JP2002056140A - Ticket and method and device for ticket distribution - Google Patents

Abstract

PROBLEM TO BE SOLVED: To eliminate the risk such that ticket information is stolen, copied, and illegally used when the ticket is obtained. SOLUTION: The ID of a paper piece 11 where printing technology such as a hologram and a watermark or the characteristic ID 111 of an IC telephone card is recorded is inputted to a terminal 2 and sent from the terminal 2 to a ticket issue center 3, which obtains service information from a managing means 33 with the ID or the service information sent together with it, signs or ciphers the service information and ID with secret information 321 to obtain verification information 122 and sends it to the terminal 2. Then the terminal 2 prints or electronically records the verification information 122 and service information on base paper 12 to issue a ticket 1 composed of the paper piece 11 and base paper 12. The ticket 1 is shown to a ticket examining machine 4 to read its ID 111 and pieces 121 and 122 of information, which are verified with a verification key or key 441 of a common key signal system, so that the ticket is determined to be rightful when passing the verification.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a secure and reliable system in which a user receives various services such as concerts and baseball online or purchases various tickets for using the services online or offline. The present invention relates to a ticket, a ticket distribution method, a device thereof, a method thereof, a program thereof, and a recording medium thereof.

[0002]

2. Description of the Related Art Heretofore, this type of ticket reservation has been made, for example, by telephone or the like, and the actual item has been separately obtained by mail or the like. Payment was usually made after or before acquisition by another means. On the other hand, in recent years, due to the rapid development and spread of the Internet, it has become possible to reserve and obtain such tickets online using electronic information. Specifically, when a ticket or the like is bought online, electronic information (service information) associated with the service content is sent. This is printed as a barcode or the like by a printer or the like, and this is used as a ticket. When actually using a ticket, it is common for a ticket gate to read information printed on the ticket and provide a corresponding service.

[0003]

However, in the above service, the electronic information sent to the user may be eavesdropped or secretly copied on the line by a third party. A third party may use the ticket. In such a case, double use can be detected by managing the usage status of the ticket on the center side, etc., but it is not possible to identify who is the legitimate user. A problem may occur that the user is permitted and the use is not permitted even if a legitimate user tries to use it later. Due to the above concerns, users cannot buy, sell, or transfer such tickets with confidence. That is, the distribution is greatly restricted as compared with a normal ticket.

[0004] Further, the double use management using the center as described above causes an increase in processing cost due to the concentration of processing in the center and exclusive control by transaction processing. This is particularly noticeable when the ticket gates are distributed at multiple points. In other words, in the related art, the problems are as follows. First, since it is not possible to determine the authenticity of a ticket acquired online, it is difficult to determine if the ticket user appears to have a legitimate right using the copied ticket.

As a countermeasure, there is a method of printing together with the irreversible conversion value of the password held by the user (for example, an electronic coupon system and an electronic coupon ticketing / verifying method disclosed in JP-A-11-328269). This is to ensure that only those who know the password can use the coupon, add a serial number to the coupon, and check the serial number at the time of use to prevent double use. However, this method is ineffective against password leakage. For example, in consideration of transfer of a coupon, a password must be transmitted at the time of transfer of the coupon, and password leakage may occur at that time. Also, a person who has held a coupon in the past may try to use it or transfer it to another person.
In addition, this method uses a centralized management method of serial number checking to prevent double use, so the problem of the processing cost of double use management has not been solved. . That is, this method merely replaces “electronic information” in the above-mentioned problem with “password”, and does not provide a fundamental solution to these problems.

[0006] The present invention has been made in view of the above points, and enables a user to purchase various types of tickets online without being illegally used even if the information is stolen. It is an object of the present invention to provide a ticket, a ticket distribution method, a device thereof, a method thereof, a program thereof, and a recording medium thereof which can be easily used off-line without centrally managing the invalidation of the ticket.

[0007]

SUMMARY OF THE INVENTION A ticket according to the present invention comprises a paper sheet and a backing sheet, and the paper sheet has recording medium identification information (hereinafter referred to as ID) unique to the paper sheet and is difficult to copy. On the mount, verification information generated from the ID, service information, and secret information of the issuer is recorded. The paper piece and the backing sheet may be integrated. The ID and / or the verification information may be recorded by printing so as to be readable by optical means,
The paper sheet and / or the mount may be an electronic recording medium and may be electronically recorded.

An electronic signature is added to the verification information, encrypted, or a one-way function is applied. According to the ticket distribution method according to the present invention, the ID of the difficult-to-reproduce paper sheet on which the unique ID is recorded is transmitted from the ticket issuing terminal to the ticket issuing center device, and the ticket issuing center device transmits the received ID and the service information. Then, verification information is generated from the secret information of the center device and transmitted to the ticket issuing terminal, and the ticket issuing terminal records the received verification information on a mount, and issues the mount and the piece of paper as a ticket. The ID and the verification information are acquired from the ticket presented by the ticket gate, the validity of the ID and the verification information is verified, and when the validity is confirmed, the ticket is validated.

According to the ticket verification device of the present invention, the ticket information is acquired from the ticket information recording medium (consisting of the sheet and the mount) by the ticket information acquiring means, and the ticket information recording medium is acquired by the recording medium identification information acquiring means. The ticket verification information corresponding to the generation device secret information of the device that generated the ticket information is obtained from the ticket verification information obtaining means, and the ticket verification information is obtained by the generation device authentication information obtaining means. The generating device authentication information generated from the secret information unique to the third-party device is obtained, and the generating device verification information obtaining unit obtains the generating device verification information corresponding to the third-party device secret information. A service corresponding to the content of the right to receive a service or a product in the ticket information by one verification means. Using the scan identification information, and the ID and the ticket verification information, the ticket authentication information included in the ticket information and the service identification information I
D and the generating device secret information are verified to be generated, and the second verifying unit uses the generating device authentication information and the generating device verification information to generate the generating device authentication information, It is verified that it is generated from the ticket verification information and the third-party device secret information,
The third verification unit verifies whether the generation device verification information is valid, and when all the verifications by the first verification unit, the second verification unit, and the third verification unit pass, the determination unit determines that the verification unit is valid. The ticket information is determined to be valid.

[0010]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS First Embodiment FIG. 1 shows a system configuration to which the method of the present invention is applied and a functional configuration of each device of the present invention used for the system. The ticket 1 is made up of a paper sheet 11 and a backing sheet 12, and the paper sheet 11 is a hard-to-reproduce one in which unique recording medium identification information (ID) is recorded, and is purchased or acquired by a user in advance. However, this is not always the case when tickets are sold at counters. The service information 121 and the verification information 122 sent from the ticket issuing center are recorded on the mount 12 by the ticket issuing terminal 2. Service information 121
And the verification information 122 constitute ticket information.

The paper piece 11 can be manufactured with difficulty in copying by using a printing technique such as a hologram or a watermark. Also,
It is also possible to divert valuable materials such as banknotes, stamps, income stamps, etc., without making a dedicated piece of paper 11 for carrying out the present invention. When a stamp or income stamp is used, it is necessary to print and record an ID when issuing it as a piece of paper 11, but the number attached to the bill is used as the ID. Not only paper but also an electronic recording medium on which a unique ID such as an IC telephone card is recorded can be used as the paper piece 11.

As the mount 12, normal printer paper or copy paper can be used.
The verification information 122 is recorded by printing. Verification information 12
Numeral 2 is a data string of 1 and 0, and the row of 1 and 0 may be printed so as to be optically readable or may be printed as a one-dimensional or two-dimensional bar code. The mount 12 is not limited to paper, but may be an ordinary electronic recording medium such as a flexible disk (FD) or a memory card. In this case, the service information 121 and the verification information 12
2 is recorded electronically. Here, when it is determined whether or not the provision of only one service per one ticket gate 4 is permitted, or when the ticket gate 4 holds the service information 121, the service information 121 is stored on the mount 12. No record is required. However, in the case where services having different degrees such as seats A and B are determined by the common ticket gate 4 and the ticket gate 4 does not hold the service information 121, it is necessary to record the service information 121 on the mount 12. I do. The configuration of the verification information 122 will be described later.

Here, it is also possible to adopt a configuration in which the ID-attached paper piece 11 and the mount 12 are integrated. In this case, the ticket 1 is provided with an ID, and the service information 121 and the verification information 122 sent from the ticket issuing center are recorded by the ticket issuing terminal 2 on the ID-attached board (11 + 12) which is difficult to copy. Become. Also in this case, an electronic recording medium can be used. Ticket issuing terminal 2
Is composed of a data transmitting / receiving means 21 for communicating with the ticket issuing center 3, an ID input means 22, a verification information providing means 23, a service selecting means 24, and a control means 25 mainly composed of a microcomputer for controlling the whole. Be composed.

The ID input means 22 is for inputting the ID recorded on the paper piece 11. When the ID is recorded by printing, the ID input means 22 is a keyboard or an optical character reader (OCR) or an optical character such as a bar code reader. Reading means can be used. If the paper sheet 11 is an electronic recording medium such as an IC telephone card, the ID input means 22
The corresponding reading means such as a card reader is used.
In the case of recording by printing, a normal printer can be used, and when the mount 12 is an electronic recording medium such as an FD, a corresponding recording means such as an FDD (flexible disk drive) is used. Can be ID
The ID input by the input means 22 is transmitted to the ticket issuing center device 3.

The service selecting means 24 is used by a user to select a service to be received by a ticket to be issued. For example, A for the same concert
The user selects the service of the seat, the service of the seat B, or the service of the concert or the baseball. The selected service information is transmitted to the ticket issuing center device 3 together with the ID. However, if the ticket issuing terminal 2 issues only one type of service ticket, the service selecting means 24 can be omitted. The ticket issuing center device 3 includes a data transmitting / receiving unit 31 for communicating with the ticket issuing terminal 2, a verification information generating unit 32,
Storage means 34 for storing service information 6 and service information management means 3
3 and a control means 35 mainly composed of a microcomputer that controls these to function as a device.

The verification information generating means 32 receives the ID notified from the ticket issuing terminal 2 via the data transmitting / receiving means 31.
Verification information 122 calculated from the service information acquired from the service information management unit 33 and the secret information 36.
Generate Details of a method of generating the verification information 122 will be described later. The service information management means 33 manages service information corresponding to the ticket to be issued, and stores the price of the service as required in addition to various service information. When the ticket issuing terminal 2 issues only a ticket of the determined service to the terminal, the service information is acquired from the service information management unit 33 based on which terminal 2 has received the ID. When the service is selected by the service selecting unit 24 at the ticket issuing terminal 2, the service information received from the ticket issuing terminal 2 is used as the service information from the service information managing unit 33, or the received service information is also used as the service information. It is used for obtaining service information from the management unit 33.

The ticket gate 4 has an ID input means 41, a verification information input means 42, a service information acquisition means 43, a decryption information acquisition means 44, a verification means 45, and a microcomputer which controls these to function as an apparatus. And control means 46 mainly composed of ID input means 41
, The verification information input unit 42 obtains the verification information 122 from the ticket 1. The ID input unit 41 and the verification information input unit 42 can have the same configuration as the ID input unit 22. Service information acquisition means 43
The service information 121 corresponding to the ticket to be ticketed is held or obtained from the ticket issuing center device 3 or the like, or the ticket
Read by the same method as above.

The decryption information obtaining means 44 stores the decryption information 47 corresponding to the secret information 36 or the same information as the secret information 36 in the storage unit 48, or stores the decryption information 47 from the ticket issuing center device 3 or the like. Obtain. The verification unit 45 stores the ID acquired by using the units 41, 42, and 43, the verification information 122, and the service information 121 into the unit 4
Verification is performed using the decryption information 47 obtained in step 4. Details of the verification method of the verification unit 45 will be described later. The operation of the present invention will be described in detail with reference to FIG.

