JP5195552B2 - Network system having relay server, relay server and program thereof - Google Patents

Description

  The present invention relates to a network system such as an IC card settlement system, and more particularly to a network system having a relay server.

FIG. 6 shows a system configuration example of a network system having a conventional relay server.
The present technique relates to a network system that includes a relay server and in which the relay server relays communication between the center apparatus and each terminal. Here, an IC card settlement system including the relay server is illustrated as an example. It is not limited to.

  An IC card payment system including a relay server as an example of a network system including a relay server illustrated in FIG. 6 includes a plurality of payment terminals 100, a relay server 110, and a payment center 120. The plurality of payment terminals 100 and the relay server 110 are installed, for example, in an arbitrary store (a retail store such as a convenience store, a department store, a discount shop, a shopping mall, or the like). LAN / VPN1 is laid in the store.

  Communication between each settlement terminal 100 and the relay server 110 is performed via LAN / VPN1 which is a relatively high-speed network. Communication between the relay server 110 and the settlement center 120 is performed via the WAN 2 that is a relatively low-speed network. However, this is an example, and the present invention is not limited to this example.

  The settlement terminal 100 is, for example, an IC card settlement terminal installed at each cash register of a store, and there are many if the store size is large. The payment terminal 100 communicates with an IC card of an arbitrary customer and performs a payment process using, for example, electronic money. The settlement terminal 100 holds predetermined security information (for example, a key for encrypting / decrypting data transmitted / received to / from the IC card, an authentication key, etc.) necessary for communication with the IC card.

  The relay server 110 is a server device (firewall or the like) having a role of relaying communication between the payment terminal 100 and the payment center 120. Specifically, when the relay server 110 receives a request message transmitted from each completed terminal 100 to the settlement center 120, the relay server 110 transfers the request message to the settlement center 120, and receives the request message from the settlement center 120. When the response message to be returned is received, the response message is transferred to the requesting payment terminal 100. The communication process with the payment terminal 100 is performed by the communication terminal communication function unit 112 shown in the figure, and the communication process with the payment center 120 is performed by the communication function unit 111 with the payment center shown in the figure.

  Although a plurality of payment center communication function units 111 are shown in the figure, this indicates that communication is possible by simultaneously establishing a plurality of TCP connections to the payment center 120. That is, the plurality of payment center communication function units 111 may be considered as threads or the like that each handle one TCP connection to the payment center 120. The settlement center 120 passes a response message to an arbitrary request message to the settlement center communication function unit 111 that is a transmission source of the request message through the TCP connection.

  In other words, the relay server 110 includes a process including, for example, the plurality of payment center communication function units 111, and each individual payment center communication function unit 111 is regarded as a thread operation in this process. It can be tricked.

  In addition, although a plurality of payment terminal communication function units 112 are also shown in the figure, this is also the same reason as the above-mentioned payment center communication function unit 111. In this case, the plurality of payment terminal communication function units 112 may be considered as threads that handle a TCP connection for any one payment terminal 100.

  For example, one relay server 110 is installed for each store, and all the payment terminals 100 in the store for each store communicate with external devices (such as the payment center 120) via the relay server 110. Yes.

Examples of communication performed by the payment terminal 100 with the payment center 120 via the relay server 110 include the following.
The settlement terminal 100 performs processing such as electronic money settlement by communicating with an arbitrary IC card such as a non-contact IC card. In addition, a credit inquiry is made to the settlement center 120 via the relay server 110 as necessary during the settlement process.
As described above, the payment terminal 100 holds an encryption key or the like (the security information) necessary for accessing a contactless IC card or the like. The security information is centrally managed by the payment center 120 and is distributed from the payment center 120 to each payment terminal 100 (via the relay server 110) as necessary.

  At the time of data distribution / reception, the security information is encrypted / decrypted by the transfer data encryption keys 124 and 103 held in advance in common between the settlement center 120 and the settlement terminal 100. Note that “commonly held” means that both hold the same key (in the case of a common key encryption method (also referred to as a secret key encryption method)) and one / other of the paired keys. (In the case of public key cryptosystem). In the case of the public key cryptosystem, an arbitrary public key-private key pair is generated in advance. For example, the transfer data encryption key 124 is a secret key and the transfer data encryption key 103 is a public key. However, not all payment terminals 100 hold the same public key. In some cases, two or more types of public key-private key pairs are generated in advance, and each payment terminal 100 holds any one type of public key. The same applies to the common key cryptosystem.

  Here, some settlement terminals 100 have a function of deleting security information stored therein when the power is turned off or the key expires. Such a payment terminal 100 needs to acquire security information from the payment center 120 at the time of activation or when the key expires.

  For example, when the payment terminal 100 recognizes the expiration of the key at the time of activation, the security information acquisition function unit 102 sends the security addressed to the payment center 120 to the relay server 110 via the relay server communication function unit 101. Send an information request message. The relay server 110 transfers this request message to the settlement center 120 as described above.

  When the security information distribution function unit 121 receives the request message via the anti-relay server communication function unit 122, the security information distribution function unit 121 encrypts the security information 123 held and managed by the transfer data encryption key 124. A response message including the security information is returned to the relay server 110. The relay server 110 transfers this response message to the requesting payment terminal 100 as described above. The settlement center 120 further holds settlement terminal management data 125, but this is not particularly described here and will not be described.

The settlement terminal 100 holds the transfer data encryption key 103 that is the same (or paired) as the transfer data encryption key 124 in advance as described above, and uses this transfer data encryption key 103 to encrypt the security information in the response message. To obtain security information. As already described, in the case of the common key encryption method, the transfer data encryption key 103 and the transfer data encryption key 124 are the same key. On the other hand, in the case of the public key cryptosystem, one of the arbitrary public key and private key pair is held by the payment terminal 100 and the other is held by the payment center 120 (for example, transfer data The encryption key 124 is a secret key and the transfer data encryption key 103 is a public key, or vice versa.

In the following description, the transfer data encryption key will be described by taking as an example a case where the settlement terminal 100 and the settlement center 120 hold the same key (in the case of a common key cryptosystem).
Here, in the example shown in the figure, there are a plurality of types of transfer data encryption keys 103 (here, two types of transfer data encryption keys No. 1 and No. 2), and each settlement terminal 100 has one type of transfer data. The encryption key 103 is held. Thus, in the illustrated example, the group of payment terminals 100 (the payment terminal group 1 shown) that holds the transfer data encryption key No. 1 and the group of payment terminals 100 that holds the transfer data encryption key No. 2 (shown). And payment terminal group 2). In this example, the settlement center 120 holds both the transfer data encryption keys No. 1 and No. 2.

  Thus, for example, even if the payment terminal 100 belonging to the payment terminal group 1 receives the security information 123 encrypted by the transfer data encryption key No. 2, it cannot decrypt it. For this reason, for example, the payment terminal 100 transmits information indicating the type of the transfer data encryption key 103 held by itself in the request message.

  Accordingly, the payment center 120 returns the security information 123 encrypted with the transfer data encryption key No. 1 in response to the request from the payment terminals 100 belonging to the payment terminal group 1. Similarly, in response to a request from the payment terminal 100 belonging to the payment terminal group 2, the security information 123 encrypted with the transfer data encryption key No. 2 is returned.

  On the settlement center 120 side, for example, as the settlement terminal management data 125, the type of the transfer data encryption key 103 held by the terminal may be registered in advance for each settlement terminal 100. This is registered in association with the terminal identification number of the payment terminal 100. In this case, the settlement terminal 100 transmits its own terminal identification number in the request message.

  Alternatively, there may be a plurality of types of security information 123. For example, assuming that there are various types of payment terminals 100, different security information 123 may be used for each model. In such a case, the payment center 120 holds a plurality of types of security information 123 (security information 123 corresponding to each model), and requests security information 123 corresponding to the model of the requesting payment terminal 100. Delivered to the original payment terminal 100. In this case, the payment terminal 100 transmits a model code indicating its model included in the request message. Of course, the security information 123 is encrypted and distributed.

  Of course, the present invention is not limited to this example. For example, various types of electronic money currently exist, and each uses different security information. Thus, there may be a plurality of types of security information 123 depending on each electronic money type.

