JP2002208920A - System and method for processing data - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve the security of data in a data processing system which transmits such data as an electronized ticket, etc., to be protected for security to a terminal through such a terminal that is owned by an individual by preventing the illegal modification of the data. SOLUTION: A ticket selling server 1 enciphers the data about a purchased ticket so that the enciphered data may be deciphered by means of a site server 2 and transmits information obtained by adding terminal-displayed data which can be displayed on the portable terminal 3 of a user to the enciphered ticket data to the terminal 3 by further enciphering the information. The user of the terminal 3 deciphers the terminal-displayed data and performs access to the site server 2 on the date on which the user can use the purchased ticket. The site server 2 confirms the correctness of the user of the terminal 3 and the terminal 3 and, only when the correctness of the user and terminal 3 is confirmed, the server 2 receives the ticket data from the terminal 3 and decodes the data.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data processing system and a data processing method, and more particularly, to a data processing system having a function of encrypting data and decrypting the encrypted data, and a data processing method. About the method.

[0002]

2. Description of the Related Art In recent years, various services such as auctions and shopping using a network such as the Internet have been provided to users, and the number of users using these services has been increasing.

In the above-mentioned services such as auctions and shopping, ticket sales companies and ticket shops that provide tickets handle inexpensive tickets and expensive tickets with premiums and are used by many users. Also, a ticket sales company, a voucher shop, or the like mails the purchased ticket to the registered user's address on the Internet. As a mailing method, ordinary mail or special mail (delivery certificate, registered mail, etc.) is used.

[0004] Tickets provided by a ticket sales company, a voucher shop, or the like that provides the above-mentioned tickets are purchased from regular routes (for example, identifiable companies) or individuals.

[0005] By the way, in order to trade tickets and the like online, it is desired to trade in the form of digitized data regardless of materials such as paper. In this case, it is required that security is sufficiently ensured so that data is not stolen or falsified.

[0006]

However, when ticket data reaches a target terminal via various terminals such as a sales terminal, a terminal owned by a user, and a local processing terminal, there are many security holes. Existed, and security was not sufficiently ensured.

An object of the present invention is to prevent data tampering in a data processing system for transmitting data such as an electronic ticket to be protected to another terminal through a terminal owned by an individual. And improve security.

[0008]

The present invention has the following features in order to achieve the above object. In the following description of the means, a configuration corresponding to the embodiment is exemplified by parentheses as an example. Reference numerals and the like are reference numerals and the like in the drawings described later.

According to the first aspect of the present invention, transmission data transmitted from a first terminal (for example, a ticket sales server 1 shown in FIG. 1) is transmitted to a second terminal (for example, a portable terminal 3 shown in FIG. 1). 1 to a third terminal (for example, the local server 2 shown in FIG. 1), and the third terminal processes the processing target data included in the transmission data (for example, the data shown in FIG. 1). Processing system 100), wherein the first terminal encrypts the processing target data (for example, ticket information T shown in FIG. 2) so that the first terminal can decrypt the first terminal. Means (for example,
CPU 11 and local server public key 16b shown in FIG. 3)
And the processing target data (for example, ticket information T ′ shown in FIG. 2) encrypted by the first encryption unit,
The additional data output to the second terminal (for example, FIG.
The terminal display data D shown in FIG. 2 is added, and the data (for example, ticket information T ′ + terminal display data D shown in FIG. 2) can be decrypted by the second terminal. And a second encrypting unit (for example, the CPU 11 and the mobile terminal public key 16c shown in FIG. 3) for further encrypting the data to be processed and the additional data encrypted by the second encrypting unit. Data transmitting means (for example, FIG. 3
And a transmission control unit 14) shown in FIG.

According to the first aspect of the present invention, the first terminal includes the first encrypting means, the second encrypting means, and the data transmitting means, so that the third terminal is provided. The processing target data to be processed in is encrypted so that it cannot be decrypted by the second terminal but can be decrypted by the third terminal, and transmitted from the first terminal to the third terminal via the second terminal. Since the data is transmitted, falsification of the data to be processed in the second terminal is prevented, and security is ensured. Further, the additional data output from the second terminal is encrypted by the second encryption means so that the additional data can be decrypted by the second terminal, and is transmitted from the first terminal to the second terminal. Tampering of additional data during data transmission is prevented, and security is ensured.