(Step 1) One to a plurality of paper pieces 11
Is acquired by the user by purchasing it in advance. At this point, the ticket 11 is not associated with a ticket or service. (Step 2) The user selects an arbitrary piece of paper 11 when purchasing a ticket, and inputs the ID of the piece of paper 11 using the ID input means 22 of the ticket issuing terminal 2. If necessary, such as when there are a plurality of types of tickets that can be purchased at the ticket issuing terminal 2, the service selecting means 24
Select a ticket to be issued for the service.

(Step 3) The ticket issuing terminal 2 also notifies the ticket issuing center device 3 of the ID 111 and the ticket selection information when the ticket is selected by the selecting means 24. (Step 4) Upon receiving the ID, the ticket issuing center device 3 acquires the service information 121 corresponding to the ticket issuing terminal 2 from the service information managing means 33.
At this time, if necessary, the service information 121 is selected using the ticket selection information received at the same time.

(Step 5) Ticket issuing center device 3
Generates the verification information 122 calculated from the ID acquired in step 4, the service information 121, and the secret information 36 held by the verification information generation unit 32 by the verification information generation unit 32, and issues the verification information 122 to the ticket Terminal 2
Send to During this transmission, the verification information 122 is
In addition to this, there is no problem even if the verification information 122 is obtained by a third party by eavesdropping or the like because it has a value only when it is added. (Step 6) The ticket issuing terminal 2 checks the verification information 122
Is received, the verification information 122 is recorded on the mount 12 by the verification information providing means 22. At this time, if necessary, the service information 121 is also recorded on the mount 12.
The ticket 1 is issued by the combination of the backing sheet 12 and the piece of paper 11 after the recording. After the recording,
By sticking the paper strip 11 on the recorded backing paper 12, the paper strip 11 can be prevented from being lost.

(Step 7) When the user exercises the ticket 1, the user uses the ticket 11 which is a component of the ticket 1.
And the mount 12 are presented to the ticket gate 4. (Step 8) The ticket gate 4 reads the ID of the ticket 11 by the ID input means 41 and the verification information 122 recorded on the mount 12 by the verification information input means 42 from the ticket 1. (Step 9) The ticket gate 4 is a service information acquisition unit 43
Information 121 corresponding to the ticket whose ticket is to be changed
To get. This is performed by being held in advance by the service information acquisition unit 43, or obtained from the ticket issuing center device 3 or the like, or read from the ticket 1.

(Step 10) The ticket gate 4 acquires the information corresponding to the secret information 36 or the decryption information 47 which is the same as the secret information 36 by the decryption information acquisition means 44. This is held in advance by the decryption information acquisition means 44. Alternatively, it is obtained by obtaining it from the ticket issuing center device 3 or the like. When the decryption information 47 is different from the secret information 36, such as when using an electronic signature described later, the decryption information 47 can be obtained from the ticket 1, but in that case, the validity of the decryption information 47 is verified. Steps are required. This verification can be easily realized by matching the fingerprint of the public key, which is the decryption information 47 (a value obtained by applying a one-way hash function to the public key), or the like.

(Step 11) The ticket gate 4 verifies the ID, the verification information 122 and the service information 121 by the verification means 45 using the decryption information 47. (Step 12) If the above verification is successful, the ticket gate 4 regards the ticket 1 as valid and permits provision of a service corresponding to the service information 121. (Step 13) If necessary, the ticket gate 4 invalidates the paper sheet 11 by collecting the paper sheet 11, stamping a postmark, or invalidating the recorded ID in the case of an electronic recording medium. I do.

Next, the method of generating verification information in step 5 and the verification method in step 11 will be described. The symbols used in the description described below are as follows. ID ... recording medium identification information ID m ... service information 121 G ... verification information 122 SkI, PkI ... signature key (in the electronic signature system), verification key Si ... secret key (in the shared key encryption system) S ... passphrase x: = y ... substitution of y into x x = y ... comparison of x with y x‖y ... concatenation of x and y SkI (x) ... signature by SkI on x PkI (x, y) ... by PkI of x, y Verification.

PkI (x, y) = true (if y = SkI (x)) PkI (x, y) = false (other than the above) Si (x). Si (Si (x)) = x (decryption) H (x)... Hash value by a one-way hash function (such as SHA-1) below. (1) When using a digital signature, (2) The case of using the shared key cryptosystem and the case of using (3) the one-way hash function will be described. (1) When using an electronic signature: The signature key SkI is used as the secret information 36, and the verification key PkI is used as the decryption information 47, and generation and verification are performed by the following equations.

Generation: G: = SkI (ID @ m) Verification: PkI (ID @ m, G) = true (2) When using a shared key cryptosystem: secret key Si as secret information 36 and decryption information 47 Generate and verify by the following formula. Generation: G: = Si (ID @ m) Verification: Si (G) = ID @ m (3) When using a one-way hash function: using a passphrase S as the secret information 36 and the decryption information 47,
Generation and verification are performed by the following equations.

Generation: G: = H (ID @ m @ S) Verification: G = H (ID @ m @ S) Next, a settlement method for the purchase of ticket 1 will be briefly described. In the case where the purchase amount of the ticket 11 is a fixed value and the prepayment is made, for example, in the case where the ticket issuing center device 3 is able to acquire the service information from the service information management unit 33 from the received ID or the ticket information received at the same time in the step 4 In other words, if the ticket for the service has not been sold out, the ticket issuing center device 3 receives the payment for the ticket from the user. At this time, the user may pay the remaining amount obtained by subtracting the purchase cost of the paper piece 11 from the price. In this payment method, for example, the information of the user's credit card is encrypted and transmitted from the ticket issuing terminal 2 to the ticket issuing center device 3 so that the ticket issuing center device 3 performs a settlement process based on the information. After confirming that this settlement processing is possible, the ticket issuing center device 3 executes
Execute

When the ticket price is postpaid, that is, when the ticket 1 is a reservation ticket, if the ticket gate 4 recognizes that the ticket 1 is valid in the step 12, the ticket gate 4 pays the service price. Is prompted by, for example, a display or an artificially synthesized voice, and the user
After checking that the price is correct, the ticket gate 4 permits the provision of the service. That is, the payment is made when the service is provided. Also in this case, the price may be a value obtained by subtracting the selling price of the paper piece 11.

Next, the paper strip 11 can be sold at a price corresponding to the service price. For example, a piece of paper 11
The price is uniquely determined from the ID recorded in. For example, if the end of the ID is "1", 100 yen,
In the case of "2", it is 500 yen or the like. Further, the service information management means 33 of the ticket issuing center device 3 is provided with a table for associating the service information 121 with the service price. In this case, each I associated with the price of each service in the above step 1
It is assumed that a piece of paper 11 on which D is recorded is distributed.
In step 1, the user selects and purchases a piece of paper 11 at a price corresponding to the price of the service to be provided. In other words, if the price of the selected service is 500 yen, the ID of the purchased ticket 11 with the end of the ID “2” is selected.

In step 4, the ticket issuing center device 3 acquires the service price from the service information management means 33 in addition to the service information 121, and
In, verify whether the price determined from the received ID and the service price are consistent, that is, if the service price is 500 yen, verify that the end of the ID 111 is "2", and if it passes, Generation of verification information 122,
Send. In the above, the ticket issuing center device 3
May be provided integrally with the ticket issuing terminal 2. Second Embodiment Next, a secure ticket which retains the features of the present invention described above and which prevents a user from taking online various types of tickets online or offline and preventing unauthorized use by malicious users. Enables distribution, transfer, and purchase, transfer, and use of tickets issued by an unspecified number of ticket issuers.Even users who cannot use special equipment or servers can easily purchase tickets. Alternatively, a ticket distribution method that can be transferred and used and an apparatus for realizing the method will be described. (Ticket Verification Apparatus) First, an embodiment of a ticket verification apparatus according to the present invention, which can be commonly used for apparatuses for issuing, transferring, and using tickets in this case, will be described with reference to FIG.

The ticket verifying apparatus 100 according to the present invention is information indicating a right to receive a service or a product recorded on a ticket, and is a device for verifying the validity of the ticket information. Here, the ticket information includes service identification information that is information corresponding to the content of the right of the service, etc.,
This is information calculated from the above three pieces of information including the recording medium identification information ID for identifying the ticket information recording medium on which the ticket information is recorded, and the generating device secret information, which is secret information unique to each device that generates the ticket information. This is information including ticket authentication information and further including the service identification information. The service identification information and the ticket authentication information are the service information 121 and the verification information 122 in the first embodiment.
Respectively.

The ticket verification device 100 includes a ticket information obtaining unit 111 and a recording medium identification information obtaining unit 112.
, Ticket verification information acquisition unit 113, generation device authentication information acquisition unit 114, and generation device verification information acquisition unit 11
5, the first verification means 116, and the second verification means 117
, A third verification unit 118, and a determination unit 120. The ticket information acquisition means 111
0, the recording medium identification information acquiring means 112 acquires the recording medium identification information ID from the ticket information recording medium, and the ticket verification information acquiring means 113 acquires the ticket information. This is a means for acquiring ticket verification information corresponding to the generating apparatus secret information of the apparatus which has generated the ticket information acquired by the acquiring means 111.
Numeral 4 is a unit for acquiring the generator authentication information calculated from the ticket verification information and the secret information of the third party device, which is secret information unique to a certain third party device. This is means for acquiring the generation device verification information corresponding to the third party device secret information.

The ticket authentication information is, for example, an electronic signature by the sender of the ticket information, the ticket verification information is for verifying the validity of the ticket authentication information, and the generator authentication information is, for example, the identification of the sender of the ticket information. A public key certificate (a sender's public key and a signature by a third party, etc.), and the generator verification information is for verifying the validity of the generator authentication information, and is, for example, a third party's public key. .
The first verification unit 116 determines whether the ticket authentication information included in the ticket information acquired by the ticket information acquisition unit 111 includes service identification information included in the ticket information,
The service identification information indicates that the information is calculated from the recording medium identification information ID acquired by the recording medium identification information acquisition unit 112 and the generating device secret information corresponding to the ticket verification information acquired by the ticket verification information acquisition unit 113. , ID, and ticket verification information.

The second verification means 117 obtains the generator authentication information obtained by the generator authentication information obtaining means 114 and the ticket verification information obtained by the ticket verification information obtaining means 113 and the generator verification information obtained by the generator verification information obtaining means 115. It verifies that the information is calculated from the third-party device secret information corresponding to the generating device verification information using the generating device authentication information and the generating device verification information. Third verification means 1
18 verifies that the generator verification information acquired by the generator verification information acquirer 115 is valid.

The judging means 120 is a means for finally judging the validity of the ticket information, and includes a verification by the first verification means 116, a verification by the second verification means 117, and a verification by the third verification means 118. Are all passed, it is determined that the ticket information is valid. The ticket verification information corresponds to the decryption information 47 in the first embodiment. The ticket verification device 100 verifies the validity of the ticket information by operating the above functional components. That is, the ticket authentication information is, for example, a correct electronic signature for the service identification information, and the creator (ticket information sender) of the ticket authentication information is a trusted third party (a third party specified by the generation device verification information). )
Is verified (received by the generating device authentication information).