Therefore, for example, even if the payment terminal 100 that holds the transfer data encryption key No. 1 receives the security information 123 encrypted by the transfer data encryption key No. 1, the security information 123 corresponds to its own model. If the security information is not the security information to be encrypted, the encrypted security information 123 can be decrypted, but the security information acquisition has substantially failed. In this way, it is necessary to distribute “encrypted security information” corresponding to the terminal itself using both the encryption key and the security information.

  Of course, it is not restricted to the example for every said model. For example, various types of electronic money currently exist, and each uses different security information. Thus, there may be a plurality of types of security information 123 depending on each electronic money type.

  Further, there is a conventional technique described in Patent Document 1. In this prior art, the reader / writer terminal stores an access key in a storage area, and deletes the access key when a power interruption or an external attack is detected. In Patent Document 1, the reader / writer terminal requests the central management device to distribute an access key when the power is turned on, and the central management device receives the request and encrypts the access key. Distributing to a reader / writer terminal is disclosed.

JP 2004-295502 A

  In the network system configuration having the above-described relay server, when a terminal having a large number such as a settlement terminal acquires security information from the center device at the time of start-up, for example (for security reasons, a store such as at night) (For operations that do not allow security information to be held in the payment terminal during off-hours), depending on the store's sales form, a plurality of ( In some cases, a large number of payment terminals may simultaneously access the relay server in the store.

  However, the number of simultaneous connections between the relay server 110 and the settlement center 120 may be limited depending on the contract form with the settlement center. In such a case, the number of request messages arriving at the relay server 110 from each settlement terminal 100 is very large compared to the number of request messages that can be transferred per unit time by the payment center communication function unit 111 of the relay server 110. End up. As a result, communication between the relay server 110 and the settlement center 120 becomes a bottleneck, and there is a problem that it takes a very long time to return a response message to the settlement terminal 100.

An example when such a problem occurs is shown in FIG.
FIG. 7 is a diagram illustrating an example of a message relay sequence performed by the conventional relay server 110. Here, the case where the restriction on the number of simultaneous connections between the relay server 110 and the settlement center 120 is “2” is taken as an example.

  In the illustrated example, five payment terminals 100 (payment terminals a, b, c, d, e) respectively transmit security information request messages (1) to (5) almost at the same time. This is not at the same time. In the illustrated example, the request message (1) is the earliest request message (1), (2), (3), (4), (5). 5) is transmitted at the latest timing, and is received by the relay server 110 in this order. When the request message (1) is received, it is assumed that the number of simultaneous connections between the relay server 110 and the settlement center 120 is “0” (that is, not connected to the settlement center 120). Of the payment terminals a, b, c, d, and e, the payment terminals a, c, and e belong to the payment terminal group 1 (that is, hold the transfer data encryption key No. 1), and payment. The terminals b and d belong to the payment terminal group 2 (that is, hold the transfer data encryption key No. 2).

  Each time the relay server 110 receives a security information request message, the relay server 110 forwards the request message to the settlement center 120 unless the current simultaneous connection number reaches the above simultaneous connection number limit = '2' (threshold). . Then, the number of simultaneous connections is updated (incremented by +1), and a response message from the settlement center 120 to the transferred request message is awaited. When the response message is received, the response message is transferred to the corresponding payment terminal 100 (the payment terminal 100 that is the transmission source of the request message corresponding to the response message). And the number of simultaneous connections is updated (-1 decrement).

  When the security information request message is received, if the current simultaneous connection number has reached the simultaneous connection number limit (threshold), the request message is temporarily suspended and the simultaneous connection number is updated (- When the number of simultaneous connections becomes less than the threshold value by 1 decrement), the pending request message is transferred to the settlement center 120. Of course, the number of simultaneous connections is updated (+1 increment) at that time.

  Since the relay server 110 performs the processing described above, in the case of the request messages (1) to (5), the processing sequence is as shown in FIG. Although not described in the following description, as described above, communication with the payment terminal 100 (message transmission / reception) is performed by the payment terminal communication function unit 112, and communication with the payment center 120 (message transmission / reception) is performed by the payment center. Performed by the communication function unit 111.

  With respect to FIG. 7, the relay server 110 first receives the request message (1). Since the number of simultaneous connections = “0” as described above, the number of simultaneous connections is equal to the threshold value (the number of simultaneous connections = “2”). ) Is not reached, the request message (1) is relayed to the immediate settlement center 120. Then, the number of simultaneous connections is updated to “1”. Similarly, when the request message (2) is received, the request message (2) is relayed to the immediate settlement center 120 and the number of simultaneous connections = “2”. As a result, the current number of simultaneous connections reaches the threshold value. Therefore, until a response message is received / transferred and the number of simultaneous connections is updated (-1 decrement), even if a new request message is received, it is temporarily suspended without being relayed to the settlement center 120, for example. Will do. In the illustrated example, the request messages (3), (4), and (5) are temporarily held without being relayed immediately after being received. Alternatively, the method is not limited to the method of temporarily holding, and a request rejection may be returned to the requesting payment terminal 100 and a request message may be sent again (retryed) after a predetermined time.

  When the settlement server 120 returns a response message (security information response message (1)) to the request message (1), the relay server 110 sends the response message (1) to the request message (1). Relay / transfer to the payment terminal 100 (payment terminal a in this case) of the transmission source. In this process, for example, the response message (1) is received by the payment center communication function unit 111 that has transferred the request message (1), and the payment center communication function unit 111 receives the corresponding payment terminal. By passing the response message (1) to the communication function unit 112 (the communication function unit 112 that has received the request message (1)), the communication function unit 112 itself establishes the TCP connection (here, the payment terminal 100). The response message (1) is transmitted to the settlement terminal a).

  The response message (1) includes the encrypted security information 123. From the above, it is encrypted by the transfer data encryption key No.1. Accordingly, the payment terminal a can obtain the security information 123 by decrypting the encrypted security information 123 using its own transfer data encryption key 103 (No. 1).

The relay server 110 updates (-1 decrement) the number of simultaneous connections after relaying the response message (1). As a result, the number of simultaneous connections = “1”, which is less than the threshold value (simultaneous connection number limit = “2”). If there is a held request message, the counter-communication center communication function unit 111 performs the settlement. Transfer to the center 120. In this example, the request message (3) is transferred.

  Thereafter, when a response message (security information response message (2)) to the request message (2) is returned from the settlement center 120, the relay server 110 performs the same as in the case of the response message (1). The next request message can be transferred to the payment center 120 by relaying / transferring the response message (2) to the corresponding payment terminal 100 (in this example, payment terminal b) and updating the number of simultaneous connections (-1). In this example, the request message (4) is transferred this time.

  The response message (2) includes the security information 123 encrypted with the transfer data encryption key No. 2. From the above, the settlement terminal b uses its own transfer data encryption key 103 (No. .2) can be used to decrypt the encrypted security information 123 to obtain the security information 123.

  Similarly, when the response message (3) is received thereafter, it is relayed and transferred to the corresponding payment terminal 100 (in this example, the payment terminal c), and this time the request message (5) is transferred to the payment center 120. . After that, when the response message (4) is received, it is relayed / transferred to the corresponding payment terminal 100 (the payment terminal d in this example), but there is no request message held in the relay server 110 at this time. The request message is not transferred. This is the same when the subsequent response message (5) is received.

  As described above, the request message (3) can be transferred to the settlement center 120 after receiving the response message (2). As shown in the figure, the request message (3) is transferred to the settlement center 120 after receiving the request message (3). Elapsed time to do becomes long. The same applies to the request messages (4) and (5), and the waiting time from receiving these requests to transferring them to the settlement center 120 becomes long.

  As described above, since the number of simultaneous connections is limited, even if a request message is received, it cannot be relayed immediately to the settlement center 120, but is temporarily held and then relayed, resulting in poor transfer efficiency. In addition, if the number of request messages held increases, it will be in a waiting state for a long time, and a wasteful waiting time will be increased, whereby the time required for the delivery of security information to all requested payment terminals 100 will be completed. There was a problem that the (total delivery time) was very long.

  An object of the present invention is composed of a plurality of terminals, a relay server, and a center device. In a system in which a relay server relays communication between a terminal and a center device, the number of simultaneous connections between the relay server and the settlement center is limited. Provided is a network system having a relay server, its relay server, program, etc., capable of delivering appropriate information to each terminal in a short time, especially when there is an information distribution request from each terminal almost simultaneously. There is.

