2007-323116 A

  However, even in biometric authentication, there is a stranger acceptance rate that misidentifies another person as the user. For this reason, in the method of authenticating whether the operator is the user himself or herself only by biometric authentication without using a medium such as a card, another person (operator) pretending to be the user himself / herself repeatedly repeats the biometric. It is not possible to restrict authentication. In addition, if the operator repeatedly performs biometric authentication many times, the probability of erroneous authentication of the operator as the user himself / herself increases. That is, there is a problem that security is lowered.

  An object of the present invention is to improve a user's convenience and to improve security by suppressing mis-authentication that another person is the user himself / herself, a user authentication terminal, an authentication system, and a user authentication method And providing a user authentication program.

  In order to achieve the above object, the user authentication terminal of the present invention is configured as follows.

  The identification information input means accepts input of identification information for identifying the user. This identification information is, for example, a user ID for identifying the user, a password predetermined by the user, or the like. There may be one piece of identification information, or a plurality of pieces of identification information in order to improve security. However, if the number of pieces of identification information is too large, the operability for the user is lowered. Therefore, it is desirable that the number of user IDs and passwords be about two.

  The biological information reading means reads the operator's biological information. The biological information may be finger veins, palm prints, irises, faces, and the like. The communication means transmits an authentication request for requesting the authentication of the operator including the identification information input to the identification information input means and the biometric information read by the biometric information reading means to the host device and receives the authentication result. To do.

  The host device stores identification information and biometric information in association with each user, and if both the identification information and the biometric information included in the authentication request are appropriate, the operator is identified as the user. It authenticates that it is (authentication possible). If neither the identification information nor the biometric information is appropriate, it is determined that the operator is not the user himself (authentication is impossible). The host device notifies the user authentication terminal of the operator authentication result (authentication is possible or not possible). Whether or not the identification information is appropriate is determined based on, for example, whether the user ID is valid or whether the input password matches the registered password.

  If the authentication result received by the communication unit from the higher-level device is unauthenticated that the operator is not authenticated as the user, the authentication result output unit can determine the elapsed time from the transmission of the current authentication request. After reaching a predetermined waiting time, the current authentication result is output. That is, even if the identification information or the biometric information is not appropriate, the authentication result regarding the authentication failure is not output until the elapsed time from the transmission of the authentication request reaches the standby time. Therefore, if this standby time is set to a certain length of time (communication time with the host device, authentication time based on identification information, and total time of authentication time based on biometric information), authentication is impossible. From the timing when the authentication result is output, the operator cannot determine whether the identification information or the biometric information is inappropriate. In other words, the operator impersonating the user cannot determine whether the identification information or the biometric information is inappropriate even if the authentication result indicating that the authentication is impossible is output. For this reason, it is possible to sufficiently prevent the operator impersonating the user from being erroneously authenticated as the user himself / herself. Further, since the operator is authenticated only by biometric authentication without using a medium such as a card, the convenience of the user can be improved.

  In addition, at the start of use, the consent screen may be displayed on the display means for the operator, and the use may be stopped when the operator's consent is not obtained. On this consent screen, for example, a rule such as “when biometric information may be recorded and stored when authentication is not possible” or “a face image may be captured and recorded” may be presented. Thereby, psychological threat is given to the operator impersonating a user, and fraud can be suppressed.

  Further, if the authentication result received by the communication unit from the higher-level device is that the operator cannot be authenticated, the operator may be captured by the imaging unit and the captured image may be stored.

  Further, the authentication result output means may be configured to output the current authentication result without waiting for the waiting time to be reached if the authentication result received from the host device by the communication means is acceptable for the operator. Thereby, when the operator is the user himself / herself, the waiting time of the user is not increased unnecessarily.

  The host device may be configured to authenticate the user based on the received authentication request and return the authentication result regardless of the standby time, or to return the authentication result after the standby time has elapsed. There may be.

  According to the present invention, it is possible to sufficiently prevent an operator impersonating a user from being erroneously authenticated as being the user himself / herself. Further, since the operator is authenticated only by biometric authentication without using a medium such as a card, the convenience of the user can be improved.