The details of the operation of the ticket verification device according to the present invention will be described below based on a specific example. (System Configuration of Second Embodiment) FIG. 4 shows a system configuration to which the method of the second embodiment is applied, and FIGS. In the second embodiment, a ticket, which is electronic information representing the right to receive a service or a product, is transferred from a certain user A to a certain user B. Take the case of using a ticket as an example. Note that the users A and B may be the same person. For example, this corresponds to the case where the user A has a plurality of means for holding and storing tickets, and moves or transfers between them.

The system of the second embodiment verifies the ticket information recording medium 200 owned by the user B, the user device 300 owned by the user A, and the ticket information 326 transmitted from the user device 300. And a terminal device 400 used by the user B to perform recording on the ticket information recording medium 200 and the ticket information recording medium 20 by the user.
When 0 is presented, ticket information 3 recorded there
26, and when it is determined that the ticket is valid, the ticket inspection apparatus 500 provides a corresponding service. (Detailed Description of System Components of Second Embodiment) Hereinafter, each component of the system will be described in detail. (Ticket Information Recording Medium 200) In the ticket information recording medium 200 owned by the user B, the recording medium identification information ID 201, which is information for identifying the medium 200, is recorded so that it is readable and difficult to change. It is a medium on which other information can be recorded and read, and which is difficult to forge or duplicate, and that the user B purchases or acquires it in advance. However, this does not apply when the ticket is transferred face-to-face. For example, the user A owns the ticket information recording medium 200 and the user device 300, and transfers the ticket stored in the user device 300 to the ticket information recording medium 200. Is handed to the user B as it is.

Such a ticket information recording medium 200 is composed of the paper sheet 11 and the backing sheet 12 in the first embodiment, and can take various forms as described above.
An electronic or magnetic recording device having an access control mechanism, such as an IC card or a SIM (subscriber authentication module), includes information such as a user ID and a signature key for personal authentication. Is recorded in an area that can be recorded, changed, or deleted only by an administrator with special authority, and the user ID and key information can be regarded as device identification information. This recording medium can be used as the ticket information recording medium 200.

In the second embodiment, the ticket information 326 transmitted by the user device 300 is stored in the ticket information recording medium 200 together with the ticket verification information 321, the generation device authentication information 322, and the generation device verification information 323. Recorded by device 400. However, ticket gate 5
00 is the ticket verification information 321, the generation device authentication information 3
22, information such as the generation device verification information 323 is stored in advance in the ticket information recording medium 20.
There is no need to record at 0. Information such as the ticket information 326, the ticket verification information 321, the generation device authentication device 322, and the generation device verification information 323 is usually a data string composed of a sequence of 1s and 0s. If a medium such as a piece of paper is used as the ticket information recording medium 200, the ticket information 326
Is recorded by printing with a printer or the like. At the time of printing, the data string is printed as it is as a character or as a one-dimensional or two-dimensional barcode. However, the printing format is not limited to these.

Further, the ticket information recording medium 200 stores
When using an electronic or magnetic medium such as a memory card with D, information such as the ticket information 326 is recorded on the medium 200 electronically or magnetically. When the above-described IC card or SIM in which key information such as a user ID and a public key certificate is recorded is used as the ticket information recording medium 200, the ticket information 32
Information such as 6 is usually recorded in an area where a general user can record, delete, and read. The details of the method of configuring the ticket information 326, the ticket verification information 321, the generator authentication information 322, and the generator verification information 323 will be described later. (User Device 300) The user device 300 is a device for storing tickets owned by the user A, generates ticket information 326, and transmits it to the terminal device 400, such as an IC card or SIM. It can be realized by a method such as mounting on a device or configuring on a server properly operated by a trusted third party.

As shown in FIG. 5, the user device 300 includes a recording medium identification information acquiring unit (ID acquiring unit) 301, a generating device secret information holding unit 302, and an information holding unit 303.
Service identification information holding means 304, ticket information generation means 305, service identification information deletion means 306
, A data transmitting / receiving unit 307, a control unit 308, a specifying unit 309, an authentication unit 310, and a storage unit 311. The ID acquisition means 301 is a terminal device 40
0 to the recording medium identification information ID 20
1 is a means for acquiring “1”.

The generating device secret information holding means 302 is a storage means for securely holding the generating device secret information 320, which is secret information unique to the user device 300. To prevent leakage, the generating device secret information 320 may be encrypted and stored. The information holding unit 303 is a storage unit that holds the ticket verification information 321, the generation device authentication information 322, and the generation device verification information 323. The ticket verification information 321 is information corresponding to the generation device secret information 320, and the generation device authentication information 322 is the ticket verification information 321.
And the third-party device confidential information of the confidential information of the certification authority of the user device 300, and the generation device verification information 323 is information corresponding to the third-party device confidential information. Details of a method of configuring these information will be described later.

The service identification information holding means 304 is a storage means for holding the service identification information 324. The service identification information 324 is information for identifying the service represented by the ticket, and has the contents of the service and the service providing entity or the ticket issuing entity to which the authority to issue a ticket corresponding to the service has been delegated from the service providing entity. This corresponds to the ticket verification information for the generation device secret information unique to each ticket information generation device. Details of a method of configuring the service identification information 324 will be described later.

The ticket information generating means 305 calculates the ticket authentication information 3 by performing an operation using the service identification information 324, the recording medium identification information 201, and the generator secret information 320.
This is means for generating the ticket information 326 by combining the service identification information 325 with the service identification information 324. The details of the configuration and generation method of the service identification information 324, the ticket authentication information 325, and the ticket information 326 will be described later.
The service identification information deleting unit 306 is configured to delete the ticket information 32
6 is a means for deleting the service identification information 324 used to generate the ID No. 6 from the service identification information holding means 304. As a method for securely deleting the service identification information 324 while preventing unauthorized duplication, the user apparatus 300 may be configured by an apparatus having an access control mechanism such as an IC card or a SIM, or may be a reliable third party. It is possible to adopt a method of installing on a server operated properly by three parties.

The data transmitting / receiving means 307 is a communication means for transmitting / receiving data to / from another device, and the control means 308 is a control device mainly composed of a microcomputer for controlling the whole. Identification means 309 and authentication means 31
0 and the storage means 311 have no effect at the time of transfer of a ticket in this embodiment, and are not essential elements for implementing the present invention. These means are provided by the user device 30
0 to prevent the service identification information 324 from being illegally copied,
This is the means necessary to securely store the original data while ensuring it.

Details of a method for securely storing the service identification information 324 in the user device 300 using the specifying means 309, the authentication means 310, and the storage means 311 will be described later in this embodiment. (Terminal Device 400) The terminal device 400 is the user device 30
This is an apparatus used by the user B to verify the ticket information 326 transmitted from 0 and record it on the ticket information recording medium 200, and is configured based on the ticket verification apparatus according to the present invention.

As shown in FIG. 6, the terminal device 400 includes a recording medium identification information acquisition unit (ID acquisition unit) 401, a service selection unit 402, and a ticket information acquisition unit 403.
, Ticket verification information acquisition unit 404, generation device authentication information acquisition unit 405, and generation device verification information acquisition unit 40
6, first verification means 407, and second verification means 408
A third verification unit 409, a determination unit 400, a ticket information recording unit 410, and a data transmission / reception unit 411.
And control means 412. The ID acquiring unit 401 is a unit that acquires the recording medium identification information ID 201 from the ticket information recording medium 200, and is similar to the ID input unit 22 in the first embodiment.

The service selecting means 402 is a user
When a plurality of tickets are held at 00, this is a means for selecting a ticket to be transferred. However, this can be omitted when the user A who is the transferor determines the ticket to be transferred, or when there is only one ticket or quantity of the user device 300 and there is no room for selection. As a selection method, a method is possible in which a list of tickets held in the user device 300 is transmitted in advance, the list is displayed on a screen, and a selection is made from the list.

The ticket information obtaining means 403 obtains ticket information 326 from information transmitted from the user device 300.
Is a means for obtaining Ticket verification information acquisition means 40
4. The generating device authentication information obtaining unit 405 and the generating device verification information obtaining unit 406 respectively provide the ticket verification information 32
1, generator authentication information 322, generator verification information 323
Is obtained from the information transmitted from the user device 300 or is stored in the own device. The ticket verification information 321, the generation device authentication information 322, and the generation device verification information 323 are managed by a server device or the like operated by a trusted third party. If the device verification information can be obtained, the device verification information may be obtained from the server device.

The first verification unit 407 determines whether the ticket authentication information 325 included in the ticket information 326 acquired by the ticket information acquisition unit 403 is the same as the service identification information 324 included in the ticket information 326 and the ID acquisition unit 40.
It is verified that the information is information calculated from the recording medium identification information ID 201 obtained in step 1 and the generating device secret information corresponding to the ticket verification information 321 obtained by the ticket verification information obtaining unit 404. The details of this verification method will be described later. The second verification unit 408 obtains the generation device authentication information 322 obtained by the generation device authentication information obtaining unit 405 and the ticket verification information 321 obtained by the ticket verification information obtaining unit 404 and the generation device verification information obtaining unit 406. It verifies that the information is calculated from the third-party device secret information corresponding to the generation device verification information 323. The details of this verification method will be described later.

The third verification unit 409 generates the generator verification information 32 obtained by the generator verification information obtaining unit 406.
3 is a means for verifying whether or not 3 is effective. The third verification unit 409 holds a list of valid generation device verification information in the third verification unit 409 in advance, and compares the information with the acquired generation device verification information 323, or This can be easily realized by a method such as making an inquiry about the validity of the generating device verification information 323 using a secure communication channel to a reliable server device that manages the validity of the verification information 323.

The judging means 420 is a means for finally judging whether the ticket information 326 is valid. The judging means 420 is the same as the judging means 120 in FIG. Verification means 408, third verification means 4
09 is a device that performs a logical operation on a boolean value as a result of verification by each of the devices 09, and can be easily realized. First verification means 407, second verification means 408, third verification means 40
Reference numeral 9 corresponds to the first verification unit 116, the second verification unit 117, and the third verification unit 118 in FIG.

The ticket information recording means 410 stores the ticket information 32 determined to be valid by the determination means 400.
6 is the ticket verification information 321, the generation device authentication information 32
2. A means for recording in the ticket information recording medium 200 together with the generation device verification information 323 and the like. However, ticket gate 5
00 is the ticket verification information 321 and the generation device authentication information 32
2. When information such as the generation device verification information 323 is stored in advance, the information is stored in the ticket information recording medium 2.
There is no need to record at 00. The ticket information 326, the ticket verification information 321, the generation device authentication information 322, and the generation device verification information 323 are usually data strings having a sequence of 1 and 0. When the ticket information recording medium 200 is formed of a recording medium such as a piece of paper, a printing device such as a printer is used.
It can be used as the ticket information recording means 410.
At the time of printing, the data string is printed as it is as a character or as a one-dimensional or two-dimensional barcode. However, the printing format is not limited to these. When the ticket information recording medium 200 is an electronic recording medium such as a memory card with an ID, a writing device for the electronic recording medium can be used as the ticket information recording means 410.

The data transmitting / receiving means 411 is a communication means for transmitting / receiving data to / from another device, and the control means 412 is a control device mainly composed of a microcomputer for controlling the whole. (Ticket inspection apparatus 500) The ticket inspection apparatus 500 includes a ticket information recording medium 200 and ticket information 326 recorded therein.
Is a device that provides a corresponding service or permits the provision of a corresponding service when it is determined to be valid, and is configured based on the ticket verification device according to the present invention.