A network system having a relay server according to the present invention includes a plurality of terminals, a relay server, and a center device, and includes a first network that connects each terminal and the relay server, and a second network that connects the relay server and the center device. A network system in which a relay server relays communication between the terminal and the center device, wherein the number of simultaneous connections between the relay server and the center device is limited. By transmitting a request message, it has information acquisition means for distributing a response message including predetermined encrypted information according to the request by the request message, and the center device receives the request message from an arbitrary terminal. And generating a response message including the predetermined encryption information according to the request by the request message An information delivery means for sending back the response message, and each time the relay server receives the request message, if the current number of simultaneous connections is less than a predetermined limit number, the center device sends the received request message to the center device. When the current simultaneous connection number has reached a predetermined limit number, the received request message is stored in the temporary storage means, and when the simultaneous connection number is less than the predetermined limit number, A request message transfer means for transferring the request message stored in the temporary storage means to the center device, and each time the response message is received, the received response message is transferred to the corresponding terminal, and 1 is stored in the temporary storage means. If there is the above request message, the same predetermined encryption information as the predetermined encryption information included in the response message received from the temporary storage means All the request messages to be answered are acquired, each response message for each acquired request message is generated based on the received response message, and each of the generated response messages is distributed to the corresponding terminals. Response message transfer / generation means.

  The network system is particularly characterized by a relay server. When the number of simultaneous connections between the relay server and the center device is limited, the relay server stores the received request message in the temporary storage unit when the number of simultaneous connections reaches a predetermined limit. When the relay server receives an arbitrary response message, all the request messages stored in the temporary storage means include a request message to which the same predetermined encrypted information as the response message is to be responded. Obtaining and generating a response message corresponding to the obtained request message based on the received response message.

  In this way, even if all received request messages are not transferred to the center device, it may be possible to respond by generating a response message in the relay server, and appropriate information can be distributed to each terminal in a short time.

  In the network system having the relay server, for example, the information distribution unit of the center device encrypts the specific information held by the own device by using any of a plurality of types of encryption keys held by the own device. Predetermined encryption information is generated, each terminal holds a decryption key corresponding to any of the plurality of types of encryption keys, and the information acquisition means includes a decryption key held by the self in the request message The information distribution means of the center device selects a corresponding encryption key based on the identification information of the decryption key included in the received request message, and uses the selected encryption key. Generating the predetermined encryption information by encrypting the specific information, returning the response information including the predetermined encryption information and the identification information of the decryption key, and the relay server The response message transfer / generation unit acquires all request messages having the same identification information as the identification information of the decryption key included in the received response message from the request messages stored in the temporary storage unit. The response message is generated and distributed corresponding to each of the acquired request messages.

  By selecting the request message based on the identification information of the decryption key, each terminal that has received the generated response message can decrypt the predetermined encrypted information using the decryption key held by itself, and the specific information (security information Etc.). That is, the relay server can distribute appropriate information to each terminal.

Alternatively, in the network system having the relay server, for example, the information distribution unit of the center device uses one of a plurality of types of encryption keys held by the own device according to various attributes held by the own device. The predetermined encryption information is generated by encrypting any of the various types of specific information, and each terminal holds a decryption key corresponding to any of the plurality of types of encryption keys, and the information acquisition unit Transmits the request message including the identification information of the decryption key held by the self and the attribute code indicating the attribute of the self, and the information distribution means of the center device transmits the decryption information included in the received request message. The corresponding encryption key is selected based on the key identification information, the corresponding specific information is selected using the attribute code included in the received request message, and the selected encryption key is selected. And generating the predetermined encrypted information by encrypting the selected specific information, returning the generated predetermined encrypted information, the identification information and the attribute code in the response message, and transmitting the relay server. The response message transfer / generation means includes all the request messages having the same identification information and attribute code as the identification information and attribute code included in the received response message among the request messages stored in the temporary storage means. The response message is generated and distributed corresponding to each of the acquired request messages.

  By selecting the request message based on the identification information and attribute code of the decryption key, each terminal that has received the generated response message can decrypt the predetermined encrypted information using the decryption key held by itself, The specific information required by the user can be acquired from the specific information. That is, the relay server can distribute appropriate information to each terminal.

  According to the network system having the relay server of the present invention, the relay server, the program, and the like, the relay server includes a plurality of terminals, the relay server, and the center device, and the relay server relays communication between the terminal and the center device. Even when the number of simultaneous connections between the server and the settlement center is limited, and when there is an information distribution request from each terminal almost simultaneously, appropriate information can be distributed to each terminal in a short time.

It is a configuration / function block diagram of a network system having a relay server of this example. It is a figure which shows the communication sequence concerning the security information delivery in Example 1. FIG. (A) is an example of a packet structure of a request message, and (b) is an example of a packet structure of a response message. It is a figure which shows the communication sequence regarding the security information delivery in Example 2. FIG. It is a computer hardware block diagram. It is a system configuration | structure figure of the network system which has the conventional relay server. It is a figure which shows an example of the message relay sequence by the conventional relay server.

Embodiments of the present invention will be described below with reference to the drawings.
FIG. 1 is a configuration / function block diagram of a network system having a relay server of this example.

  Here, an IC card payment system is taken as an example of a “network system having a relay server”, but is not limited to this example. The network system in this example includes a plurality of payment terminals 10, a relay server 30, and a payment center 20. Similarly to FIG. 6, each settlement terminal 10 and the relay server 30 are connected by a relatively high speed network such as LAN / VAN1, and the relay server 20 and the settlement center 30 are connected by a relatively low speed network such as WAN2. ing.

  In the following description, security information is described as an example of information (referred to as specific information) requested (acquired) by each settlement terminal 10, but the present invention is not limited to this example. However, basically, this specific information is encrypted and distributed. Note that the encrypted specific information is referred to as predetermined encryption information. Further, it is assumed that there are a plurality of types of keys for encryption / decryption of specific information (corresponding to the transfer data encryption key described above), and each settlement terminal 10 assigns an arbitrary one of them. Pre-held. Then, the settlement center 20 encrypts the specific information using a key (predetermined key) corresponding to the requesting settlement terminal 10 and distributes the predetermined encrypted information.

  Furthermore, there are a plurality of types of specific information according to the payment terminal attribute code of the payment terminal 10, and the payment center 20 selects and distributes specific information according to the payment terminal attribute code of the payment terminal 10 of the request source. It may be. Also in this case, the encryption of the specific information is performed using the key corresponding to the requesting payment terminal 10 as described above.

  The payment terminal attribute code may be a number determined based on, for example, a place where the payment terminal 10 is installed or a store where the payment terminal 10 is installed (for example, a store that is chain-expanded). It may be a number determined on the basis of the manufacturer or model, or may indicate the electronic money type. In this description, in particular, an example in which the payment terminal attribute code is a model code indicating the model of the payment terminal 10 or an electronic money type code indicating the type of electronic money handled by each payment terminal 10 is given as an example. May be explained.

In the configuration shown in FIG. 1, the configuration other than the relay server may be substantially the same as the configuration of the conventional FIG. 6, and will be briefly described below.
First, the payment terminal 10 is the same as the payment terminal 100, and there are a large number of them, each of which accesses the payment center 20 via the relay server 30 and distributes the specific information (here, security information). Etc.

  The settlement terminal 10 includes functional units such as the anti-relay server communication function unit 11 and the security information acquisition function unit 12, which are abbreviated as the conventional anti-relay server communication function unit 101 and the security information acquisition function unit 102. Similar functional units. That is, the relay server communication function unit 11 is a communication module that connects to the LAN / VAN 1 and communicates with the relay server 30. The security information acquisition function unit 12 transmits a security information request message (hereinafter also referred to as “request message”, sometimes abbreviated as “request”) via the anti-relay server communication function unit 11 when the power is turned on, for example. When a security information response message (hereinafter sometimes referred to as “response message”) is received, predetermined encrypted data included in the response message (predetermined encrypted information; in this example, the settlement center 20 performs security). Information 23 encrypted with the transfer data encryption key 24; hereinafter referred to as “encrypted security information”) is decrypted with the transfer data encryption key 13 to obtain the security information 23. Security information 23 is stored in a memory (not shown) or the like. This memory or the like is protected by, for example, a tamper resistant function. After that, communication / settlement processing with the IC card is executed using this security information.