  Embodiments of the present invention will be described below.

  FIG. 1 is a diagram showing an outline of a transaction processing system to which an authentication system according to the present invention is applied. This transaction processing system includes a plurality of automatic teller machines 1 (hereinafter referred to as ATM 1) and a host device 3. ATM1 is installed in a store of a financial institution or a convenience store. The host device 3 is installed at the center of a financial institution. Each ATM 1 is connected to the host device 3 via a network 5 constructed by a public line, a dedicated line, or the like. The operator can operate the ATM 1 to perform transactions such as withdrawal transactions, deposit transactions, and transfer transactions with respect to an account opened in the financial institution.

  FIG. 2 is a block diagram showing the configuration of the main part of the ATM. The ATM 1 includes a main control unit 10, a display / operation unit 11, a banknote processing unit 12, a coin processing unit 13, a card / detail processing unit 14, a passbook processing unit 15, a biological information reading unit 16, A storage unit 17, a communication unit 18, a customer detection unit 19, and an imaging unit 20 are provided. The ATM 1 can perform various transactions by a transaction with a card using a cash card (hereinafter simply referred to as a card) and a transaction without a card without using a card. For cardless transactions, the use of cardless transactions must be registered in advance. In other words, a user who has not registered the use of cardless transaction cannot perform cardless transaction.

  In addition, the process concerning a card presence transaction is the same as that of well-known ATM.

  The main control unit 10 controls the operation of each part of the ATM1 main body. The display / operation unit 11 has a display provided on the front surface of the main body and a touch panel attached on the screen of the display. The display / operation unit 11 displays an operation guidance screen for the operator on the display. In addition, the display / operation unit 11 receives an input operation of the operator by detecting the pressed position of the touch panel.

  The banknote processing part 12 conveys a banknote along the banknote conveyance path formed between the banknote depositing / withdrawing port provided in the front of the main body, and the banknote cartridge accommodated inside the main body. Moreover, the banknote process part 12 has a banknote discrimination part which discriminate | determines a money type and authenticity for every banknote currently conveyed along a banknote conveyance path. A banknote discrimination part discriminates authenticity and denomination based on the magnetic pattern read from the banknote, the transmitted light pattern, or the like. The coin processing unit 13 conveys coins along a coin conveyance path formed between a coin deposit / withdrawal port provided on the front surface of the main body and a coin cartridge housed inside the main body. Moreover, the coin process part 13 has a coin discrimination part which discriminate | determines a money type and authenticity for every coin currently conveyed along a coin conveyance path.

  The card / detail processing unit 14 takes in the card inserted into the card insertion slot provided on the front of the main body, and the card information (information such as financial institution number, store number, account number, etc.) recorded in the magnetic stripe of this card ) Is read or rewritten. In addition, when the inserted card is an IC card, the data recorded on the IC chip of the card is read or rewritten as necessary. The IC chip stores biometric information (registered information) of the user who is the owner of the card. Further, the card / detail processing unit 14 has a printing unit (not shown) for printing the transaction contents on the specification. The card / detail processing unit 14 discharges the specification on which the transaction details are printed to the specification release port provided on the front face of the main body.

  The bankbook processing unit 15 includes a printing unit (not shown) that takes in a bankbook inserted into a bankbook insertion port provided on the front of the main body and prints a transaction history for the bankbook. In addition, the passbook processing unit 15 is recorded on a page turning mechanism for turning over the page of the imported passbook, a bar code reader for reading a bar code indicating a page number printed on the passbook, and a magnetic stripe attached to the passbook. It also has a magnetic head or the like that reads the bankbook information (financial institution number, store number, account number, etc.).