As shown in FIG. 7, the ticket checking apparatus 500 includes a data reading means 501 and a verified ticket information holding means 502.
And recording medium identification information acquisition means (ID acquisition means) 503
, Ticket information obtaining means 504, ticket verification information obtaining means 505, and generating device authentication information obtaining means 506.
Generation device verification information acquisition unit 507, first verification unit 508, second verification unit 509, third verification unit 510, fourth verification unit 511, and fifth verification unit 5
12, a determination unit 500, a verified ticket information adding unit 513, a ticket information deleting unit 514, a service providing unit 515, and a control unit 516.

The data reading means 501 is means for reading information such as the ticket information 326 recorded on the ticket information recording medium 200 from the ticket information recording medium 200. Is done. The verified ticket information holding unit 502 is a unit used to prevent unauthorized repeated use of ticket information. For ticket information that has been verified by the ticket gate 500, verified ticket information corresponding to the ticket information Storage means for storing a plurality of 520. As a configuration method of the verified ticket information 520, the verified ticket information itself or the SHA-1
It is possible to use one to which a one-way hash function such as MD5 or MD5 is applied.

The ID acquiring means 503 is means for acquiring the ID 201 from the ticket information recording medium 200, and includes the data reading means 501, the recording medium identification information acquiring means 401 of the terminal device 400, and the ID input means in the first embodiment. This can be realized by a method similar to that of 41. Further, it is of course possible to realize the same by means common to the data reading means 501. The ticket information obtaining means 504 converts the ticket information 3 from the data read from the ticket information recording medium 200.
26.

The ticket verification information acquiring unit 505, the generating device authentication information obtaining unit 506, and the generating device verification information obtaining unit 507 store the ticket verification information 321, the generating device authentication information 322, and the generating device verification information 323, respectively. This is a means for acquiring from the data read from the medium 200 or holding it in its own means. The ticket verification information 321, the generation device authentication information 322, and the generation device verification information 323 are managed by a server device or the like operated by a trusted third party, and the ticket verification information 321, the generation device authentication information 322, the generation device verification information If it is possible to acquire 323, for example, it may be configured to acquire from the server device.

The first verification means 508 and the second verification means 509 are respectively provided by the first verification means 40 of the terminal device 400.
Verification means equivalent to the seventh and second verification means 408.
Details of the verification method will be described later. Third verification means 5
Reference numeral 10 denotes a verification unit equivalent to the third verification unit 409 of the terminal device 400. As a realization method, valid generation device verification information or a list thereof is stored in advance.
Or a method of obtaining such information from a reliable server device that accumulates and manages such information using a secure communication path.

The fourth verification means 511 outputs the ticket information 3
26 is a means for verifying that the creator of the ticket is the same as the issuer of the ticket corresponding to the ticket information 326, and the ticket verification information 321 obtained by the ticket verification information obtaining means 505 is obtained by the ticket information obtaining means 504. It is verified whether it is the same as the ticket verification information of the ticket issuer corresponding to the service identification information 324 included in the ticket information 326, and if the information is the same, it is determined to pass. Details of the verification method will be described later. That is, it is premised that the service identification information 324 includes information on who is the issuer of the ticket.

The fifth verification means 512 is a means for performing verification for preventing unauthorized repeated use of the ticket. The fifth verification means 512 stores the ticket information 326 obtained by the ticket information obtaining means 504 in the verified ticket information holding means 502. This is a means for checking whether there is any corresponding verified ticket information, and passing the verification of the ticket information 326 only if there is no corresponding verified ticket information. The determination means 520 is a means for finally determining whether the ticket information 326 is valid. Both the verification by the first verification means 508 and the verification by the fifth verification means 512 are passed, and the second If both of the verification by the verification unit 509 and the third verification unit 509 or the verification by the fourth verification unit 510 are passed,
The ticket information 326 is determined to be valid. The determination unit 520 is a device that performs a logical operation on the truth value of the verification result by each verification unit, and can be easily realized.

The verified ticket information adding means 513 is a means for adding verified ticket information corresponding to the ticket information determined to be valid by the determining means 520 to the verified ticket information holding means 502. The ticket information deleting unit 514 stores the ticket information 326 determined to be valid by the determining unit 520 in the ticket information recording medium 2.
This is a means for deleting from 00. Ticket information recording medium 2
In the case where 00 is composed of a recording medium such as a piece of paper, a printing device such as a printer is used to further print the ticket information 326 so that the ticket information 326 cannot be read, or to postmark a stamp or the like, Alternatively, a means for taking in the ticket information recording medium 200 into the ticket checking apparatus 500 and collecting the ticket information can be used as the ticket information deleting means 514. When an operator is attached to the ticket gate device 500, the operator can collect the ticket information recording medium 200,
Alternatively, a unit that emits a signal prompting crushing may be used. When the ticket information recording medium 200 is constituted by an electronic recording medium such as a memory card with an ID, a corresponding writing device for the electronic recording medium is used as the ticket information deleting means 514, and the ticket information 326 is used.
Can be deleted electronically.

The service providing means 515 includes
This is a means for providing a service corresponding to the ticket information 326 determined to be valid by 0. If the service is directly provided by a device or a machine such as a vending machine, such a service providing device can be used as the service providing unit 515. If the service is provided by hand, a device that emits a voice or informs the service provider of permission to provide the service by displaying a screen or the like is used as the service providing unit 515. Can do things. When the ticket is a ticket for transportation or an entrance ticket for a concert hall, a ticket gate that automatically opens and closes according to the determination result of the determination unit 520 can be used as the service providing unit 515.

The control means 516 is a control device mainly composed of a microcomputer for controlling the whole. (Explanation of Operation in Second Embodiment) Hereinafter, the operation of the second embodiment of the present invention will be described in detail with reference to FIGS. (Step 01) The user B acquires one or more ticket information recording media 200 by purchasing it in advance. At this point, the ticket information recording medium 200
Is not associated with a ticket or service. (Step 02) When the user B has the ticket transferred, the user B selects an arbitrary ticket information recording medium 200,
The recording medium identification information ID 201 is
It is read and input by the D acquisition means 401. If there is a need for a plurality of transferable tickets, the service selection unit 402 is used to select a ticket to be transferred. (Step 03) The terminal device 400 is the user device 300
The recording medium identification information ID2 acquired in step 02
01 is notified. When a ticket is selected using the service selection unit 402, the result of the selection is also notified. (Step 04) Upon receiving the ID 201, the user device 300 acquires the service identification information 324 from the service identification information holding unit 304. If necessary at this time,
Using the ticket selection result received from the terminal device 400, the service identification information 324 is determined and obtained. (Step 05) The user device 300 uses the ticket information generation unit 305 to acquire the ID 20 acquired in step 04.
1 and the service identification information 324 obtained in step 04
The ticket authentication information 325 is generated by an operation using the generated device secret information 320 held in the generated device secret information holding unit 302, and the ticket identification information 324 is generated by combining this with the service identification information 324. (Step 06) The user device 300 deletes the service identification information 324 used when generating the ticket information 326 in Step 05 from the service identification information holding unit 304 by the service identification information deletion unit 306.

As a result, the user A can use the user device 300
, The ownership of the ticket corresponding to the service identification information 324 is lost. (Step 07) The user device 300 transmits the ticket information 326 generated in Step 05 to the terminal device 400. If necessary, the ticket verification information 321 stored in the information storage unit 303, the generation device authentication information 32
2. The terminal device 400 also includes the generation device verification information 323.
Send to At this time, the transmitted ticket information 326
Becomes valuable as a ticket only when combined with the corresponding ticket information recording medium 200, so that there is no problem if it is obtained by a third party during communication. Also, the ticket verification information 321, the generation device authentication information 322, and the generation device verification information 323 are information used for verification of the ticket information 326, and can be configured as information that can be obtained by a third party without any problem. . (Step 08) The terminal device 400 connects to the user device 300
When the ticket information 326 is received from the server, the corresponding ticket verification information 321, the generation device authentication information 322, and the generation device verification information 323 are respectively transmitted to the ticket verification information obtaining unit 404, the generation device authentication information obtaining unit 405, and the generation device verification information obtainment. Acquired by the means 406. Acquisition of such information is performed by holding it by each means, or by acquiring it from data transmitted together with the ticket information 326. (Step 09) The terminal device 400 checks the ticket information 32
6, the ticket verification information 321, the ticket information 326 obtained in step 08, and the I
The verification is performed by the first verification unit 407 using D201. (Step 10) The terminal device 400 verifies the ticket verification information 321 by the second verification unit 408 using the generation device authentication information 322 and the generation device verification information 323. (Step 11) The terminal device 400 verifies the validity of the generation device verification information 323 by the third verification unit 409. (Step 12) The terminal device 400 checks the first verification unit 4
07, the second verification means 408, and the third verification means 40
The validity of the ticket information 326 is determined by the determining means 420 based on the verification result of No. 9. The determination means 420
If all the verification results by the first verification unit 407, the second verification unit 408, and the third verification unit 409 are passed, the ticket information 326 is determined to be valid.

If the determination means 420 determines that the information is rejected, the processing is abnormally terminated, or an exceptional process such as retransmitting the ticket information 326 to the user device 300 is performed. The details are omitted. (Step 13) If it is determined in step 12 that the ticket information 326 is valid, the terminal device 400 records the ticket information 326 on the ticket information recording medium 200 by the ticket information recording unit 410.

The ticket information 326 has a value as a ticket for the first time when it is combined with the ticket information recording medium 200, and the ticket is transferred to the user B. (Step 14) The user B presents the ticket information recording medium 200 to the ticket gate device 500 when exercising the ticket acquired as described above. (Step 15) The ticket gate apparatus 500 acquires the ID 201 by the ID acquisition unit 503 and the ticket information 326 by the ticket information acquisition unit 504 from the presented ticket information recording medium 200. (Step 16) The ticket gate 500 checks the ticket information 32
The ticket verification information 321, the generation device authentication information 322, and the generation device verification information 323 corresponding to No. 6 are obtained by the ticket verification information obtaining unit 505, the generation device authentication information obtaining unit 506, and the generation device verification information obtaining unit 507, respectively. Acquisition of this information is held by each means,
Alternatively, it is performed by acquiring from the data read from the ticket information recording medium 200 together with the ticket information 326 or the like. (Step 17) The ticket gate 500 checks the ticket information 32
6's validity, that is, it is not illegal repeated use,
The verification is performed by the fifth verification means 512. (Step 18) The ticket gate 500 checks the ticket information 32
6 is verified by the first verification unit 508 using the ID 201, the ticket verification information 321 and the ticket information 326. (Step 19) The ticket gate 500 checks the ticket information 32
6 is verified by the fourth verification unit 511 using the ticket verification information 321. (Step 20) The ticket checking apparatus 500 verifies the ticket verification information 321 by the second verification unit 509 using the generation apparatus authentication information 322 and the generation apparatus verification information 323. (Step 21) The ticket checking apparatus 500 verifies the validity of the generating apparatus verification information 323 by the third verification unit 510. (Step 22) The ticket checking apparatus 500 checks the first verification means 5
08, the second verification means 509, and the third verification means 51
0, fourth verification means 511, and fifth verification means 512
Based on the verification result, the validity of the ticket information 326 is determined by the determining unit 520. The determination unit 520 determines that the verification results of the first verification unit 508 and the fifth verification unit 512 are both passed, and that the verification results of the second verification unit 509 and the third verification unit 510 are both Or
If the verification result of the fourth verification means 511 is passed,
It is determined that the ticket information 326 is valid.

The result of the pass / fail judgment by the judging means 520 includes a true / false value R1 which becomes true only when the verification result of the first verifying means 508 is passed, The truth value R2 of the verification result, the truth value R3 of the verification result of the third verification means 510, the fourth verification means 5
Using the truth value R4 of the eleventh verification result and the truth value R5 of the verification result of the fifth verification means 512, the following expression can be used. However, it is assumed that the determination unit 520 determines that the ticket information 326 is valid when the truth value R is true.