The security information 23 is the same as the security information 123, and is an encryption key or the like necessary for accessing the contactless IC card.
The transfer data encryption key 13 is the same as the transfer data encryption key 103, and is a key used for encrypted communication with the settlement center 20. Here, the transfer data encryption key 13 is particularly used for decrypting the “encrypted security information”. Is the key. The encryption method for the encryption communication between each payment terminal 10 and the payment center 20 may be a common key encryption method or a public key encryption method. In the case of the common key encryption method, the transfer data encryption key 13 may be the same as the transfer data encryption key 24. In the case of the public key cryptosystem, for example, the transfer data encryption key 24 is a secret key, and the transfer data encryption key 13 is a public key paired with this secret key. However, in this example, in any case, the transfer data encryption key 24 functions as an encryption key for encrypting information, and the transfer data encryption key 13 functions as a decryption key for decrypting this encrypted information.

In this description, the common key cryptosystem will be described as an example, but of course, a public key cryptosystem may be used.
The payment terminal 10 holds the transfer data encryption key 13 for decrypting the “encrypted security information” distributed from the payment center 20 to obtain the security information 23 in advance. As described above, there may be a plurality of types of transfer data encryption keys 13. In this case, each settlement terminal 10 holds one type of transfer data encryption key 13. In the example of FIG. 1, as in the example of FIG. 6, a plurality of payment terminals 10 are divided into a group of payment terminals 10 that holds transfer data encryption key No. 1 (payment terminal group 1 in the figure) and transfer data encryption key No. .2 can be divided into a group of settlement terminals 10 (settlement terminal group 2 shown).

  As described above, since the common key encryption method is taken as an example here, in this example, the settlement center 20 uses the transfer data encryption key No. 1 and the transfer data encryption key No. 2 as the transfer data encryption key 24 in advance. The security information 23 is encrypted using the transfer data encryption key 24 corresponding to the settlement terminal 10 that is the sender of the request message that is held and transferred. For example, in response to a request from the payment terminal 10 belonging to the payment terminal group 1, the security information 23 is encrypted with the transfer data encryption key No. 1 and this “encrypted security information” is returned.

  Therefore, as already described, for example, even if the security information 23 encrypted with the transfer data encryption key No. 2 is distributed to the payment terminals 10 belonging to the payment terminal group 1, there is no meaning (decryption). Security information delivery failure in effect). That is, appropriate information is not distributed.

  Further, each payment terminal 10 includes the payment terminal attribute code (for example, a model code indicating the model of the terminal) corresponding to the terminal, a unique ID for identifying each payment terminal, and the like. Terminal identification information and the like are also given in advance and stored in a memory (not shown) or the like.

  The settlement center 20 has various functional units such as a security information distribution function unit 21 and an anti-relay server communication function unit 22, which are the above-described conventional security information distribution function unit 121, an anti-relay server communication function unit 122, and the like. It is the same. That is, the relay server communication function unit 22 is a communication module that connects to the WAN 2 and communicates with the relay server 30. When a security information request message from an arbitrary settlement terminal 10 is sent via the relay server 30, the security information distribution function unit 21 sends the security information 23 to the transfer data encryption key 24 corresponding to the requesting settlement terminal 10. The response message including the “encrypted security information” is generated and sent back to the relay server 30.

  Alternatively, when there are a plurality of types of security information 23, the corresponding security information 23 is selected according to the payment terminal attribute code indicating the attribute (the model, the electronic money type, etc.) of the requesting payment terminal 10 This may be encrypted as described above and sent back to the relay server 30.

  The settlement center 20 holds the security information 23 and the transfer data encryption key 24 in advance, and these are the same as the above-described conventional security information 123 as the transfer data encryption key 124. Although not described, as described above, there are cases where there are a plurality of types of transfer data encryption keys 24 and a plurality of types of security information 23.

The settlement center 20 also holds the settlement terminal management data 25 as in the past, but is not described here because it is not particularly relevant.
Note that, as already described, in this description, the encryption distribution of the security information 23 is described as being performed by a common key encryption method. Therefore, the transfer data encryption key 24 is the same as the transfer data encryption key 13.

  Here, in this example, as described above, there are a plurality of types of transfer data encryption keys 13, and there are also a plurality of types of transfer data encryption keys 24. As described above, in this example, each settlement terminal 10 holds one of transfer data encryption key No. 1 and transfer data encryption key No. 2. In this description, since the common key encryption method is used as described above, the transfer center encryption key No. 1 and the transfer data encryption key No. 2 are stored in the settlement center 20 in advance. Will be.

(Of course, the common key cryptosystem is an example. When the public key cryptosystem is used, for example, if the transfer data encryption key 13 is a public key, a secret key paired therewith is transferred to the settlement center 20. In this case, in the above example, the settlement center 20 has a secret key paired with the transfer data encryption key No. 1 and a pair with the transfer data encryption key No. 2. The two types of transfer data encryption keys 24 of the secret key to be stored are held in advance.)
Then, the settlement center 20 encrypts and distributes the security information 23 using the transfer data encryption key No. 1 in response to a request from the settlement terminal 10 belonging to the group 1. Similarly, in response to a request from the payment terminal 10 belonging to the group 2, the security information 23 is encrypted using the transfer data encryption key No. 2 and distributed.

Hereinafter, the relay server 30 that is a feature of the present system will be described in detail.
The relay server 30 includes a payment center communication function unit 31, a payment terminal communication function unit 32, and a queue (queue) 33.

  The basic processing functions of the payment center communication function unit 31 and the payment terminal communication function unit 32 are substantially the same as the payment center communication function unit 111 and the payment terminal communication function unit 112 of the conventional relay server 110. It may be the same.

  That is, the payment terminal communication function unit 32 may have the same basic processing function as the payment terminal communication function unit 112, and performs communication processing (data transmission / reception) with an arbitrary payment terminal 10. Is. The plurality of payment terminal communication function units 32 may be considered as threads that handle a TCP connection for any one payment terminal 10.

  The payment processing center communication function unit 31 may also be considered to have substantially the same basic processing function as the payment processing center communication function unit 111 described above. In other words, the plurality of payment center communication function units 31 may be considered as threads or the like each handling one TCP connection to the payment center 20.

  However, the payment center communication function unit 31 and the payment terminal communication function unit 32 further have a processing function that is a feature of the present method described later. Further, the relay server 30 of this example further includes the queue (queue) 33. The queue (queue) 33 is a FIFO (first-in first-out) memory.

  Here, similarly to the description of the conventional problem, this technique assumes a case where the number of simultaneous connections between the relay server 30 and the settlement center 20 is limited. Here, description will be made assuming that the simultaneous connection number limit (threshold value) between the relay server 30 and the settlement center 20 is “2”.

Hereinafter, the characteristics of the relay server 30 of this example will be described according to this assumption.
First, when the relay server 30 of this example receives a new request message when the current number of simultaneous connections does not reach the threshold (less than the threshold), the relay server 30 immediately sends the request message to the settlement center 20. Relay / forward. On the other hand, when a new request message is received in a state where the current number of simultaneous connections has reached the threshold value, the request message is temporarily held in a queue (queue) 33.

  Alternatively, when the payment terminal communication function unit 32 receives an arbitrary request message, the payment message communication function unit 32 always stores the request message in a queue (queue) 33, and the payment center communication function unit 31 determines that the current number of simultaneous connections is a threshold value. If one or more request messages are stored in the queue (queue) 33 in a state of less than the number, the request message may be taken out from the queue (queue) 33 and transferred to the settlement center 20.

  The queue (queue) 33 is a FIFO (first-in first-out) memory, and the request message stored first (oldest) among the currently stored request messages is taken out, and the settlement center 20 is retrieved. Will be transferred to. That is, request messages are processed in the order received. However, this is a basic operation of this method, and further processing described later is performed when a response message is received.

The particularly characteristic point of the relay server 30 of this example is mainly in the processing when the response message is received.
That is, when the conventional payment center communication function unit 111 receives the response message, the response message is transmitted to the corresponding payment terminal communication function unit 112 to be transmitted to the corresponding payment terminal 100. That is, only the process of transferring the received response message to the corresponding payment terminal 100 is performed.