  The biometric information reading unit 16 includes a biometric information reading sensor provided on the front surface of the main body. This biological information reading sensor reads the finger vein pattern of the operator. Here, the biological information reading sensor is a sensor that reads a finger vein, but may be a sensor that reads other types of biological information such as palm prints, irises, and retinas. The biometric information reading unit 16 collates the biometric information (read information) of the operator read by the biometric information reading sensor with the biometric information (registered information) recorded on the IC chip of the card, and based on the similarity. It also has a biometric authentication function for authenticating whether the operator is the card owner (user himself / herself).

  The storage unit 17 has a storage medium such as a hard disk, and stores various information in this storage medium. This storage medium includes a store number indicating a store where the own ATM 1 is installed, a device number for identifying the own ATM 1, a network address of the own ATM 1, a network address of the host device 3 and other devices connected via the network 5. Memorize etc. The storage medium also stores a standby time for limiting the timing of outputting the user authentication result, a contract document relating to a cardless transaction, a transaction log relating to a processed transaction, and the like. This standby time can be arbitrarily set by the system administrator.

  The communication unit 18 controls communication with the host device 3 via the network 5. The customer detection unit 19 includes a proximity sensor whose detection area is the front of the main body, and detects the presence or absence of an operator located on the front of the apparatus main body by the proximity sensor. The imaging unit 20 has a camera attached in a direction to image the face of the operator who is operating the ATM 1 main body from substantially the front. The ATM 1 captures the captured image of the camera of the imaging unit 20 as necessary, and stores this captured image in the storage medium of the storage unit 17.

  FIG. 3 is a block diagram illustrating a configuration of a main part of the host device. The host device 3 includes a main control unit 30, a management information storage unit 31, and a communication unit 32. The main control unit 30 controls the operation of each unit of the host device 3 main body. The management information storage unit 31 stores various management information described later. The communication unit 32 controls communication with the ATM 1 via the network 5.

  The management information storage unit 31 stores operation data used during operation, user data for managing users, and the like. The operation data includes a member serial number, log serial number, biometric authentication blockage limit number, personal authentication threshold, personal approximation threshold, and the like (see FIG. 4). The member serial number is data indicating the number of users who can make a transaction without a card. This member serial number is incremented by 1 every time a user of cardless transaction is registered. The log sequence number is data indicating the number of output results of user authentication in a cardless transaction (in other words, the number of user authentication requests in a cardless transaction). The log sequence number is incremented by 1 every time the authentication result is output. The biometric authentication blockage limit number is data that limits the blockage of the corresponding account based on the authentication result of biometric authentication in the cardless transaction. The administrator of the system can arbitrarily set the biometric authentication blockage limit number. The personal authentication threshold is data indicating a threshold level of similarity for determining that the operator is the user himself / herself by biometric authentication. The user approximate threshold is a threshold level of similarity that determines that the operator is not the user himself / herself through biometric authentication. The identity authentication threshold is higher than the identity approximate threshold. If the similarity in biometric authentication exceeds the user authentication threshold, the operator is authenticated as the user, and if the similarity is not exceeded, the operator is authenticated as not being the user. However, if the similarity in biometric authentication does not exceed the user authentication threshold and exceeds the user approximate threshold, it is processed as a gray zone in which it is not possible to authenticate whether the operator is the user himself or herself.

  Further, as shown in FIG. 5, the user data includes, for each user, the member's member serial number, member number, password, biometric information (template), availability, biometric authentication failure count, and account information (store Code, subject, account number, name, etc.). The member serial number is a number assigned to this user when registering as a user of a cardless transaction. The membership number is a user identification ID that identifies a user. The membership number may be configured to be automatically assigned to the user by the system, or may be configured to assign a mobile phone number or the like to the user. The password is a number with a predetermined number of digits designated by the user at the time of registration or the like. The password may be alphanumeric. The biometric information (template) is biometric information registration data used for user authentication. The availability is data indicating availability of service for cardless transactions, and is set to one of three types of “usable”, “blocked”, and “warning”. “Available” indicates that the cardless transaction service is available. “Closed” indicates that the account is closed, that is, the cardless transaction service is not available. “Warning” is a case where the possibility of unauthorized use by a third party is found, and this state is set by the system administrator. In the case of “warning”, the cardless transaction service cannot be used. The number of biometric authentication failures is a count value of the number of biometric authentication failures, and is incremented by 1 when the similarity in biometric authentication does not exceed the user approximate threshold. The number of biometric authentication failures is reset when the degree of similarity in biometric authentication exceeds a personal authentication threshold. The host device 3 holds the number of biometric authentication failures when the similarity in biometric authentication does not exceed the user authentication threshold and exceeds the user approximate threshold. The account information is information indicating a store code indicating a store of a financial institution where an account corresponding to the member number is opened, a subject of the account, an account number of the account, a name of the account, and the like.