R = R 1 ∩ ｛(R 2 ∩R 3) ∪R 4｝ ∩R 5 (Step 23) If the ticket information 326 is determined to be valid in Step 22, the ticket information 326 Is added to the verified ticket information holding unit 502 by the verified ticket information adding unit 513. (Step 24) If the ticket information 326 is determined to be valid in step 22, the ticket information delete unit 514 may use the ticket information recorded on the ticket information recording medium 200 by the ticket information deleting unit 514, if necessary. 326 is deleted, or the ticket information recording medium 200 is collected. (Step 25) When the ticket information 326 is determined to be valid in the step 22, the ticket gate apparatus 500 provides the service corresponding to the ticket information 326 by the service providing unit 515, or provides the service corresponding to the ticket information 326. For example, it issues a signal to authorize provision. (Details of Information Configuration Method and Verification Method in Second Embodiment) Next, ticket verification information 321, generator authentication information 322, generator verification information 323, service identification information 3
24, a method for generating the ticket authentication information 325 and the ticket information 326 by the ticket information generating means 305 in step 05, a verification method by the first verification means 407 and 508 in steps 09 and 18, and a step 10 The verification method by the second verification means 408 and 509 in step 20 and the verification method by the fourth verification means 511 in step 19 will be described.

Here, as a typical realization method, NT
E-Sign signature method by T, RSA by RSA
An implementation method using a digital signature scheme such as a signature scheme will be described. The symbols used in the description are as follows. · M-ID: recording medium identification information ID 201 · Vd-t: ticket verification information 321 · Cd-g: generation device authentication information 322 · Vd-g: generation device verification information 323 · S: indicated by service identification information 324 Content of service S-ID service identification information 324 Cd-t ticket authentication information 325 T ticket information 326 Sk-I, Pk-I signature key S in digital signature system
kI and its corresponding verification key Pk-I Sk-T, Pk-T... signature key Sk-T and its corresponding verification key Pk-T .Sk-U, Pk-U. Verification key Pk-U corresponding thereto. X‖y ... Concatenation of x and y. X = y ... Comparison of x and y. X: = y ... Substitution of y for x. H (x) ... x in one direction. Hash value by a characteristic hash function (such as SHA-1) Sk-I (x) ... Sign by Sk-I for x Pk-I (x, y) ... Signature verification of x, y by Pk-I -Pk- I (x, y) = true (if y = Sk-I (x))-Pk-I (x, y) = false (other than the above) Sk-T (x) ... Sk-T for x Pk-T (x, y) ... Signature verification of x, y by Pk-T-Pk-T (x, y) = true (if y = Sk-T (x))-Pk T (x, y) = false (other than the above) Pk-U (x, y) ... signature verification of x, y by Pk-U -Pk-U (x, y) = true (y = Sk- In the case of U (x)) − Pk−U (x, y) = false (other than the above) First, Sk-I is generated as secret device generation information unique to the ticket information generation device used by the issuer of the ticket. Pk-I can be used as ticket verification information for that. In this case, the service identification information 324, which is information corresponding to the content of the service and the issuer of the ticket, can be configured as a result of the following operation.

S-ID: = H (S) ‖H (Pk-I) Also, Sk-U is generated as the generating device secret information 320 of the user device 300, and the corresponding ticket verification information 321
Can be used as Pk-U. In other words, the user device 300 also serves as a ticket issuing entity, and Pk-
I = Pk-U. Vd-t: = Pk-U In this case, the ticket authentication information 325 and the ticket information 326 can be generated by performing the following calculation by the ticket information generation unit 305 in step 05. Cd-t: = Sk-U (S-ID @ M-ID) T: = S-ID @ Cd-t At this time, the verification by the first verification means 407 and 508 in steps 09 and 18 , Can be implemented by performing the following calculations.

Vd-t (S-ID @ M-ID, Cd-t) = true, that is, Pk-U (S-ID @ M-ID, Cd-t) = true Further, the fourth in step 19 The verification by the verification means 511 can be performed by performing the following calculation. Here, the ticket gate device 500 holds the service content S for the ticket in the device. S-ID = H (S) ‖H (Vd-t) That is, since the user device 300 and the ticket issuer are both used, the following equation is satisfied.

H (S) {H (Pk-I) = H (S)}
H (Pk-U) Also, Sk-T
As the corresponding generator verification information 323
kT can be used. Vd-g: = Pk-T In this case, it is possible to use a result generated by the following calculation as the generating device authentication information 322. Cd-g: = Sk-T (Pk-U) At this time, the verification by the second verification means 408 and 509 in Steps 10 and 20 can be performed by the following calculation.

Vd-g (Pk-U, Cd-g) = true That is, Pk-T (Pk-U, Cd-g) = true Here, only the configuration based on the electronic signature scheme has been described. The configuration method, generation method, and verification method of each information used in the present invention are not limited to those described above. In addition, as described in the first embodiment, a method based on a common key A method based on a phrase and a hash function or a method using both of them is possible.

In the operation of the system according to the second embodiment, if the user B trusts the user A, the terminal device 400 omits each of the verification processes in steps 09 to 11 and receives The obtained ticket information 326 may be immediately recorded on the ticket information recording medium 200. Even if the ticket information 326 recorded on the ticket information recording medium 200 is fraudulent, the validity of the ticket gate device 500 is determined to be unacceptable, so that the profit of the service provider is not hindered. There is no.

If the user device 300 is a device owned by a general user and different from the ticket issuing device owned by the issuer of the transferred ticket, the fourth verification in step 19 is performed. Verification by means 511 fails. However, if the user device 300 is authenticated by the authentication organization of the user device and is a valid device, it passes both the verification by the second verification unit 509 and the third verification unit 510 in steps 20 and 21. As a result, it is determined to be valid.

In the operation of the system according to the second embodiment, the verification by the first verification unit 407, the second verification unit 408, and the third verification unit 409 in steps 09 to 11 is performed in principle. It does not matter if the order is performed in any order. Also, the judgment means 420
In consideration of the determination rule in the above, it is also possible to configure so that the determination is performed by omitting the remaining verification means before the verification by all the verification means is completed. For example, since it is an essential requirement that the first verification unit 407 pass, if the first verification unit 407 fails, it is possible to immediately determine that the ticket information 326 is not valid. This is because the first verification unit 508 and the second verification unit 50 of the ticket gate device 500 in steps 17 to 21 are used.
The same applies to the verification by the ninth, third verification means 510, fourth verification means 511, and fifth verification means 512. (Storing of Service Identification Information in User Device) Next, a method for securely storing the service identification information 324 in the user device 300 while preventing unauthorized duplication and ensuring originality will be described. This is described in Japanese Patent Application No. 2000-03887.
This can be easily realized by applying the “original data distribution system” described in 5) to the distribution of service identification information.
This original data distribution system provides means for storing and delivering electronic data for which it is necessary to keep the number of valid copies below a certain number.

The user device of the original data distribution system according to “Japanese Patent Application No. 2000-038755” includes the following: information corresponding to data (ticket), first information corresponding to a certain device, and data (ticket). Originality information transfer means for transmitting and receiving originality information generated from the corresponding second information; identifying means for specifying a source device of the received originality information; transferring source of the received originality information An authentication unit that determines that the original information is valid only when the authentication of the apparatus is successful or only when the transfer source apparatus and the apparatus corresponding to the first information of the original information are the same. Storage means for storing the originality information determined to be valid by the authentication means; and deletion means for deleting the originality information when transferring the originality information from its own device. Device A.

When issuing a ticket (data), the issuer device generates originality information from the first information corresponding to its own device and the second information corresponding to the ticket to be issued, and uses the original information. To the user device. The user device succeeds in authenticating the source device of the received originality information using the authentication means, or the source device of the originality information corresponds to the first information of the originality information. The originality information is stored as valid only when the same device is used. Also,
At the time of transfer from the user device to the user device, the transfer source original user device transfers the original information to be transferred to the transfer destination second user device, The original information is deleted. The second user device succeeds in the authentication of the first user device which is the transfer source device of the received originality information, or the first user device which is the transfer source device of the originality information. Is determined to be valid only when the device corresponding to the first information of the original information is the same as the device corresponding to the first information, and is stored.

At the time of a ticket gate, the user device transfers the originality information to be gated to the ticket clerk device and deletes the originality information. The ticket gate device provides a service corresponding to the originality information only when the authentication of the user device that is the transfer source device of the received originality information is successful.
In the above, it is also possible to configure the user device with a device having tamper resistance. In this case, even if there is a malicious user, it is possible to prevent the original information in the user device from being illegally copied or stored in the user device.

As described above, in the transfer of the originality information corresponding to the ticket, the transfer source is authenticated, and only the trusted user device is set as the distribution channel, so that forgery, falsification, and Tickets can be distributed from issuer to user, from user to ticket gater, and from user to user from one to another, while preventing unauthorized duplication. User device 30 in the second embodiment
0, data transmitting / receiving means 307, specifying means 30
9. The authentication unit 310, the storage unit 311, and the service identification information deletion unit 306 correspond to the originality information transfer unit, the identification unit, the authentication unit, the storage unit, and the deletion unit of the user device in the original data distribution system, respectively. The service identification information 324 can correspond to the original data.

In this way, by constructing the user device 300 based on the user device of the original data distribution system, the service identification information 324 can be prevented from being illegally copied and the originality can be guaranteed. , Can be safely stored in the user device 300. Furthermore, the service identification information 324 that has been repeatedly distributed in the original data distribution system while guaranteeing the originality can be safely transferred to the ticket by using the ticket verification device according to the present invention. Third Embodiment (System Configuration of Third Embodiment) FIG. 10 shows a system configuration of a third embodiment to which the method of the present invention is applied and a functional configuration of each device.

In the third embodiment, a ticket issuer who has been delegated from a provider of a service to a ticket issuance authority, which is electronic information indicating the right to receive the service, is assigned to a certain user C. A case where the ticket is issued to the user C and the user C uses the ticket is taken as an example. The system according to the third embodiment includes a ticket information recording medium 700 owned by a user C, an issuer device 800 for issuing a ticket to the user C, possessed by a ticket issuer, and transmitted from the issuer device 800. Terminal device 900 used by user C to verify ticket information 825 to be input and to record on ticket information recording medium 700
When the ticket information recording medium 700 is presented by the user, the ticket information 825 recorded therein is verified, and if the ticket information is determined to be valid, the ticket inspection apparatus 500 for providing the corresponding service It is composed of (Detailed Description of System Components of Third Embodiment) Hereinafter, each of the system components will be described in detail. (Ticket information recording medium 700) The ticket information recording medium 700 required by the user C is an information recording medium in which recording medium identification information 701 that is information for identifying the medium is recorded so as to be readable and difficult to change. And the ticket information recording medium 20 used in the second embodiment of the present invention.
Exactly the same as 0 can be used.

User C uses ticket information recording medium 700
Is purchased or acquired in advance. However,
This is not the case when the ticket is issued in person. The ticket information recording medium 700 includes an issuer device 80
The ticket information 825 transmitted by “0” is recorded by the terminal device 900 together with the ticket verification information 821. The recording form and method are exactly the same as in the second embodiment of the present invention. (Issuer Device 800) The issuer device 800 is used by a service provider to issue a ticket to a ticket issuer who has been delegated the right to issue a ticket, which is electronic information indicating the right to receive the service. A device that generates the ticket information 825 and transmits the ticket information 825 to the terminal device 900, and is configured on an appropriately operated server or the like.