According to a second aspect of the present invention, in the data processing system according to the first aspect, the first encrypting means comprises:
The processing target data is encrypted with an encryption key unique to the third terminal stored in the first terminal, and the second encryption unit stores the processing target data stored in the first terminal. The first terminal is encrypted by an encryption key unique to the second terminal.
The data to be processed and the additional data encrypted by the encrypting means are encrypted.

According to the second aspect of the present invention, the data to be processed is encrypted with an encryption key unique to the third terminal, and the first encryption key is encrypted with an encryption key unique to the second terminal. The data to be processed and the additional data encrypted by the encrypting means can be encrypted, so that the data to be processed is encrypted using two different encryption keys, and is transmitted from the first terminal via the second terminal. When transmitted to the third terminal, the data to be processed in the second terminal is prevented from being falsified, and security is ensured.

[0013] The invention according to claim 3 is the invention according to claim 1 or 2.
Wherein the data to be processed includes at least electronic ticket data.

According to the third aspect of the present invention, since the data to be processed includes at least the digitized ticket data, tampering of the ticket data is prevented and security is ensured.

According to the invention described in claim 4, the transmission data transmitted from the first terminal (for example, the ticket sales server 1 shown in FIG. 1) is transmitted to the second terminal (for example, the portable terminal 3 shown in FIG. 1). A data processing method for transmitting to a third terminal (for example, the local server 2 shown in FIG. 1) via the third terminal, and processing the processing target data included in the transmission data at the third terminal. The terminal encrypts the data to be processed so that the data can be decrypted by the third terminal (for example, step A14 shown in FIG. 6), and encrypts the data by the first encryption step. Adding the additional data output to the second terminal to the data to be processed,
A second encryption step of further encrypting these data so that the additional data can be decrypted by the second terminal (for example, step A18 shown in FIG. 6); A data transmission step (for example, step A19 shown in FIG. 6) of transmitting the processing target data and the additional data encrypted in the encryption step to the second terminal as transmission data. .

According to the data processing method of the present invention, the first encryption step, the second encryption step,
Performing a process including a data transmitting step,
The processing target data to be processed by the first terminal is encrypted so that it cannot be decrypted by the second terminal but can be decrypted by the third terminal, and is encrypted by the third terminal via the second terminal from the first terminal. Since the data is transmitted to the terminal, the data to be processed in the second terminal can be prevented from being falsified, and a data processing method that ensures security can be easily provided. Further, the additional data output from the second terminal is encrypted by the second encryption means so that the additional data can be decrypted by the second terminal, and is transmitted from the first terminal to the second terminal. It is possible to provide a data processing method in which additional data is prevented from being falsified at the time of data transmission and security is ensured.

[0017]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS An embodiment of a data processing system 100 to which the present invention is applied will be described below in detail with reference to FIGS.

First, the configuration will be described.

FIG. 1 is a diagram showing a system configuration of a data processing system 100 according to the present embodiment. In FIG. 1, a data processing system 100 includes a ticket sales server 1, a local server 2, and a plurality of mobile terminals 3 connected to a communication network N.

FIG. 1 shows a case where the data processing system 100 is composed of one ticket sales server 1, one local server 2, and three portable terminals 3. The number and the number of installation locations are not particularly limited. The communication network N is a mobile phone communication network, P
It includes an HS telephone communication network, a telephone line, an ISDN line, a CATV line network, a LAN, a WAN, an intranet, the Internet, an infrared communication, a short-range wireless communication such as a Bluetooth communication, and other networks.

The data processing system 100 encrypts electronic ticket information (hereinafter, ticket data), buys and sells the encrypted ticket data, and uses the encrypted ticket data. This is a system for trading various services and goods. Here, the ticket data includes, for example, data related to entertainment such as concerts, theme parks, movies, and theaters, and sightseeing such as hotels and travels. Other ticket information can be applied as long as the information is valid. Here, as an example, a data processing system 100 that performs a transaction using concert ticket data will be described.