  The management information storage unit 31 also stores account management data including a transaction history for the account, a current account balance, and the like for each opened account.

  Next, the operation of this transaction processing system will be described. In this transaction processing system, as described above, the user can perform transactions with cards and transactions without cards. For an account whose account information is not registered in the user data shown in FIG. FIG. 6 is a flowchart showing the operation of ATM. The ATM 1 displays the transaction selection screen shown in FIG. 7 on the display / operation unit 11 (s1), and waits for the operator to select a transaction type (s2). When ATM1 accepts the selection of the transaction type by the operator, if the selected transaction is a transaction other than cardless (transaction with card), the transaction of the type selected this time (transaction with card) is processed (s3, s5). In s5, the card / detail processing unit 14 accepts a card as necessary. Since the card presence transaction in s5 is the same as a known ATM, the description is omitted here. If ATM1 processes the transaction selected this time, it will return to s1.

  Further, when the cardless transaction is selected in s3, ATM1 executes a cardless transaction process described later (s4), and returns to s1.

  8 and 9 are flowcharts showing the cardless transaction process. ATM1 displays an agreement screen (see FIG. 10) for requesting the operator's consent on the display / operation unit 11 (s11) in response to the rules regarding the use of cardless transactions. It waits for a selection input whether or not to agree (s12). In this ATM1, for security reasons, an agreement screen for the terms relating to the use of cardless transaction is displayed in s11. Specifically, since anyone can operate in a cardless transaction, it is desirable to accumulate a large amount of ATM operation history information in preparation for an unauthorized transaction. However, it is not appropriate to collect personal information such as biological information without permission from the user. Therefore, on the consent screen, a rule such as “when biometric information may be recorded and stored when authentication is not possible” or “a face image may be captured and recorded and stored” is displayed first. Thereby, it is possible to give psychological intimidation to an operator (operator pretending to be a user) who intends to execute a transaction illegally with another person's account, and to suppress an illegal act. When the ATM 1 selects that the operator does not agree, the process ends.

  When the ATM 1 selects that the operator agrees to the cardless transaction agreement, the ATM 1 displays a transaction type selection screen (see FIG. 11) on the display / operation unit 11 (s13), Wait for selection (s14). When the ATM 1 accepts the selection of the transaction type in the current cardless transaction, the ATM 1 displays the member number input screen (see FIG. 12) on the display / operation unit 11 (s15) and accepts the input of the member number (s16). When accepting the input of the membership number, the ATM 1 displays a password input screen (see FIG. 13) on the display / operation unit 11 (s17) and accepts the input of the password (s18). Upon receiving the password input, the ATM 1 displays a biometric information presentation request screen (see FIG. 14) on the display / operation unit 11 (s19), and the operator places a finger on the biometric information reading sensor of the biometric information reading unit 16. Wait for loading (s20). When the operator places a finger on the biometric information reading sensor of the biometric information reading unit 16, the ATM 1 starts reading biometric information and displays a biometric information reading screen (see FIG. 15) on the display / operation unit 11. (S21, s22). When the reading of the biometric information is completed, the ATM 1 displays a biometric information read completion screen (see FIG. 16) on the display / operation unit 11 (s23, s24). When the reading of the biometric information is completed, the ATM 1 executes an authentication process (s24, 25). This authentication process is a process for authenticating whether or not the operator is the user.

  Here, the transaction type, the membership number, the password, and the biometric information are input in this order, but this order may be any order.