The issuer device 800 includes a recording medium identification information acquiring unit 801, a generating device secret information holding unit 802,
Information holding means 803 and service information management means 804
, Ticket information generation means 805, data transmission / reception means 806, and control means 807. The recording medium identification information acquiring unit 801 is a unit that acquires the recording medium identification information 701 from the data transferred from the terminal device 900. The generating device secret information holding unit 802 generates the generating device secret information 82, which is secret information unique to the issuer device 800.
This is storage means for securely holding 0. To prevent leakage, the generating device secret information 820 may be stored in an encrypted form.

The information holding means 803 is a storage means for holding the ticket verification information 821. Ticket verification information 3
21 is information corresponding to the generating device secret information 820.
Details of a method of configuring these information will be described later. The service information management unit 804 manages service information 822 corresponding to a ticket issued by the issuer device 800. The service information management unit 804 manages and stores necessary information such as a service provider and a ticket price in addition to the service content. are doing. When a ticket is issued, service identification information corresponding to the ticket is selected or generated based on the service information managed by the means 804, and issuance processing is performed based on the selected service identification information. When the issuer device 800 issues tickets corresponding to a plurality of types of services, service information corresponding to the service selection information from the terminal device 900 is used. If the issuer device 800 issues only one type of ticket, the service selection information from the terminal device 900 is not required.

The ticket information generating means 805 is based on the service information 822 managed by the service information managing means 804 and the service identification information 82 corresponding to the ticket to be issued.
3 is generated or obtained, and the service identification information 823 is generated.
, Recording medium identification information 701 and generating device secret information 820
This is a means for generating ticket authentication information 824 by an operation using and the service identification information 823 to generate ticket information 825. Service identification information 823, ticket authentication information 824, ticket information 825
Details of the configuration method will be described later.

The data transmitting / receiving means 806 is a communication means for transmitting / receiving data to / from another device, and the control means 807 is a control device mainly comprising a microcomputer for controlling the whole. (Terminal Device 900) The terminal device 900 is a publisher device 80
This device is used by the user C to verify the ticket information 825 transmitted from 0 and record it on the ticket information recording medium 700, and is configured based on the ticket verification device according to the present invention.

The terminal device 900 has almost the same functional configuration as the terminal device 400 used in the second embodiment of the present invention. Service selection means 902, fourth verification means 91
0 is further provided. The service selection means 902
When the issuer device 800 issues tickets corresponding to a plurality of types of services, the issuer device 800 selects a ticket to be issued. The fourth verification means 910 is a verification means having exactly the same function as the first verification means 511 of the ticket gate device 500 in the first embodiment, and the same means can be used.

The determination means 920 is also a means for performing a logical operation on the truth value of the verification result by each verification means, and finally determines whether the ticket information 825 is valid. The determination unit 920 determines that both the verifications by the first verification unit 907 pass, and the verifications by both the second verification unit 908 and the third verification unit 909 or the verification by the fourth verification unit 910 pass. When it becomes, it is determined that the ticket information 825 is valid. Also,
The data transmission / reception unit 912 is a communication unit for transmitting / receiving data to / from another device, and the control unit 913 is a control device mainly including a microcomputer for controlling the whole. (Description of Operation in Third Embodiment) Hereinafter, the operation of the third embodiment of the present invention will be described in detail with reference to FIG. (Step 01) The user C acquires one or more ticket information recording media 700 by purchasing it in advance. At this point, the ticket information recording medium 700
Is not associated with a ticket or service. (Step 02) When receiving a ticket issuance, such as purchasing a ticket, the user C selects an arbitrary ticket information recording medium 700, and selects the recording medium identification information 70.
1 is the recording medium identification information acquisition means 401 of the terminal device 900
Read and input by. If the issuer device 800 can issue a plurality of types of tickets, the service selecting unit 902 selects a ticket to be issued. (Step 03) The terminal device 900 connects to the issuer device 800
Then, the recording medium identification information 701 acquired in step 02 is notified. In step 02, the service selecting means 902
When a ticket is selected by using, the result of the selection is also notified. (Step 04) Upon receiving the recording medium identification information 701, the issuer apparatus 800 stores the service identification information 823 corresponding to the ticket to be issued in the service information management unit 804.
Is acquired or generated based on the service information 822 managed by the user. At this time, if necessary, service information to be used is determined according to the service selection result transmitted from the terminal device 900. (Step 05) In the issuer apparatus 800, the ticket information generation unit 805 uses the recording medium identification information 701, the service identification information 823, and the generation apparatus secret information 820 stored in the generation apparatus secret information storage unit 802 obtained in step 04. The ticket authentication information 824 is generated by an operation using and the service identification information 823 to generate the ticket information 825. (Step 06) The issuer device 800, if necessary,
After updating the information managed by the service information management unit 804, the ticket information 825 generated in step 05 is transmitted to the terminal device 900, and, if necessary, stored in the information storage unit 803. Ticket verification information 8
21 is also transmitted to the terminal device 900.

At this time, the transmitted ticket information 825
Has a value as a ticket only when combined with the corresponding ticket information recording medium 700, so that there is no problem if it is obtained by a third party during communication. The ticket verification information 821 is also information used for verifying the ticket information 825, and can be configured as information that does not cause a problem even if obtained by a third party. (Step 07) The terminal device 900 is connected to the issuer device 800
When ticket information 825 is received from, the corresponding ticket verification information 821 is obtained by the ticket verification information obtaining unit 404. (Step 08) The terminal device 900 transmits the ticket information 82
5 is verified by the first verification unit 407 using the ticket verification information 821 and the recording medium identification information 701 obtained in step 02. (Step 09) The terminal device 900 transmits the ticket information 82
5 is verified by the fourth verification unit 910 using the ticket verification information 821. (Step 10) The terminal device 900 fails the verification because the second verification unit 408 cannot perform the verification because the terminal device 900 does not have the generation device authentication information and the generation device verification information required for the verification. (Step 11) The terminal device 900 cannot perform the verification by the third verification unit 409 because there is no generation device verification information necessary for the verification, and thus determines that the verification has failed. (Step 12) The terminal device 900 executes the first verification unit 4
07, the second verification means 408, and the third verification means 40
The validity of the ticket information 825 is determined by the determination means 920 based on the verification result of the fourth verification means 910 and the fourth verification means 910. The determination unit 920 determines that the verification result of the first verification unit 407 has passed, and that both the verification results of the second verification unit 408 and the third verification unit 409 are
If the verification result of the fourth verification unit 910 is passed, the ticket information 825 is determined to be valid.

The result of the pass / fail judgment by the judging means 920 includes a true / false value R1 'which becomes true only when the verification result of the first verifying means 407 passes, and a second verifying means 408 in the same manner. Using the true / false value R2 ′ of the verification result, the true / false value R3 ′ of the verification result of the third verification means 409, and the true / false value R4 ′ of the verification result of the fourth verification means 910. Can be. However, it is assumed that the determination means 920 determines that the ticket information 825 is valid when the truth value R 'is true. R '= R1'∩ ｛(R2'∩R3') ∪R4 '｝ In this example, both R2' and R3 'are false values in steps 10 and 11, but both R1' and R4 'are true values. If you pass.

[0094] If the determination means 920 determines that the rejection is not successful, the processing is abnormally terminated, or an exceptional process such as retransmitting the ticket information 825 to the issuer device 800 is performed. The details are omitted. (Step 13) If it is determined in step 12 that the ticket information 825 is valid, the terminal device 900 records the ticket information 825 on the ticket information recording medium 700 by the ticket information recording unit 410.

By combining the ticket information 825 and the ticket information recording medium 700, the ticket has a value as a ticket for the first time, and the ticket is issued to the user C. Hereinafter, the user C presents the ticket information recording medium 700 to the ticket gate apparatus 500 in order to exercise the ticket obtained as described above. The subsequent processing is performed in the same manner as in the second embodiment of the present invention. 1
Since the processing is performed in exactly the same manner as the processing from step 4 to step 25, the description is omitted. (Details of Configuration Method and Verification Method of Information in Third Embodiment) Next, a configuration method of ticket verification information 821 and service identification information 823, and ticket authentication information 824 and ticket information by ticket information generation unit 805 in step 05 The generation method of the second verification unit 825, the verification method by the first verification unit 407 in step 08, and the verification method by the fourth verification unit 910 in step 09 will be described.

Here, as a typical realization method, as in the second embodiment, a realization method using an electronic signature method such as an E-Sign signature method by NTT and an RSA signature method by RSA will be described. The symbols used in the description are the same as those in the second embodiment. First, the issuer device 80
Sk-I as generating device secret information 820 unique to
Pk-I as the ticket verification information 821 corresponding thereto.
Can be used. Vd-t: = Pk-I In this case, the service information and the service identification information 823 corresponding to the ticket issuer can be configured as a result of the following operation. The terminal device 900 stores the received service information S in a memory.

S-ID: = H (S) ‖H (Pk-I) The service identification information 823 is the service information management unit 80
4, the information may be managed in association with the service information 822, or may be generated by the above calculation when a ticket is issued. In this case, the ticket authentication information 824 and the ticket information 825 can be generated by performing the following calculation by the ticket information generating unit 305 in step 05.

Cd-t: = Sk-I (S-ID @ M-ID) T: = S-ID @ Cd-t At this time, the first verification means 407 in step 08
Can be performed by performing the following calculation. Vd-t (S-ID @ M-ID, Cd-t) = true, that is, Pk-I (S-ID @ M-ID, Cd-t) = true Also, the fourth verification means 910 in step 09 Can be performed by performing the following calculation.

S-ID = H (S) ‖H (Vd−t) That is, H (S) ‖H (Pk−I) = H (S) ‖H (Pk−
I) Here, only the configuration based on the digital signature scheme is described, but the configuration method, generation method, and verification method of each information used in the present invention are not limited to these, and other common information may be used. A method based on a key cryptosystem, a method based on a passphrase and a hash function, or a method using both of them are possible.

In the operation of the system according to the third embodiment, if the user C trusts the issuer of the ticket, if the user C trusts the ticket issuer in step 0,
The verification processing of steps 8 to 11 may be omitted, and the received ticket information 825 may be immediately recorded on the ticket information recording medium 700. For example, the ticket information recording medium 700
Even if the ticket information 825 recorded in the is invalid, it is determined to be rejected in the validity determination in the ticket gate device 500, so that the profit of the service provider is not hindered.

In the operation of the system according to the third embodiment, the verification by the first verification means 407 in step 08, the verification by the fourth verification means 910 in step 09, and the second The verification by the verification unit 408 and the verification by the third verification unit 409 in step 11 can be performed in any order in principle. Also, the judgment means 92
Considering the determination rule of 0, it is also possible to configure so that before the verification by all the verification units is completed, the determination is performed by omitting the remaining verification units. For example, since it is an essential requirement to pass the first verification means 407,
If the first verification means 407 is rejected, it is possible to immediately determine that the ticket information 825 is not valid, and the first verification means 407 and the fourth verification means 910 are passed. At this point, the second verification means 408
Even without executing the third verification means 409, it is possible to immediately determine that the ticket information 825 is valid. This is because the first verification means 508, the second verification means 509, and the third verification means 51
The same applies to the verification by the 0th, the fourth verification unit 511, and the fifth verification unit 512.