First, each unit (ticket sales server 1, local server 2, portable terminal 3) constituting the data processing system 100 will be described.

The ticket sales server 1 is constituted by a general-purpose computer or the like, and establishes a Web page on which various ticket data including concert ticket data is placed on the communication network N, and provides the user of the portable terminal 3 with the Web page. Perform processing to sell tickets. Also,
The ticket sales server 1 has a public key notified in advance from the local server 2 and a public key notified in advance from the mobile terminal 3, and encrypts the ticket data using these public keys.

The local server 2 is a site where a user uses (executes) a ticket (for example, a concert hall).
And has a secret key for decrypting the ticket data encrypted by the ticket sales server 1. When the use of the ticket data is requested from the mobile terminal 3 connected for communication, the validity of the mobile terminal 3 and the user is determined,
If the ticket data is valid, the ticket data stored in the portable terminal 3 is obtained using the secret key, and the ticket data is decrypted using the secret key. If the decrypted ticket data is valid,
A process for using the ticket is performed.

The mobile terminal 3 is a portable terminal such as a PDA, a mobile phone, or a camera having a communication function. The mobile terminal 3 accesses a Web page opened by the ticket sales server 1 and is sold on the Web page. It is a terminal carried by the user who purchases the ticket. This mobile terminal 3 has a secret key for decrypting the ticket data transmitted from the ticket sales server 1. In addition, the mobile terminal 3
May be either a terminal owned by the user or a terminal lent by a ticket seller at the time of ticket purchase.

Next, a description will be given of a public key cryptosystem used as an example in the present embodiment. The public key cryptosystem encrypts and decrypts target data by using a public key and a secret key. For example, information encrypted with a public encryption key can be decrypted only with a corresponding private decryption key, and depending on a public decryption key, only information encrypted with a corresponding private encryption key is decrypted. be able to.

Using the public key encryption method described above,
An encryption / decryption procedure for performing decryption will be described with reference to FIG. Here, "Ticket information T"
Is ticket data that is not encrypted in the ticket sales server 1 and includes information that should be protected such as ticket validity. The “terminal display data D” is additional data for confirming the contents of the ticket information, and includes data for confirming a date, a place, a number of persons, and the like that can use the ticket. Here, when the ticket information T and the terminal display data D are encrypted, a code “′” is added to each of the codes “D” and “T”. Further, a symbol “″” indicates a case where encryption has been performed once, and a symbol “″” indicates a case where encryption has been performed twice.

First, the encryption procedure of the ticket information T encrypted by the ticket sales server 1
This will be described with reference to FIG.

In FIG. 2, the ticket sales server 1
The “ticket information T” is encrypted into the “ticket information T ′” using the public key notified in advance from the local server 2 (see the procedure number). Next, the ticket sales server 1
Adds “terminal display data D” to “ticket information T ′” (see procedure number). The ticket sales server 1 is notified of the encrypted ticket information T ′ (“ticket information T ′ + terminal display data D” shown in FIG. 2) to which the terminal display data D is added from the portable terminal 3 in advance. Or encrypted using the public key determined at the time of ticket sales (“(Ticket information T ′ + terminal display data D) ′” shown in FIG. 2, ie, “Ticket information T ″”).
+ Terminal display data D '"(see procedure number)).

The ticket data encrypted according to the above-mentioned procedure numbers (1) to (4) are decrypted stepwise in the portable terminal 3 and the local server 2. This decoding procedure will be described with reference to the procedure numbers 1 to. First, the “ticket information T ″” encrypted with the secret key of the mobile terminal 3.
+ Terminal display data D ') to "ticket information T' + terminal display data D" (see procedure number). At this time, the user of the mobile terminal 3 can decrypt only the terminal display data D that is not encrypted (that is, to which “′” is not added). Then, the user of the mobile terminal 3 that has decrypted the terminal display data D transmits “ticket information T ′” to the local server 2 when the date on which the ticket can be used is reached,
The “ticket information T ′” is decrypted into “ticket information T” using the secret key of the local server 2 (see procedure number).