This processing is also performed in the payment center communication function unit 31 of this example, but the processing described below is also executed.
That is, when the response message is received in a state in which one or more request messages are held in the queue (queue) 33, the payment center communication function unit 31 analyzes the response message, and the queue (queue). ) If there is a corresponding request message among the request messages held in 33, all the corresponding request messages are acquired, and the response message corresponding to each acquired request message is received as the received response message or the like. Generate based on Then, the received response message and the generated response message are respectively transmitted to the corresponding payment terminal communication function unit 32 to be transmitted to the corresponding payment terminal 10.

  The corresponding request message is a request message whose “encrypted security information” to be distributed to the settlement terminal 10 of the transmission source should be the same as the “encrypted security information” included in the received response message. It is.

  As a specific example, in the case of an example in which the payment terminal attribute code is not considered as in Example 1 described later (that is, the security information 23 is only one type), it corresponds to the received response message. The request message from the payment terminal 10 holding the same transfer data encryption key 13 as the transfer data encryption key 13 held by the payment terminal 10 that is the transmission source of the request message is the “corresponding request message”. In other words, the settlement that holds the transfer data encryption key 13 that is the same as the transfer data encryption key 24 used for encrypting the “encryption security information” of the received response message (since it is a common key encryption method). The request message from the terminal 10 is the “corresponding request message”.

In the example shown in FIG. 1, for example, when the received response message is in response to a request message from an arbitrary payment terminal 10 belonging to the payment terminal group 1, for example, it is held in a queue (queue) 33. If there is a request message from the payment terminal 10 belonging to the payment terminal group 1 in each request message, all of the request messages are acquired and a response message corresponding to each is generated.

  Alternatively, for example, in the case of considering the payment terminal attribute code as in Example 2 described later (that is, when there are a plurality of types of security information 23), not only the transfer data encryption key 13 but also the payment terminal attribute code is included. The same request message is the corresponding request message.

Hereinafter, Example 1 will be described first.
However, an example of the packet structure of the request message and the response message in the first and second embodiments is shown in FIGS. 3A and 3B and will be described.

FIG. 3A shows an example of a packet configuration of the security information request message.
The illustrated security information request message 40 includes a message type 41, payment terminal identification information 42, a payment terminal attribute code 43, and a transfer data encryption key No. 44.

  The message type 41 indicates the type (command or the like) of the message 40 and is “security information request” in this example. The payment terminal identification information 42 is an identification number of the payment terminal 10 that is the transmission source of the request message 40, and this identification number is a unique unique ID such as a manufacturing number of the payment terminal 10.

  The payment terminal attribute code 43 is an identification number indicating the attribute of the payment terminal 10 that is the transmission source of the request message 40. The “attribute” is, for example, a model as described above with respect to the payment terminal attribute code. In this case, the payment terminal attribute code 43 indicates the model of the payment terminal 10 that is the transmission source of the request message 40. It will be a model code. Of course, this is merely an example, and the present invention is not limited to this example. Other examples of the payment terminal attribute code have already been described and will not be described here.

  As a typical example, in the case where there are a plurality of types of security information 23, there is security information 23 corresponding to each “attribute”. Therefore, in this case, not all the payment terminals 10 hold the same security information, but the security information is different if the attribute is different.

  Alternatively, when the “attribute” is the electronic money type of the electronic money handled by each payment terminal 10, in recent years, there may be cases where one payment terminal 10 can handle a plurality of types of electronic money. There may be a case where a plurality of types of security information are distributed to 10.

  Transfer data encryption key No. 44 is identification information indicating the type of the transfer data encryption key 13 held by the settlement terminal 10 that is the transmission source of the request message 40. (No.) is used, and in the above example, either No. 1 or No. 2 is stored. Of course, this is not a limitation.

  The request message is transmitted by being included in a packet. For example, the source IP address, the destination IP address, and the like are stored in the packet. The same applies to the response message 50. In the relay / transfer processing of the message in the relay server 30, the source IP address and the destination IP address are rewritten. This is an existing technique and is a general one, and is particularly described here. do not do.

  The response message 50 shown in FIG. 3B includes a message type 51, payment terminal identification information 52, a payment terminal attribute code 53, a transfer data encryption key No. 54, encryption security information 55, and the like.

  The message type 51 indicates the type (command or the like) of the message 50 and is “security information response” in this example. In the payment terminal identification information 52 and the payment terminal attribute code 53, the identification information and attribute code of the payment terminal 10 that has transmitted the request message 40 corresponding to the response message 50 are stored. That is, the payment terminal identification information 42 and the payment terminal attribute code 53 of the request message 40 are stored in the payment terminal identification information 52 and the payment terminal attribute code 53 of the response message 50 for the arbitrary request message 40. Similarly, the transfer data encryption key No. of the request message 40 is also described. 44 is a transfer data encryption key No. 54 is stored. In other words, the response message 50 has a configuration in which the message type of the request message 40 is changed and the encrypted security information 55 is added.

  The encrypted security information 55 is the security information 23 encrypted by the transfer data encryption key 24, and this is the transfer data encryption key No. The data is encrypted by the transfer data encryption key 24 corresponding to 44. For example, the transfer data encryption key No. If 44 = “No. 1”, the settlement center 20 generates the encrypted security information 55 by encrypting the security information 23 with the transfer data encryption key No. 1 and sends it to the response message 50. Will be added.

  Alternatively, when there are a plurality of types of security information 23 and various types of security information 23 exist according to the “attribute”, the settlement center 20 first sets the settlement terminal attribute code of the received request message 40. Security information 23 corresponding to 43 is selected and acquired. Then, the selected security information 23 is transferred to the transfer data encryption key No. By encrypting with the transfer data encryption key 24 corresponding to 44, encrypted security information 55 is generated.

  In the case of Example 1 described later, the payment terminal attribute codes 43 and 53 are not necessarily required. On the other hand, in the case of Example 2 to be described later, the payment terminal attribute codes 43 and 53 are necessary, and this attribute is handled based on the payment terminal attribute code 43 when the encrypted security information 55 is generated as described above. The security information 23 to be selected is selected / acquired.

FIG. 2 shows a communication sequence when security information is distributed in the first embodiment.
A processing flowchart of the relay server 30 and the like related to this distribution processing is not particularly illustrated. The processing operation of the relay server 30 and the like will be described in the description of FIG.

  In the example of FIG. 2, the payment terminal 10 is shown as five payment terminals a, b, c, d, and e, and the payment terminals a, c, and e are the payment terminal group 1, the payment terminal b, It is assumed that d is the payment terminal group 2. Further, as shown in the figure, it is assumed that each payment terminal 10 transmits a security information request message to the relay server 20 almost at the same time in the order of payment terminals a → b → c → d → e. As in FIG. 6, the request messages transmitted by the payment terminals a, b, c, d, and e are shown as request messages (1), (2), (3), (4), and (5). Similarly, response messages to the request messages (1), (2), (3), (4), (5) are changed to response messages (1), (2), (3), (4), (5). As shown.

The content itself of the encrypted security information 55 included in each response message (1), (2), (3), (4), (5) is the same as in the conventional case of FIG. However, in this example, some response messages are generated in the relay server 30. In the example of FIG. 2, the response message (3)
, (4), (5) are generated by the relay server 30. That is, the request messages (3), (4), and (5) are not transferred to the settlement center 20. Therefore, even if there is a restriction on the number of simultaneous connections between the relay server 30 and the settlement center 20, it is possible to efficiently distribute the response message with the effect of this being minimized, and it is possible to shorten the overall distribution time. .

  Further, each payment terminal 10 in the payment terminal group 1 is preliminarily assigned with a transfer data encryption key No. 1 as a transfer data encryption key 13, and is transferred to each payment terminal 10 in the payment terminal group 2. Assume that the transfer data encryption key No. 2 is previously assigned and held as the data encryption key 13. Each payment terminal 10 holds a payment terminal attribute code indicating the attribute of the payment terminal. However, as described above, in the first embodiment, the security information 23 corresponding to the attribute is not distributed. Since the security information 23 is assumed to be one type, the payment terminal attribute code will be omitted here. Further, the payment terminal identification information is not particularly related to the present technique, but for the time being, the payment terminal identification information of the payment terminals a, b, c, d, and e is “0001”, “0002”, and “0003”, respectively. In the following description, it is assumed that they are ',' 0004 ', and' 0005 '.