The fourth verification means 511, 910
Is applied to the method of Japanese Patent Application No. 2000-38875,
This is necessary, that is, in this case, it is assumed that the service identification information includes information on who is the issuer of the ticket (ticket issuing device information), that is, information corresponding to the ticket verification information. Therefore, Japanese Patent Application No. 2000-
In the case where the method of 38875 is not used, information indicating the ticket issuing device, for example, Pk-I
May not be included. In the above description, the ticket issuance terminal 2, the ticket issuance center device 3, the ticket gate 4, the ticket verification device 100, the user device 300, the terminal devices 400 and 900, and the ticket gate device 500 are each executed by a computer to function. You can also.

[0103]

As described above, according to the present invention, a ticket is valid only when a paper piece to which the ID notified at the time of issuance is presented. Therefore, when a user purchases various tickets online, there is an effect that even if the verification information, which is the information of the ticket, is stolen, it is not illegally used. In addition, since the originality is guaranteed by the difficulty of copying a piece of paper and the encryption technology without depending on the retention of the passphrase by the user, when transferring the ticket, give the ticket itself and leave a copy It is not possible. Therefore, there are effects such as enabling secure transfer and eliminating the need to centrally manage invalidation of tickets.

When the price information of the service is not added to the ID of the piece of paper, it is not necessary to use differently according to the type of ticket to be issued. Therefore, in consideration of the cost of plate creation at the time of printing and the like, there is an effect that it is easier to issue a small number of tickets of various types as compared with the conventional ticket.
Further, it is also possible to divert an existing ID-attached paper piece such as a bill as a paper piece. In that case, the operation cost can be further reduced. That is, the present invention is effective not only for online ticket sales via the Internet or the like but also for reduction in issuance costs when applied to face-to-face sales of tickets at counters and the like conventionally performed.

[0105] Further, the paper piece or the mount need not be paper, but may be an IC telephone card, a flexible disk, or an ID.
It is possible to use a memory card with a tag. Therefore, there is an effect that a flexible system configuration according to the environment of the user and the environment of the ticket gate is enabled. The ticket information is valid only when combined with the corresponding ticket information recording medium. Therefore, when a user purchases, transfers, or uses various tickets, there is an effect that even if the ticket information is stolen or copied, it is not illegally used.

It is not necessary for the medium for recording the ticket information to have tamper resistance. Therefore, there is an effect that even a user who cannot use a special device or server can easily purchase or transfer and use a ticket. In addition, when a third party verifies the ticket information by using the authentication information given to the ticket information generating apparatus to authenticate the generating apparatus, and determines that the authentication is valid only when the authentication is successful, This has the effect that the ticket can be transferred not only from the ticket issuer but also from another user having the ticket storage device trusted by a third party.

The ticket verification device according to the present invention can be used in common by all devices for issuing, transferring, and using tickets. Therefore, there is an effect that a ticket distribution system can be easily constructed at low cost. In the ticket verification device according to the present invention, if the validity of the ticket information is determined by verifying whether the service provider corresponding to the ticket information matches the ticket information generation device, the ticket verification device may be trusted by a third party. Ticket issued by a ticket issuer who does not have a designated ticket storage device,
This has the effect that it is possible to receive the document while preventing its forgery or tampering. In this case, it is possible to receive a ticket issued not only by a predetermined ticket issuer but also by an unspecified number of issuers while preventing forgery or falsification.

In the ticket verification device according to the present invention, when ticket information that has been successfully verified is recorded on a ticket information recording medium, a terminal device used by a user to receive an issued or transferred ticket can be realized. Will be possible. The ticket verification device according to the present invention, when providing a service corresponding to ticket information that has been successfully verified,
It is possible to realize a ticket gate device that provides a service for the presented ticket. In the ticket verification device according to the present invention, when the ticket information that has been successfully verified is deleted from the ticket information recording medium, the ticket checking device is configured to prevent the user from erroneously presenting the ticket exchanged for the service again. It becomes possible to prevent.

The ticket verification device according to the present invention accumulates information corresponding to the verified ticket information, and when the verification of the ticket information is requested, confirms whether or not the verification has already been performed. If you fail
In the ticket gate device, even if a ticket exchanged for a service is incorrectly or intentionally presented again, it is possible to eliminate the ticket without providing multiple services. According to the present invention, the secret information of the ticket information generating device, and the secret information of the third-party device, using the signature key in the public key cryptosystem, ticket authentication information, and the third-party device authentication information, When the digital signature using the signature key is used and the verification key corresponding to the signature key used for generation is used for verification of the authentication information, the authentication information is verified without disclosing the above secret information at all. And the risk of leakage of secret information is extremely reduced, and the ticket distribution system according to the present invention can be easily configured using an existing public key authentication infrastructure.

According to the present invention, the service identification information includes:
One of the ticket verification information or the ticket verification information corresponding to the secret device generation information of the ticket information generation device of the ticket issuing entity to which the service providing entity of the service identification information or the ticket issuing authority delegated the ticket issuing authority from the service providing entity. It can also include the result of applying a direction function. In this case, regarding the association between the service identification information and the service providing entity or the ticket issuing entity, there is no need to separately provide a means or the like for managing the association.
It can be realized easily and safely.

According to the ticket verification device of the present invention, it is possible to use, as a medium for recording ticket information, a piece of paper on which identification information unique to the medium is recorded and which is difficult to forge and duplicate. In that case, the user can easily purchase or transfer and use the ticket online or offline using a medium that is easy to obtain and handle, such as paper. According to the ticket verification device of the present invention,
The first piece of paper, on which unique identification information is recorded on a medium for recording ticket information, which is difficult to forge and duplicate, and the second piece of paper (mount) for recording ticket information are integrated. Can also be used. In that case, before the two pieces of paper are integrated, for the same first piece of paper,
Any second piece of paper can be used.For example, if the recording of the ticket information on the second piece of paper has failed, or if only the second piece of paper has been significantly damaged, another second piece of paper can be used. By recording and using the ticket information, the ticket can be reproduced while preventing unauthorized duplication.

According to the ticket verifying apparatus of the present invention, as for a medium for recording ticket information, an electronic or magnetic recording medium in which identification information unique to a non-changeable medium is electronically, magnetically or physically recorded is used. It is also possible to use. In that case, the user can easily purchase or transfer and use the ticket online or offline using a medium that is easy to obtain and handle, such as a memory card with an ID. ADVANTAGE OF THE INVENTION According to the ticket verification apparatus by this invention, about the medium which records ticket information, the electronic or magnetic recording medium which holds the information which only a person with special authority can write or change electronically or magnetically is provided. It is also possible to use. In such a case, the user may use a medium such as an IC card to which a unique ID or identification information is not added in advance.
Information that can be used as identification information such as a user ID and key information is recorded by an administrator, and ticket information is recorded on a medium in which measures are taken to prevent the information from being changed by anyone other than the administrator. As a result, more users can purchase or transfer and use the ticket. In addition, as the above-mentioned recording medium, for example, an IC card having tamper resistance, which is used as an employee ID, an entrance ID, or the like, can be used.

According to the ticket distribution system of the present invention, ticket information is generated using the issuer device or user device in the original data distribution system according to Japanese Patent Application No. 2000-038755, and the validity of the ticket information is verified. It is possible to use a ticket verification device according to the above. In that case, "Japanese Patent Application 2000-038755"
And the ticket distribution system according to the present invention can be combined.
As a result, a highly convenient ticket distribution system that allows more various users to purchase, transfer, and use tickets using devices or media according to their environment and conditions Has the effect that it is possible to

According to the ticket distribution method of the present invention, the ticket information can be recorded on the ticket information recording medium by the first ticket verification device, and the ticket information can be verified by the second ticket verification device. .
Therefore, the terminal device and the ticket gate device used by the user can be configured by using the ticket verification device according to the present invention in common, and the ticket distribution system can be easily constructed.

[Brief description of the drawings]

FIG. 1 is a diagram showing a system configuration to which a method of the present invention is applied and a functional configuration of each device of the present invention used therein.

FIG. 2 is a flowchart showing an operation flow of the embodiment of the method of the present invention.

FIG. 3 is a diagram showing a basic functional configuration of a ticket verification device according to the present invention.

FIG. 4 is a diagram illustrating a system configuration according to a second embodiment to which the present invention is applied.

FIG. 5 is a diagram showing a functional configuration example of a user device 300 in FIG. 4;

FIG. 6 is a diagram showing a functional configuration example of a terminal device 400 in FIG. 4;

FIG. 7 is a diagram showing an example of a functional configuration of the ticket gate device 500 in FIG.

FIG. 8 is a flowchart showing the flow of the first half operation in the second embodiment of the present invention.

FIG. 9 is a flowchart showing a flow of the latter half operation in the second embodiment of the present invention.

FIG. 10 is a diagram showing a system configuration according to a third embodiment to which the present invention is applied.

FIG. 11 is a flowchart showing a flow of an operation in a third embodiment of the present invention.

────────────────────────────────────────────────── ───

[Procedure amendment]

[Submission date] May 23, 2001 (2001.5.2)
3)

[Procedure amendment 1]

[Document name to be amended] Statement

[Correction target item name] Claim 31

[Correction method] Change

[Correction contents]

[Procedure amendment 2]

[Document name to be amended] Statement

[Correction target item name] Claim 32

[Correction method] Change

[Correction contents]

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G06K 19/10 G07B 1/00 Z G07B 1/00 15/00 501 15/00 501 G09C 1/00 640A G09C 1/00 640 640B G06K 19/00 R H04L 9/32 H04L 9/00 673B (72) Inventor Makoto Iguchi 2-3-1 Otemachi, Chiyoda-ku, Tokyo Nippon Telegraph and Telephone Corporation (72) Inventor Takashi Fujimura Within Nippon Telegraph and Telephone Corporation, 2-3-1, Otemachi, Chiyoda-ku, Tokyo (72) Inventor Hironori Takeuchi 2-3-1, Otemachi, Chiyoda-ku, Tokyo F-term, within Nippon Telegraph and Telephone Corporation 2C005 HA04 HB04 HB13 JA15 JA18 JB08 JB20 JB23 JB32 JB33 LB34 LB53 5B035 AA13 BB01 BB03 BB05 BB09 BC01 5B058 KA01 KA05 KA11 KA31 KA37 YA01 5J104 AA0 7 AA09 KA02 LA02 LA03 NA02 NA05 PA10

Claims (34)