Next, the internal configuration of the ticket sales server 1 shown in FIG. 1 will be described with reference to FIG.

In FIG. 3, the ticket sales server 1
CPU 11, display unit 12, input unit 13, transmission control unit 1
4, a RAM 15, a storage device 16, and a recording medium 17;
Connected by

CPU (Central Processing Unit) 11
Stores an application program designated from among various application programs corresponding to the ticket sales server 1 stored in the recording medium 17 in the storage device 16 in a work memory area in the RAM 15;
Various processes are executed in accordance with the application programs stored in the RAM 15, and the processing results are stored in a work memory area in the RAM 15, and the display unit 12
To display. Then, the processing result stored in the work memory area is stored in the storage destination of the recording medium 17 in the storage device 16.

When the public key is transmitted from the local server 2, the CPU 11 stores the public key in the storage area of the storage device 16 as the local server public key 16b. CPU1
When a ticket to be purchased is selected from a user of the mobile terminal 3 in a ticket purchase process (see FIG. 6) described later, the ticket data 1 is encrypted with the local server public key 16b. Further, the CPU 11 receives the public key of the encryption method designated by the user of the mobile terminal 3 and stores it in the storage area of the storage device 16 as the mobile terminal public key 16c. And, in the encrypted ticket data,
The information to which the terminal display data indicating the content of the ticket information is added is encrypted with the mobile terminal public key 16 c and transmitted to the mobile terminal 3. In addition, when transmission of purchaser information (user information) is requested from the local server 2, the CPU 11 transmits the user information to the local server 2. This user information is used in the local server 2 for user authentication or terminal authentication of the mobile terminal 3.

The display unit 12 includes a liquid crystal display panel, a CRT
(Cathode Ray Tube) etc.
The display data input from the PU 11 is displayed.

The input unit 13 includes a keyboard having cursor keys, numeric input keys, various function keys, and the like, and a mouse as a pointing device. An operation signal is output to the CPU 11.

The transmission control unit 14 has a modem (MODEM:
MOdulator / DEModulator) or a terminal adapter (TA: Terminal Adapter) for controlling communication with external devices such as the local server 2 and the portable terminal 3 via a communication line such as a telephone line or ISDN. .

The RAM (Random Access Memory) 15
It has a work memory area for storing the above-mentioned designated application program, input instructions, input data, processing results, and the like.

The storage device 16 has a recording medium 17 in which programs, data and the like are stored in advance, and this recording medium 17 is constituted by a magnetic or optical recording medium or a semiconductor memory. The recording medium 17 is fixedly provided in the storage device 16 or is detachably provided. The recording medium 17 includes a ticket purchase processing program as the system program and various application programs corresponding to the system. The data and the like processed by each processing program are stored.

The storage device 16 includes a ticket information database 16a for storing various ticket information (for example, ticket information T), a local server public key 16b for encrypting various ticket information and its additional data,
And a storage area for storing the mobile terminal public key 16c and the like.

Here, the local server public key 16b in the storage device 16 is key information released for encrypting the ticket data when the ticket is purchased. The encrypted ticket data is decrypted only by the secret key of the local server 2. The mobile terminal public key 16 c adds terminal display data (for example, terminal display data D) to the ticket data when transmitting the encrypted ticket data (for example, ticket information T ′) to the mobile terminal 3. The key information is publicly available for encrypting the information (ticket information T ′ + terminal display data D). The encrypted information (ticket information T ″ + terminal display data D ′) is It is decrypted only with the private key that it has. Note that the “ticket information T ″” is obtained by the secret key of the mobile terminal 3.
Since it is decrypted into “ticket information T ′”, the portable terminal 3
Then, only the terminal display data D can be decoded.

Next, the internal configuration of the local server 2 shown in FIG. 1 will be described with reference to FIG.

In FIG. 4, a local server 2 includes a CPU 2
1, display unit 22, input unit 23, transmission control unit 24, RAM
25, a storage device 26 and a recording medium 27, and each part except the recording medium 27 is connected by a bus 28.