  FIG. 17 is a flowchart showing the authentication processing according to s25. The ATM 1 displays a screen during authentication (see FIG. 18) on the display / operation unit 11 (s41). Also, the ATM 1 generates an authentication request message (s42), and transmits it to the higher-level device 3 (s43). Moreover, ATM1 starts the timer which measures the elapsed time from transmission of this authentication request | requirement message | telegram (s44).

  The authentication request message generated in s42 includes a store number indicating the store where the own ATM 1 is installed, a device number for identifying the own ATM 1, a transaction type input this time, a membership number, a password, biometric information, and the like. Yes. When the ATM 1 receives the authentication result from the higher-level device 3 (s45), the process ends.

  Here, an operator authentication process in the host device 3 will be described. 19 and 20 are flowcharts showing the operator authentication process in the host device. When the host device 3 receives the operator authentication request for the cardless transaction from the ATM 1 (s51), the host device 3 determines whether or not the member number included in the authentication request is appropriate (s52). In s52, it is determined whether or not the membership number is appropriate depending on whether or not the membership number is registered in the user data.

  If the host device 3 determines that the membership number is appropriate in s52, it determines whether the password included in the authentication request received this time is appropriate (s53). In s53, the password associated with the membership number determined to be appropriate in s52 (the password registered in the user data) matches the password included in the authentication request received this time. If it does not match, it is determined to be inappropriate.

  When determining that the password is appropriate in s53, the host device 3 determines whether the use of the cardless transaction for the user is “usable”, “blocked”, or “warning” (s54, s55). If the host device 3 determines that the use of the cardless transaction for the user is “usable”, the host device 3 stores the biometric information of the operator included in the authentication request received this time as user data. The corresponding biometric information (template) of the corresponding user is collated, and the similarity is calculated (s56). The host device 3 determines whether or not the biometric information similarity calculated in s56 exceeds a personal authentication threshold registered in the operation data (s57). If the host device 3 determines that the personal authentication threshold is exceeded in s57, the host device 3 resets the number of biometric authentication failures stored for the user (s58), and generates a response message regarding authentication possible (s59).

  If the host device 3 determines in s57 that the biometric information similarity does not exceed the personal authentication threshold, the biometric information similarity calculated in s56 exceeds the personal approximation threshold registered in the operation data. It is determined whether or not (s60). If the host device 3 determines in s60 that the user approximate threshold has been exceeded, the host device 3 generates a response message regarding authentication failure (s61). At this time, the host device 3 does not reset or increment the number of biometric authentication failures stored for the user.

  If the host device 3 determines in s60 that the biometric information similarity does not exceed the user approximate threshold, the host device 3 increments the biometric authentication failure count stored for the user by 1 (s62). The host device 3 determines whether or not the biometric authentication failure count stored for the user (the count incremented by 1 in s62) is equal to or greater than the block count registered in the operation data (s63). If the host device 3 determines in s63 that the number of biometric authentication failures is not equal to or greater than the number of occlusions, the host device 3 generates a response message indicating that authentication is impossible in s61. On the other hand, if the host device 3 determines in s63 that the number of biometric authentication failures is equal to or greater than the blockage count, the host device 3 updates the availability of the cardless transaction for the user from “available” to “blocked” (s64). The host device 3 generates a response message notifying that the use of the cardless transaction is “blocked” (s65).

  If the host device 3 determines that the member number is not appropriate in s52, or if it is determined that the password is not appropriate in s53, the host device 3 generates a response message indicating that authentication is impossible in s61. Also, if the host device 3 determines in s55 that the availability of the cardless transaction for the user is “warning” (determines that it is not “blocked” in s55), the ATM 1 that sent the authentication request this time is installed. A warning notice for an unauthorized user is sent to a monitoring device (not shown) installed in the store where the store is located (s66), and a response message for authentication failure is generated in s61. Further, when the host device 3 determines in s55 that the availability of the cardless transaction for the user is “blocked”, in s65, a response message is sent to notify that the use of the cardless transaction is “blocked”. Generate.