Initially, it is assumed that the number of simultaneous connections = 0.
First, when the relay server 30 receives the security information request message (1) (payment terminal identification information 42 = 0001, transfer data encryption key No. 44 = No. 1) from the payment terminal a, the relay server at that time point Since the number of simultaneous connections between 30 and the settlement center 20 is “0” (because “the number of simultaneous connections <threshold”), this request message (1) is transferred to the settlement center 20 as it is, and a response message is awaited.

  In this example, the threshold is “2”. Further, the updating of the number of simultaneous connections is as already described in the conventional problem, and is not particularly described here. Here, the individual operations of the payment center communication function unit 31 and the payment terminal communication function unit 32 are not particularly mentioned, and may be collectively described as operations of the relay server 30.

  Subsequently, when the relay server 30 receives the security information request message (2) (payment terminal identification information 42 = 0002, transfer data encryption key No. 44 = No. 2) from the payment terminal b, the relay server 30 relays at that time. Since the number of simultaneous connections between the server and the settlement center is “1” (not reaching the threshold; less than the threshold), this request message (2) is transferred to the settlement center 20 as it is, and a response message is awaited.

  When the relay server 30 receives the security information request message (3) from the payment terminal c (payment terminal identification information 42 = 0003, transfer data encryption key No. 44 = No. 1), the relay server 30- Since the number of simultaneous connections between the settlement centers 20 is “2” (the threshold has been reached; not less than the threshold), the request message (3) is temporarily transferred to the queue (queue) 33 without being transferred to the settlement center 20. Hold on.

  When the relay server 30 receives the security information request message (4) (payment terminal identification information 42 = 0004, transfer data encryption key No. 44 = No. 2) from the settlement terminal d, the relay server 30- Since the number of simultaneous connections between the settlement centers 20 is “2”, the request message (4) is temporarily held in the queue (queue) 33 without being transferred to the settlement center 20.

  When the relay server 30 receives the security information request message (5) (payment terminal identification information 42 = 0005, transfer data encryption key No. 44 = No. 1) from the payment terminal e, the relay server 30- Since the number of simultaneous connections between the settlement centers 20 is “2”, the request message (5) is temporarily held in the queue (queue) 33 without being transferred to the settlement center 20.

  When the settlement center 20 receives the request message (1) transferred by the relay server 30, the settlement center 20 refers to the transfer data encryption key No. 44 and uses the transfer data encryption key 24 corresponding to this to send the security information 23. Is encrypted to generate encrypted security information 55. In this example, since the transfer data encryption key No. 44 = No. 1 of the request message (1) as described above, the security information 23 is encrypted using the transfer data encryption key No. 1. Then, the encrypted security information 55 is included in the response message (1) and returned to the relay server 30.

  The settlement center 20 performs the same processing when receiving the request message (2), generates a response message (2), and sends it back to the relay server 30. However, the encrypted security information 55 in the response message (2) is obtained by encrypting the security information 23 using the transfer data encryption key No. 2.

  When the relay server 30 receives the response message (1) from the settlement center 20, the relay server 30 leaves a copy of the response message (1) and at the transmission source terminal of the request message (1) corresponding to the response message (1). This response message (1) is transferred to a certain settlement terminal a. When one or more request messages are held in the queue (queue) 33, processing described below is further performed.

  That is, the corresponding request message is extracted from all the request messages stored in the queue (queue) 33. The “corresponding request message” is a request message that should deliver the same encrypted security information as the encrypted security information 55 included in the received response message (1) in response to the request. In other words, the request message from the payment terminal 10 to which the security information 23 encrypted with the same transfer data encryption key as in the request message (1) is to be distributed becomes the “corresponding request message”. That is, a request message whose transfer data encryption key No. 44 is the same as the transfer data encryption key No. 54 of the received response message is the “corresponding request message”.

  In this example, the transfer data encryption key No. 54 of the received response message (1) is No. 1 (the transfer data encryption key No. 44 of the request message (1) is No. 1). ), All request messages whose transfer data encryption key No. 44 is No. 1 are extracted from the request messages stored in the queue (queue) 33. In this process, for example, each request message is sequentially taken out from the queue (queue) 33, and if it is a “corresponding request message”, it is acquired, and if it is not a “corresponding request message” Is stored in the queue 33 again.

In the above example, since the transfer data encryption key No. 44 is No. 1, the request message (3) and the request message (5) are “corresponding request messages”.
Then, for each “corresponding request message” extracted, a response message corresponding to the request message is generated based on the received response message (1) (its copy). As the encrypted security information 55 of the response message, the encrypted security information 55 included in the received response message (1) is used as it is. For the other item data (message type 51 to transfer data encryption key No. 54), the same processing as the response message generation processing in the settlement center 20 may be performed. Alternatively, in this example, only the payment terminal identification information 52 may be changed based on the received response message (1). That is, for the request message (3), the response message (3) can be generated simply by rewriting the settlement terminal identification information 52 of the response message (1) to “0003”. Similarly, with respect to the request message (5), the response message (5) can be generated only by rewriting the settlement terminal identification information 52 of the response message (1) to “0005”.

  And each response message (3) and (5) produced | generated as mentioned above is each transmitted to the payment terminal 10 applicable. In this example, the response message (3) is transmitted to the payment terminal c, and the response message (5) is transmitted to the payment terminal e.

  The processing related to the request message extraction / response message generation described above is executed by, for example, the payment center communication function unit 31 that has received the response message. That is, for example, the payment center communication function unit 31 that has received the response message (1) sequentially executes the following processes (a) to (f).

  (A) First, the received response message (1) is passed to the corresponding payment terminal communication function unit 32 to be transmitted to the corresponding payment terminal 10 (in this case, the payment terminal a) (in this case, the response message (1 Keep a copy of)).

  (B) Next, it is determined whether or not one or more request messages are held in the queue (queue) 33. If there is none, the copy of the response message (1) is deleted and the process ends.

  (C) If one or more request messages are held in the queue (queue) 33, all “corresponding request messages” are acquired as described above. In this example, request messages (3) and (5) are acquired.

  (D) Then, for each acquired “corresponding request message”, a response message corresponding to the request message is generated based on the received response message (1) (its copy) as described above. In this example, response messages (3) and (5) are generated.

  (E) Each response message generated in (d) above is sent to the corresponding payment terminal 10 by passing it to the corresponding payment terminal communication function unit 32. Each of the payment terminal communication function units 32 transmits the passed response message to the payment terminal 10 that has established a TCP connection. In this example, the response message (3) is transmitted to the payment terminal c, and the response message (5) is transmitted to the payment terminal e.

  (F) Finally, all messages related to the current message transmission / reception are discarded. That is, a copy of the received response message and all response messages generated based on the copy are deleted. In the above example, the response message (1) (its copy) and the response messages (3) and (5) are all deleted. Furthermore, the request messages (1), (3) and (5) corresponding to these are all deleted.

  When one or more request messages are stored in the queue (queue) 33 after the completion of the processes (a) to (f), the relay server 30 (when there are one or more request messages that do not apply). It is determined whether or not “the number of simultaneous connections <threshold”, and if the number of simultaneous connections is less than the threshold, one request message in the queue (queue) 33 is taken out and transferred to the settlement center 20. . Therefore, although not shown in FIG. 2, when all of the above-described processing related to reception of the response message (1) is completed, processing for transferring the request message (4) to the settlement center 20 may be performed (however, In the example, since the response message (4) is generated upon receipt of the response message (2), this processing itself ends in vain).

  In the example of FIG. 2, the relay server 30 then receives the response message (2), but the processing in this case is the same as when the response message (1) is received. I will only explain it.

  That is, when the relay server 30 receives the response message (2) from the settlement center 20, the relay server 30 transfers the response message (2) to the settlement terminal b that is the transmission source of the request message (2). Next, all request messages whose transfer data encryption key No. 44 is the same as the transfer data encryption key No. 54 = No. 2 of the response message (2) are extracted from the queue (queue) 33. In this example, the request message (4) is extracted as “corresponding request message”.

  Then, for example, the response message (4) is generated by rewriting the settlement terminal identification information 52 of the response message (2) to “0004”. Then, the generated response message (4) is transmitted to the corresponding settlement terminal d.