[Claims] 1. A hard-to-copy paper piece on which unique identification information (hereinafter, referred to as ID) is recorded, and verification information generated from the ID, service information, and secret information of an issuer are recorded. A ticket characterized by comprising a mount. 2. The ticket according to claim 1, wherein the paper piece and the mount are integrated, and the integrated one is difficult to duplicate. 3. The ticket according to claim 1, wherein at least one of the ID and the verification information is recorded by printing so as to be readable by optical means. 4. The ticket according to claim 1, wherein the paper piece itself is valuable. 5. The ticket according to claim 1, wherein the paper piece is an electronic recording medium and the ID is electronically recorded. 6. The information recording means for holding the ID electronically or magnetically on the paper piece, and writing of information to the information holding means for recording medium only by a person having special authority. 6. The ticket according to claim 5, further comprising access control means for performing access control so as to allow the change. 7. The ticket according to claim 1, wherein the mount is an electronic recording medium, and the verification information is recorded electronically. 8. The secret information of the issuer is a signature key in a public key cryptosystem, and the verification information is
The ticket according to any one of claims 1 to 7, wherein the ticket includes an electronic signature using the signature key for information including D and the service information. 9. The secret information possessed by the issuer is an encryption key in a shared key cryptosystem, and the verification information is
The ticket according to any one of claims 1 to 7, wherein the ticket includes an encrypted text with the encryption key for information including D and the service information. 10. The verification information according to claim 1, wherein the verification information includes a value obtained by applying a one-way function to information including the ID, the service information, and secret information of the issuer. The ticket described in any one of 7 above. 11. A step of transmitting an ID of a hard-to-replicate piece of paper recorded with a unique ID from a ticket issuing terminal to a ticket issuing center device, wherein said ticket issuing center device transmits said ID, service information, and said issuing center device. And generating the verification information from the secret information of the ticket issuing terminal and transmitting the verification information to the ticket issuing terminal. The ticket issuing terminal records the verification information on a mount, and the ticket according to any one of claims 1 to 9. Issuing a ticket. 12. A step of obtaining the ID and the verification information from the ticket at the ticket gate, a step of verifying the validity of the verification information and the ID of the paper piece, and a step of verifying the validity of the ticket. 12. The ticket distribution method according to claim 11, further comprising a step of deeming the ticket valid. 13. The ticket is sold at a predetermined price according to an ID, and the ticket issuing center comprises:
Obtaining the price from the ID when receiving the ID, and verifying that the price satisfies the distribution price of the ticket, and, if the verification is passed, generating and transmitting the verification information. The ticket distribution method according to claim 11, wherein the ticket distribution method is characterized in that: 14. A means for inputting the ID of a piece of paper on which a unique ID is recorded and which is difficult to copy, transmits the input ID to a ticket issuing center device, and receives verification information from the ticket issuing center device. 11. The ticket issuing device according to any one of claims 1 to 10, further comprising: means for communicating with the ticket issuing center device, and means for recording the received verification information on a mount. A ticket issuing terminal characterized by the following. 15. Receiving an ID from a ticket issuing terminal,
Means for communicating with the ticket issuing terminal transmitting verification information to the ticket issuing terminal; means for holding secret information; means for generating verification information from the received ID, the secret information, and service information; A ticket issuance center device comprising: 16. A means for holding or obtaining decryption information corresponding to or equal to secret information used for generating verification information, a means for holding or obtaining service information, an ID and verification from a presented ticket. A ticket gate comprising: means for acquiring information; and means for confirming the validity of the ticket using the acquired ID, verification information, decryption information, and service information. 17. Service identification information corresponding to the content of a right to receive a service or a product, recording medium identification information for identifying a ticket information recording medium for recording ticket information, and an apparatus for generating the ticket information. A ticket verification device that verifies the validity of the ticket information including the ticket authentication information generated from the unique generation device secret information and the service identification information, and a ticket information acquisition unit that acquires the ticket information. Recording medium identification information acquiring means for acquiring the recording medium identification information from the ticket information recording medium; and ticket verification corresponding to the generating apparatus secret information of the apparatus which has generated the ticket information acquired by the ticket information acquiring means. Ticket verification information obtaining means for obtaining information; the ticket verification information; Third-party device confidential information that is confidential information unique to the third device, and a generating device authentication information obtaining unit that obtains a generating device authentication information generated from the third device secretion information; Generating device verification information obtaining means for obtaining, the ticket authentication information included in the ticket information,
The service identification information included in the ticket information;
A first method of verifying that the information is generated from the recording medium identification information and the generating device secret information corresponding to the ticket verification information by using the service identification information, the recording medium identification information, and the ticket verification information. Verification means, the generation device authentication information and the third-party device secret information corresponding to the ticket verification information and the generation device verification information, the generation device authentication information and the A second verification unit that verifies with the generation device verification information; a third verification unit that verifies whether the generation device verification information is valid; a verification by the first verification unit; and the second verification unit If the verification by the third verification unit and the verification by the third verification unit pass, the ticket information is determined to be valid. Packet verification device. 18. The service identification information is stored in the generating device secret information of a ticket information generating device of a service providing entity or a ticket issuing entity delegated the issuing authority of a ticket corresponding to the service from the service providing entity. Information corresponding to the corresponding ticket verification information, ticket verification information corresponding to the service identification information included in the ticket information obtained by the ticket information obtaining means, the ticket obtained by the ticket verification information obtaining means A fourth verification unit for verifying that the verification information is the same as the verification information, wherein the determination unit passes the verification by the first verification unit, and the second verification unit and the third verification Both verification by means, or if the verification by the fourth verification means passes, Serial ticket information ticket verification apparatus according to claim 17, characterized in that determined to be legitimate. 19. The ticket verification apparatus according to claim 17, further comprising: ticket information recording means for recording the ticket information determined to be valid by the determination means on the ticket information recording medium. apparatus. 20. A service providing unit for providing a service corresponding to service identification information included in the ticket information determined to be valid by the determining unit. Ticket verification device. 21. The ticket verifying apparatus according to claim 20, further comprising ticket information deleting means for deleting the ticket information determined as valid by the determining means from the ticket information recording medium. 22. A verified ticket information holding unit that holds a plurality of verified ticket information that is information corresponding to the ticket information, and the verified ticket information corresponding to the ticket information obtained by the ticket information obtaining unit includes: A fifth verification unit that checks whether the ticket information is held by the verified ticket information holding unit, and passes the verification of the ticket information only when the ticket information is not held, includes a fifth verification unit. The verification by the first verification unit passes, and the verification by the fifth verification unit passes, and both the second verification unit and the verification by the third verification unit, or the fourth When the verification by the verification unit passes, the ticket information is determined to be valid, and the ticket information is determined to be valid by the determination unit. 22. The ticket verification apparatus according to claim 20, further comprising a verified ticket information adding unit that adds the verified ticket information corresponding to the ticket information to the verified ticket information holding unit. 23. The secret device generation information is a signature key in a public key cryptosystem, and the ticket verification information is:
A verification key in a public key cryptosystem, the third-party device secret information is a signature key in a public key cryptosystem, the generation device verification information is a verification key in a public key cryptosystem, and the ticket authentication information. Is information including an electronic signature of the information including the service identification information and the recording medium identification information by the generation device secret information. The generation device authentication information is a third party to the information including the ticket verification information. 21. The ticket verification device according to claim 17, wherein the ticket verification information is information including an electronic signature based on device secret information. 24. The service identification information includes the generation device secret information of a ticket information generation device of a ticket providing entity of a service providing entity of the service identification information or a ticket issuing entity delegated the ticket issuing authority from the service providing entity. 24. The ticket verification apparatus according to claim 17, wherein the ticket verification information is information including a result obtained by applying a one-way function to the corresponding ticket verification information or the ticket verification information. 25. A service identification information holding means for holding service identification information corresponding to the contents of a right to receive a service or a product, etc .; Means, generating apparatus secret information holding means for holding generating apparatus secret information, the service identification information obtained from the service identification information holding means, the recording medium identification information obtained from the recording medium identification information obtaining means, Ticket information generating means for generating ticket authentication information from the generating device secret information acquired from the generating device secret information holding means, and generating ticket information including the ticket authentication information and the service identification information; The service identification information corresponding to the ticket information generated by the generation unit is Service identification information and service identification information deleting means for deleting from the holding means, the ticket information generation apparatus and a ticket information output means for outputting said ticket information generated by said ticket information generating means. 26. A specifying means for specifying a source device of the received service identification information, wherein the authentication of the source device of the received service identification information is successful, or the source device and the service identification information include the source device. Authentication means for determining that the received service identification information is valid only when the device information and the corresponding device are the same, and the service identification information determined to be valid by the authentication means 26. The ticket information generating apparatus according to claim 25, further comprising: storage means for storing the information in the service identification information holding means. 27. A step of obtaining recording medium identification information from a ticket recording medium, a step of obtaining ticket information, a step of obtaining ticket verification information, a step of obtaining generator authentication information, and a generator verification information. A first verification step of verifying ticket authentication information included in the ticket information with the ticket verification information, the recording medium identification information, and service identification information included in the ticket information. A second verification step of verifying authentication information with the generation apparatus verification information; a third verification step of verifying whether the generation apparatus verification information is valid; a first verification step; and the second verification Process and the third
And a step of determining that the ticket information is valid if all of the verification steps pass. 28. A fourth verification step for verifying that the ticket verification information and the ticket identification information corresponding to the service identification information are the same, wherein the determination step is that the first verification step is Claim: The ticket information is determined to be valid when both the second verification step and the third verification step pass or when the fourth verification step passes. Item 29. The ticket verification method according to Item 27. 29. A step of obtaining recording medium identification information from a ticket recording medium, a step of obtaining ticket information, a step of obtaining ticket verification information, and a step of obtaining ticket authentication information included in the ticket information. A first verification step of verifying with the information, the recording medium identification information and the service identification information included in the ticket information; and that the ticket verification information and the ticket verification information corresponding to the service identification information are the same. A ticket verification method comprising: a second verification step of verifying; and a step of determining that the ticket information is valid if all of the first verification step and the second verification step pass. 30. When the recording medium identification information is obtained from a ticket information recording medium on which unique recording medium identification information is recorded and which is difficult to copy, the terminal device transmits the recording medium identification information to the user device. Upon receiving the recording medium identification information, the user device obtains service identification information from service identification information holding means, and stores the service identification information, the recording medium identification information, and the held generation device secret information. Using, to generate ticket authentication information, together with this and the service identification information and send it to the terminal device as ticket information,
The service identification information is deleted from the service identification information holding unit.When the terminal device receives the ticket information, the terminal device acquires ticket verification information, generation device authentication information, and generation device verification information corresponding to the ticket information, The ticket information is verified by a first verification unit using the ticket verification information and the recording medium identification information, and the ticket verification information is verified by a second using the generation device authentication information and the generation device verification information. The validity of the generation device verification information is verified by a third verification unit. If all the verifications by the first, second, and third verification units pass, the ticket information is valid. And recording the ticket information on the ticket information recording medium. 31. When the terminal device obtains the recording medium identification information from the ticket information recording medium on which the unique recording medium identification information is recorded and which is difficult to copy, the terminal device transmits the recording medium identification information to the issuer device. Upon receiving the recording medium identification information, the issuer device generates service identification information corresponding to the ticket to be issued, and generates the service identification information, the recording medium identification information, and the held generation device secret information. Generating the ticket authentication information using the information and transmitting the service identification information together with the service identification information to the terminal device; upon receiving the ticket information, the terminal device obtains ticket verification information corresponding to the ticket information; The ticket information is verified by the first verification unit using the ticket verification information and the recording medium identification information, and the ticket verification information is The fourth verification means verifies that the ticket information is the same as the ticket verification information corresponding to the service identification information.If all the verifications by the first and fourth verification means pass, it is determined that the ticket information is valid. Recording the ticket information on the ticket information recording medium. 32. When the ticket information recording medium is presented, the ticket inspection apparatus acquires recording medium identification information and ticket information from the ticket information recording medium, and acquires ticket verification information and generation device authentication information corresponding to the ticket information. And generating device verification information, verifying the validity of the ticket information by a fifth verification unit with reference to a verified ticket information holding unit, and verifying the ticket information with the recording medium identification information and the ticket verification The first verification unit verifies that the ticket verification information corresponding to the service identification information of the ticket information is the same as the ticket verification information by using a fourth verification unit. Verification information is verified by a second verification unit using the generation device authentication information and the generation device verification information; The validity of the placement verification information is verified by a third verification unit, the verification results of the first verification unit and the fifth verification unit are both passed, and the second verification unit and the third verification unit If both of the verification results of the verification means or the verification result of the fourth verification means pass, the ticket information is determined to be valid, and a service corresponding to the ticket information is provided and the verification is performed. 27. The ticket distribution method according to claim 25, wherein the ticket information is added to verified ticket information holding means as verified ticket information. 33. A program storing a program for causing a computer to execute the ticket verification method according to claim 22. 34. A computer-readable recording medium on which the program according to claim 28 is recorded.