  The host device 3 transmits the authentication request this time and transmits the response message generated in s59, s61, or s65 to the ATM 1 as an authentication result (s67).

  Further, each time the above-described authentication process is performed, the host device 3 stores a log of the authentication process in the management information storage unit 31. For example, “log serial number”, “authentication message reception date / time”, “store number”, “device number”, “transaction serial number”, “input member number”, “input password”, “usability status”, “biometric authentication result” ”,“ Member serial number ”,“ input biometric information ”and the like are stored as log data. The “log serial number” is a serial number given to the current user authentication process, and is incremented by 1 every time the user authentication process is performed. “Authentication message reception date and time” is the date and time when the authentication processing request from ATM 1 is received. “Store number”, “device number”, “transaction serial number”, “input member number”, “input password”, and “input biometric information” are information included in the user authentication request received from ATM1. The “usability status” is “usable”, “blocked”, or “warning” based on the determination results of s54, s55, and s63 described above. The “biometric authentication result” is a determination result in the biometric authentication, and can be authenticated, cannot be authenticated (approximate), or cannot be authenticated. The “member serial number” is the member serial number of the user who is the target of the current authentication process.

  If the ATM 1 determines in s45 that the authentication result has been received from the higher-level device 3, the authentication process related to s25 is completed. The ATM 1 determines whether or not the authentication result notified from the host device 3 this time is authentic (s26). If the ATM 1 determines that authentication is possible in s26, the authentication result notification screen (see FIG. 21) is displayed on the display / operation unit 11 (s27). As shown in FIG. 21, when the authentication result indicates that the authentication is possible, a message indicating that the authentication has been successful is displayed, and the account information of the authenticated user is displayed. When there is a confirmation input by the operator (s28), ATM1 accepts input of transaction details including a withdrawal amount and a deposit amount (s29), and processes a withdrawal transaction and a deposit transaction based on the transaction details. (S30). Here, when the authentication result of the operator can be authenticated, the account information of the user is displayed on the authentication result notification screen. However, this account information may not be displayed in particular, and s14 Display or non-display may be switched according to the transaction type for which the selection is accepted. For example, it may be hidden in the withdrawal transaction and displayed in the deposit transaction.

  In addition, when accepting the input of transaction contents in s29, the ATM 1 may be configured to input a personal identification number as in the case of a known card-based transaction, but since the operator's personal authentication has already been completed, It is preferable to eliminate the input of the password and improve the operability for the operator. In addition, when the authentication result is authentic, the host device 3 includes the account balance and the like in the response message, and notifies the ATM 1 so that the ATM 1 can determine whether the transaction processed in s30 is possible. Also good.

  If the ATM 1 determines that authentication is not possible in s26, the face image of the operator captured by the imaging unit 20 is captured (s31), and this face image is associated with the biological information of the operator read this time. And stored in the storage unit 17 (s32). The ATM 1 waits for the timer started in s44 to reach the set standby time (s33). This waiting time is the sum of the communication time between the ATM 1 and the host device 3 in the authentication process of the operator, the authentication time based on the membership number and password (identification information referred to in the present invention) in the host device 3, and the authentication time based on the biometric information. Is set to a slightly longer time (for example, about 3 to 5 s). If the ATM 1 determines that the waiting time has been reached in s33, the response message as the authentication result from the higher-level device 3 is a response message for which authentication is impossible, or the availability of the cardless transaction is “blocked” It is determined whether or not the response message is a notification (S34). If the ATM 1 determines in s33 that the response message indicates that authentication is impossible, the authentication result notification screen (see FIG. 22) for notifying that authentication is impossible is displayed on the display / operation unit 11 (s35).

  As shown in FIG. 22, when the authentication result is unauthenticated, a message indicating that the authentication is not possible is displayed. However, the cause of the authentication failure (whether the membership number did not exist or the password was incorrect) Or whether finger vein authentication failed). Further, the timing for outputting the authentication result is limited by the standby time as described above. Therefore, the user of ATM 1 cannot determine the cause of the authentication failure from the authentication result notification screen or the output timing of the authentication result. That is, it is possible to prevent the operator who is impersonating the user and trying to trade illegally with another person's account from being notified of the cause of the authentication failure.