  Thereafter, the relay server 30 discards all messages related to the current message transmission / reception. In this example, the request messages (2) and (4) and the response messages (2) and (4) are all discarded.

  In the above example, when the response message (1) and the response message (2) are received, the response messages (1) to (5) for all the request messages (1) to (5) are distributed to each settlement terminal 10. The request messages (3) to (5) need not be transferred to the settlement center 20. Although it takes some time to generate the response message, in most cases, the time taken to distribute the response message (2) to the settlement terminal b in the conventional example of FIG. 7 is the entire distribution processing time, which is very short. Security information can be delivered to all requesting payment terminals 10 in time. In addition, appropriate information corresponding to the terminal can be distributed to each payment terminal 10 (for example, information encrypted in No. 1 can be distributed to the terminal 10 that holds No. 2) It is possible to distribute appropriate information (information encrypted with No. 2).

  As described above, in this method, the number of simultaneous connections between the relay server and the settlement center is limited in a system that includes a plurality of terminals, a relay server, and a center device, and the relay server relays communication between the terminal and the center device. In particular, when there is a distribution request from each terminal almost simultaneously, the entire distribution processing time can be made very short.

Example 2 will be described below.
The second embodiment is an embodiment corresponding to a case where a plurality of types of security information 23 exist according to the “attribute”. For example, when “attribute” is “model of payment terminal” as an example, security information 23 corresponding to each model exists.

The second embodiment is almost the same as the first embodiment, and only differences from the first embodiment will be described in the following description.
The second embodiment differs from the first embodiment in the generation processing of the encrypted security information 55 in the settlement center 20 and the extraction processing of “corresponding request message” in the relay server 30. Regarding the message, the payment terminal attribute codes 43 and 53 are not necessarily required in the first embodiment, but are required in the second embodiment.

FIG. 4 shows a communication sequence when security information is distributed in the second embodiment.
In the example of FIG. 4, as with the example of FIG. 2, the payment terminal 10 is shown as five payment terminals a, b, c, d, and e, and the transfer data encryption key is shown in FIG. Same grouping as the example. The “threshold value” is also the same (“2”).

In this example, as for the attribute code of each payment terminal, only the payment terminal c has attribute code = “02”, and the other payment terminals a, b, d, e have attribute code = “01”. . That is, only the payment terminal c has different attributes from the other terminals 10. The example shown in FIG. 4 corresponds to this specific example. In this example, as shown in the figure, the difference from FIG. 2 is that when the relay server 30 receives the response message (1), the response message (5) Is generated and transmitted, but the response message (3) is not generated. Since the number of simultaneous connections becomes “1” by receiving the response message (1), among the request messages stored in the queue (queue) 33, the request (the oldest) stored in the queue first. The message (3) is transferred to the settlement center 20.

Also in this example, the processing when the response message (2) is received is the same as in FIG.
When the response message (3) for the transferred request message (3) is sent from the settlement center 20, the relay server 30 transfers the response message (3) to the corresponding settlement terminal c, and the response message. Is not performed (there is no request message in the queue 33), and the distribution process as a whole is completed.

  Hereinafter, the generation processing of the encrypted security information 55 in the settlement center 20 and the extraction processing of “corresponding request message” in the relay server 30 in the second embodiment will be described.

  First, the generation process of the encrypted security information 55 is the same as that of the first embodiment regarding the selection and encryption of the transfer data encryption key. However, as described above, the security information 23 is not one type. Processing for selecting the security information 23 (to be encrypted) is added. That is, the payment center 20 selects the security information 23 corresponding to the payment terminal attribute code 43 of the received request message. In the above example, there are two types of security information 23, one corresponding to attribute code = “01” and one corresponding to attribute code = “02”. Accordingly, when the received request message is any one of the request messages (1), (2), (4), and (5), the security information 23 corresponding to the attribute code = '01 'is selected, In the case of the request message (3), the security information 23 corresponding to the attribute code = “02” is selected, and the selected security information 23 is encrypted in the same manner as in the first embodiment. That is, encryption is performed using the transfer data encryption key 24 corresponding to the transfer data encryption key No. 44 of the received request message.

  Therefore, the encrypted security information 55 in the response message (1) encrypts the security information 23 corresponding to the attribute code = “01” using the transfer data encryption key 24 corresponding to the transfer data encryption key No. = 1. It will be what you did. The encrypted security information 55 in the response message (2) encrypts the security information 23 corresponding to the attribute code = “01” using the transfer data encryption key 24 corresponding to the transfer data encryption key No. = 2. It will be. The encrypted security information 55 in the response message (3) encrypts the security information 23 corresponding to the attribute code = “02” using the transfer data encryption key 24 corresponding to the transfer data encryption key No. = 1. It will be.

  Further, in the process of extracting “corresponding request message” in the relay server 30, the settlement terminal attribute code 43 and the transfer data encryption key No. 44 are the same as the settlement terminal attribute code 53 and the transfer data encryption key No. of the received response message. The request message that is the same as 54 is extracted.

  Accordingly, in the example shown in FIG. 4, when the response message (1) is received, the settlement terminal attribute code 53 of the response message (1) is “01”, and the transfer data encryption key No. 54 is No. 1. Thus, only the request message (5) is extracted as “corresponding request message”, so that the response message (5) is generated and transmitted to the settlement terminal e.

  The request message (3) is not extracted because the transfer data encryption key No. 44 is No. 1, but the settlement terminal attribute code 53 is “02”, which does not match. The request message (4) is not extracted because the payment terminal attribute code 53 is “01” but the transfer data encryption key No. 44 is No. 2 and does not match.

  When the response message (2) is received, the settlement terminal attribute code 53 of the response message (2) is “01”, and the transfer data encryption key No. 54 is No. 2. Therefore, only the request message (4) is received. As a result, the response message (4) is generated and transmitted to the settlement terminal d.

  As described above, according to the “network system having a relay server” in the present example, the number of simultaneous connections between the relay server and the settlement center is limited, and particularly requests from a large number of settlement terminals. Even when messages (requests for distribution of some information to the settlement center) are concentrated on the relay server, a response message having an appropriate content can be transmitted for each settlement terminal earlier than the conventional configuration.

  Also, when the response message reception process is completed, all response messages (all received and generated) and all corresponding request messages are immediately deleted, so security information stays inside the relay server The time can be reduced to the minimum necessary, and the security level does not decrease even when compared with the case where the present invention is not used.

FIG. 5 shows a hardware configuration example of the relay server 30 or the like (computer).
A computer 60 shown in FIG. 5 includes a CPU 61, a memory 62, an input unit 63, an output unit 64, a storage unit 65, a recording medium drive unit 66, and a network connection unit 67, and these are connected to a bus 68. It has become.

The CPU 61 is a central processing unit that controls the entire computer 60.
The memory 62 is a memory such as a RAM that temporarily stores a program or data stored in the storage unit 65 (or the portable recording medium 69) when executing arbitrary processing. The CPU 61 executes the various processes described above using the program / data read out to the memory 62. In addition, a storage area corresponding to the queue 33 may be allocated to the memory 62.

The output unit 64 is, for example, a display, and the input unit 63 is, for example, a keyboard, a mouse, or the like, but these may be omitted.
The network connection unit 67 is a communication module for connecting to, for example, the networks 1 and 2 and performing communication (command / data transmission / reception, etc.) with other information processing apparatuses.

  The storage unit 65 is, for example, a hard disk or the like, and stores application programs for causing the CPU 61 to realize the various processing functions of the relay server 20 described above. This includes the processing of the various functional units 31 and 32, in particular, the “relevant request message extraction process” and the “response message generation process corresponding to the extracted request message” which are characteristic parts of the present technique. , An application program to be realized by the CPU 61.

The CPU 61 implements the various processes described above by reading and executing various programs stored in the storage unit 65.
Alternatively, various programs / data stored in the storage unit 65 may be stored in the portable recording medium 69. In this case, the program / data stored in the portable recording medium 69 is read by the recording medium driving unit 66. The portable recording medium 69 is, for example, an FD (flexible disk) 69a, a CD-ROM 69b, a DVD, a magneto-optical disk, or the like.

  Alternatively, the program / data may be downloaded from another device via a network connected by the network connection unit 67. Or you may download further what was memorize | stored in the other external apparatus via the internet.

  In addition, the present invention can be configured not only as a portable storage medium recording a program for realizing the various processes of the present invention on a computer, but also as the program itself.

  5 may be considered as a configuration of the settlement center 20 without being limited to the relay server 30. In this case, the storage unit 65 stores the security information 23, the transfer data encryption key 24, and the like, and further causes the CPU 61 to realize various processing functions of the security information distribution function unit 21 and the relay server communication function unit 22. An application program is stored.

  Although the configuration example of the payment terminal 10 is not particularly shown, the payment terminal 10 includes a CPU, a storage device, and a network connection unit. The storage device stores various data such as the transfer data encryption key 13 and security information. Application programs for realizing the functions of the various functional units 11 and 12 by being read and executed by the CPU are stored.

1 LAN / VPN
2 WAN
DESCRIPTION OF SYMBOLS 10 Payment terminal 11 To relay server communication function part 12 Security information acquisition function part 13 Transfer data encryption key 20 Settlement center 21 Security information distribution function part 22 To relay server communication function part 23 Security information 24 Transfer data encryption key 25 Settlement terminal management data 30 relay server 31 to payment center communication function unit 32 to payment terminal communication function unit 33 queue (queue)
40 Security information request message 41 Message type 42 Payment terminal identification information 43 Payment terminal attribute code 44 Transfer data encryption key No.
50 Response message 51 Message type 52 Settlement terminal identification information 53 Settlement terminal attribute code 54 Transfer data encryption key No.
55 Encryption Security Information 60 Computer 61 CPU
62 memory 63 input unit 64 output unit 65 storage unit 66 recording medium driving unit 67 network connection unit 68 bus 69 portable recording medium 69a FD (flexible disk)
69b CD-ROM

Claims (10)

Communication between the terminal and the center apparatus, comprising a plurality of terminals, a relay server and a center apparatus, and having a first network connecting each terminal and the relay server and a second network connecting the relay server and the center apparatus. In a network system in which a relay server relays, the number of simultaneous connections between the relay server and the center device is limited,
Each terminal has information acquisition means for delivering a response message including predetermined encryption information according to a request by the request message by transmitting a predetermined request message;
When the center apparatus receives the request message from an arbitrary terminal, the center apparatus includes an information distribution unit that generates a response message including the predetermined encryption information according to the request by the request message and returns the response message. ,
The relay server is
Each time the request message is received, if the current number of simultaneous connections is less than a predetermined limit, the received request message is transferred to the center apparatus, and the current number of simultaneous connections reaches the predetermined limit. In this case, the received request message is stored in the temporary storage means, and when the number of simultaneous connections becomes less than a predetermined limit, the request message stored in the temporary storage means is transferred to the center device. Means,
Each time the response message is received, the received response message is transferred to the corresponding terminal, and when there is one or more request messages in the temporary storage means, the received response message is sent from the temporary storage means. Acquire all request messages to which the same predetermined encryption information as the included predetermined encryption information is to be responded, and generate each response message for each acquired request message based on the received response message Response message transfer / generation means for delivering each of the generated response messages to a corresponding terminal, and
A network system having a relay server, comprising: The information distribution means of the center device generates the predetermined encrypted information by encrypting the specific information held by the own device using any of a plurality of types of encryption keys held by the own device,
Each terminal holds a decryption key corresponding to one of the plurality of types of encryption keys, and the information acquisition means transmits the request message including identification information of the decryption key held by the terminal. ,
The information distribution means of the center device selects a corresponding encryption key based on the identification information of the decryption key included in the received request message, and encrypts the specific information using the selected encryption key The predetermined encryption information is generated, and the predetermined encryption information and the identification information of the decryption key are included in the response message and returned.
The response message transfer / generation unit of the relay server receives a request message having the same identification information as the identification information of the decryption key included in the received response message from the request messages stored in the temporary storage unit. 2. The network system having a relay server according to claim 1, wherein all of the response messages are acquired, and the response messages are generated and distributed corresponding to the acquired request messages. The information distribution means of the center device uses any one of a plurality of types of encryption keys held by the own device to encrypt any of the various specific information held by the own device according to various attributes. Generate predetermined encryption information,
Each of the terminals holds a decryption key corresponding to any of the plurality of types of encryption keys, and the information acquisition unit includes the identification information of the decryption key held by the self in the request message and the attribute of the self Including the attribute code indicating
The information distribution means of the center device selects a corresponding encryption key based on the identification information of the decryption key included in the received request message, and specifies the corresponding identification using the attribute code included in the received request message. The information is selected, the predetermined encryption information is generated by encrypting the selected specific information using the selected encryption key, and the generated predetermined encryption information, the identification information, and the attribute code are Reply with a response message,
The response message transfer / generation unit of the relay server has a request having the same identification information and attribute code as the identification information and attribute code included in the received response message from among the request messages stored in the temporary storage unit. 2. The network system having a relay server according to claim 1, wherein all the messages are acquired, and the response message is generated and distributed corresponding to each of the acquired request messages.   4. The network system having a relay server according to claim 2, wherein the terminal is an IC card payment terminal, and the specific information is security information necessary for communication processing with the IC card.   The relay server, when delivering the received response message and a response message generated based on the received response message to each corresponding terminal, discards all of the response message and the corresponding request message. 5. A network system having the relay server according to any one of 4 above.   6. The network system having a relay server according to claim 1, wherein the attribute is a model of the terminal, and each terminal receives distribution of specific information corresponding to its model. Communication between the terminal and the center apparatus, comprising a plurality of terminals, a relay server and a center apparatus, and having a first network connecting each terminal and the relay server and a second network connecting the relay server and the center apparatus. A relay server in a network system in which the number of simultaneous connections between the relay server and the center device is limited,
Each time a request message from any of the terminals is received, if the current number of simultaneous connections is less than a predetermined limit, the received request message is transferred to the center device, and the current number of simultaneous connections is a predetermined limit. When the number reaches the number, the received request message is stored in the temporary storage means, and when the number of simultaneous connections becomes less than a predetermined limit number, the request message stored in the temporary storage means is stored in the center device. A request message transfer means for transferring;
Each time a response message to the transferred request message returned from the center device is received, the received response message is transferred to the corresponding terminal, and there is one or more request messages in the temporary storage means Includes acquiring all request messages to which the same predetermined encryption information as the predetermined encryption information included in the received response message is to be responded from the temporary storage means, and for each of the acquired request messages Response message transfer / generation means for generating a response message based on the received response message and delivering each of the generated response messages to a corresponding terminal;
A relay server comprising:   The response message transfer / generation means of the relay server selects all request messages having the same identification information as the identification information of the decryption key included in the received response message from the request messages stored in the temporary storage means. 8. The relay server according to claim 7, wherein the relay server obtains and generates and distributes the response message corresponding to each of the obtained request messages.   The response message transfer / generation unit of the relay server has a request message having the same identification information and attribute code as the identification information and attribute code included in the received response message, among the request messages stored in the temporary storage unit. The relay server according to claim 7, wherein all response messages are acquired, and the response message is generated and distributed in response to each of the acquired request messages. Communication between the terminal and the center apparatus, comprising a plurality of terminals, a relay server and a center apparatus, and having a first network connecting each terminal and the relay server and a second network connecting the relay server and the center apparatus. A relay server relaying the relay server computer in the network system in which the number of simultaneous connections between the relay server and the center device is limited,
Each time a request message from any of the terminals is received, if the current number of simultaneous connections is less than a predetermined limit, the received request message is transferred to the center device, and the current number of simultaneous connections is a predetermined limit. When the number reaches the number, the received request message is stored in the temporary storage means, and when the number of simultaneous connections becomes less than a predetermined limit number, the request message stored in the temporary storage means is stored in the center device. A request message transfer means for transferring;
Each time a response message to the transferred request message returned from the center device is received, the received response message is transferred to the corresponding terminal, and there is one or more request messages in the temporary storage means Includes acquiring all request messages to which the same predetermined encryption information as the predetermined encryption information included in the received response message is to be responded from the temporary storage means, and for each of the acquired request messages Response message transfer / generation means for generating a response message based on the received response message and delivering each of the generated response messages to a corresponding terminal,
Program to function as.

Images