  The ATM 1 waits for an input by the operator to retry or cancel (s36, s37). When the input relating to the retry is made, ATM1 returns to s15 and repeats the above-described processing. On the other hand, when an input for canceling is made, this processing is terminated.

  In addition, an upper limit (for example, 5 times) is set for the number of retries, and when the upper limit is reached, authentication is not possible and an authentication result notification screen (see FIG. 23) for notifying transaction cancellation is displayed. -You may make it display on the operation part 11 for a fixed time, and you may make it complete | finish this process.

  If ATM1 determines in s33 that it is a response message notifying that the availability status of the cardless transaction is “blocked”, the authentication result notifying that the availability status of the cardless transaction is “blocked” A notification screen (see FIG. 24) is displayed on the display / operation unit 11 for a certain period of time (s38), and this process is terminated.

  Note that, when the operator makes an input for canceling the transaction in the middle of the above processing, the ATM 1 ends this processing at that time.

  Thus, in this transaction processing system, the user can perform deposit transactions and withdrawal transactions without using a card, so that convenience for the user can be improved. In addition, it is possible to prevent an operator who impersonates a user and tries to trade illegally with another person's account from being notified of the cause of the authentication failure. Therefore, the user's membership number and password can be prevented from leaking to others, and security can be improved.

  Further, when there is a possibility that the operator is impersonating the user, the ATM 1 stores the captured image obtained by capturing the face image of the operator and the biological information in association with each other, so that the security can be further improved. .

  Further, when the authentication result of the operator can be authenticated, the ATM 1 outputs the authentication result as soon as it is received from the host device 3 regardless of the standby time, so that the user does not have to wait in vain.

  In the above description, the ATM 1 uses the standby time to limit the timing for outputting the authentication result. However, the host device 3 waits for the standby time to elapse and notifies the ATM 1 of the authentication result. You may comprise as follows. In this case, the ATM 1 may output the authentication result immediately after receiving the authentication result.

  Moreover, it is good also as a structure which a user himself / herself can set transaction without a card | curd temporarily to prohibit use. In this case, the same processing as when the usage status is a warning may be performed for an account for which usage prohibition is set.

  Note that the present invention is not limited to the transaction processing system described above, and can be applied to other systems, for example, an entrance / exit management system, as long as the system authenticates whether the operator is the user.

It is a figure which shows the outline | summary of a transaction processing system. It is a figure which shows the structure of the principal part of ATM. It is a figure which shows the structure of the principal part of a high-order apparatus. It is a figure which shows operation data. It is a figure which shows user data. It is a flowchart which shows operation | movement of ATM. It is a figure which shows the example of a display screen in a display / operation part. It is a flowchart which shows a cardless transaction. It is a flowchart which shows a cardless transaction. It is a figure which shows the example of a display screen in a display / operation part. It is a figure which shows the example of a display screen in a display / operation part. It is a figure which shows the example of a display screen in a display / operation part. It is a figure which shows the example of a display screen in a display / operation part. It is a figure which shows the example of a display screen in a display / operation part. It is a figure which shows the example of a display screen in a display / operation part. It is a figure which shows the example of a display screen in a display / operation part. It is a flowchart which shows an authentication process. It is a figure which shows the example of a display screen in a display / operation part. It is a flowchart which shows operation | movement of a high-order apparatus. It is a flowchart which shows operation | movement of a high-order apparatus. It is a figure which shows the example of a display screen in a display / operation part. It is a figure which shows the example of a display screen in a display / operation part. It is a figure which shows the example of a display screen in a display / operation part. It is a figure which shows the example of a display screen in a display / operation part.

Explanation of symbols

1-Automatic teller machine (ATM)
3-Host device 5-Network 10-Main control unit 11-Display / operation unit 16-Biological information reading unit 17-Storage unit 18-Communication unit 20-Imaging unit 30-Main control unit 31-Management information storage unit 32-Communication Part

Claims (8)

Identification information input means for receiving input of identification information for identifying a user;
Biological information reading means for reading the biological information of the operator;
Communication for transmitting an authentication request for requesting personal authentication of an operator including the identification information input to the identification information input means and the biometric information read by the biometric information reading means to the host device and receiving the authentication result Means,
If the authentication result received from the higher-level device by the communication means is not authenticating that the operator is not authenticated as the user, the elapsed time from the transmission of the current authentication request is set to a predetermined standby time. A user authentication terminal comprising: an authentication result output means for outputting the current authentication result after reaching the authentication result. Display means for displaying an agreement screen to the operator at the start of use;
The user authentication terminal according to claim 1, further comprising: a usage canceling unit that cancels the usage when the operator's consent is not obtained.   3. The user authentication terminal according to claim 1, further comprising an imaging unit configured to image an operator if the authentication result received by the communication unit from the higher-level device cannot be authenticated.   The authentication result output means, if the authentication result received by the communication means from the higher-level device is authentic that the operator is authenticated as the user, without waiting for the waiting time to be reached, The user authentication terminal according to any one of claims 1 to 3, which is a means for outputting a current authentication result. In an authentication system in which multiple user authentication terminals are connected to a host device via a network,
The user authentication terminal is
Identification information input means for receiving input of identification information for identifying a user;
Biological information reading means for reading the biological information of the operator;
Communication for transmitting an authentication request for requesting personal authentication of an operator including the identification information input to the identification information input means and the biometric information read by the biometric information reading means to the host device and receiving the authentication result Means,
If the authentication result received from the higher-level device by the communication means is not authenticating that the operator is not authenticated as the user, the elapsed time from the transmission of the current authentication request is set to a predetermined standby time. An authentication result output means for outputting the current authentication result after reaching
The host device is
User information storage means for storing the identification information of the user and the biometric information of the user in association with each other;
When the operator authentication request is received from the user authentication terminal, whether the identification information included in the authentication request is appropriate, the biometric information included in the authentication request, and the use The operator information storage unit compares biometric information stored for the user who has received the authentication request this time, and the operator is the user himself / herself depending on whether or not the similarity exceeds a predetermined authentication level. User authentication means for authenticating whether or not,
An authentication result notification means for notifying the user authentication terminal of an authentication result in the user authentication means,
Authentication system. The host device is
If the authentication result notification means is unable to authenticate the authentication result in the user authentication means, the elapsed time after receiving the operator authentication request from the user authentication terminal will reach the waiting time. 6. The authentication system according to claim 5, wherein the authentication system is a means for waiting and notifying the user authentication terminal of an authentication result in the user authentication means. A first step of accepting input of identification information for identifying a user by identification information input means;
A second step of reading the biological information of the operator by the biological information reading means;
The communication means transmits an authentication request for requesting the authentication of the operator, including the identification information input to the identification information input means and the biometric information read by the biometric information reading means, to the host device, and the authentication result A third step of receiving
If the authentication result output means is unable to authenticate the authentication result received by the communication means from the higher-level device and does not authenticate the operator as the user, the elapsed time from the transmission of the current authentication request A user authentication method comprising: a fourth step of outputting a current authentication result after reaching a predetermined standby time. A user authentication terminal that authenticates whether the operator is the user
Identification information input means for accepting input of identification information for identifying a user;
Biological information reading means for reading the biological information of the operator,
Communication for transmitting an authentication request for requesting personal authentication of an operator including the identification information input to the identification information input means and the biometric information read by the biometric information reading means to the host device and receiving the authentication result Means and
If the authentication result received from the higher-level device by the communication means is not authenticating that the operator is not authenticated as the user, the elapsed time from the transmission of the current authentication request is set to a predetermined standby time. A user authentication program that functions as an authentication result output means for outputting the current authentication result after reaching the authentication result.

Images