The CPU 21 stores, in the work memory area in the RAM 25, an application program designated from among various application programs corresponding to the local server 2 stored in the recording medium 27 in the storage device 26. In accordance with the application program stored in the RAM 25, various processes are executed, and the processing results are stored in the work memory area in the RAM 25 and displayed on the display unit 22. Then, the processing result stored in the work memory area is stored in the recording medium 27 in the storage device 26.
Save to the destination.

In a local process (see FIG. 7) described later, the CPU 21 transmits a password transmitted from the portable terminal 3 and an identification number of the portable terminal 3 (for example, a telephone number,
Device number). Next, the CPU 21 requests the ticket sales server 1 to transmit the purchaser information, and the user information (the password,
And the identification number of the mobile terminal 3).
The validity of the mobile terminal 3 and its user is determined by comparing the information with the information received from the mobile terminal 3. When the validity can be confirmed, the CPU 21 decrypts the “ticket information T ′” transmitted from the mobile terminal 3 with the secret key 26a,
The service of the ticket data is provided to the user of the portable terminal 3.

The display section 22 is composed of a display device such as a liquid crystal display panel or a CRT, and displays display data input from the CPU 21.

The input unit 23 includes a keyboard having a cursor key, numeric input keys, various function keys, and the like, and a mouse as a pointing device. An operation signal is output to the CPU 21.

The transmission control unit 24 is constituted by a modem or a terminal adapter or the like, and transmits the ticket sales server 1 or the portable terminal 3 via a communication line such as a telephone line or ISDN.
And the like to perform communication with an external device.

The RAM 25 has a work memory area for storing the designated application programs, input instructions, input data, processing results, and the like.

The storage device 26 has a recording medium 27 in which programs and data are stored in advance, and this recording medium 27 is constituted by a magnetic or optical recording medium or a semiconductor memory. The recording medium 27 is fixedly provided in the storage device 26 or is detachably provided. The recording medium 27 includes a local processing program as the system program and various application programs corresponding to the system. The data and the like processed by the processing program are stored. Further, the storage device 26 is provided with a storage area for storing the secret key 26a and the like. The secret key 26a is key information for decrypting the ticket information T ′ encrypted by the ticket sales server 1 with the local server public key.

Next, the internal configuration of the portable terminal 3 shown in FIG. 1 will be described with reference to FIG.

In FIG. 5, the portable terminal 3 has a CPU 3
1, display unit 32, input unit 33, transmission control unit 34, RAM
35, a storage device 36, and a recording medium 37, and each part except the recording medium 37 is connected by a bus 38.

The CPU 31 stores an application program specified from various application programs corresponding to the portable terminal 3 stored in the recording medium 37 in the storage device 36 in a work memory area in the RAM 35. In accordance with the application program stored in the RAM 35, various processes are executed, and the processing results are stored in the work memory area in the RAM 35 and displayed on the display unit 32. Then, the processing result stored in the work memory area is stored in the recording medium 37 in the storage device 36.
Save to the destination.

The CPU 31 purchases a ticket from the ticket sales server 1 and transmits a public key for encrypting the purchased ticket data to the ticket sales server 1. Further, the CPU 31 decrypts the ticket data (ticket information T ″ + terminal display data D ′) transmitted from the ticket sales server 1 with the secret key 36a, and executes the local server on the exercise date of the ticket included in the terminal display data D The local server 2 sends an authentication request to the local server 2, inputs a password, makes the local server determine the validity of the user, and transmits the ticket information T 'to the local server 2.

The display section 32 is constituted by a display device such as a liquid crystal display panel, and displays display data inputted from the CPU 31.

The input unit 33 includes a keyboard having cursor keys, numeric input keys, various function keys, and the like, and outputs a press signal pressed by the keyboard to the CPU 31.

The transmission control unit 34 includes a mobile communication module, a modem, and the like, and communicates with external devices such as the ticket sales server 1 and the local server 2 via a communication line such as a mobile communication network, a telephone line, and an ISDN. It performs control for data communication and voice communication with another telephone terminal.

The RAM 35 has a work memory area for storing the designated application programs, input instructions, input data, processing results, and the like.

The storage device 36 has a recording medium 37 in which programs and data are stored in advance, and this recording medium 37 is constituted by a magnetic or optical recording medium or a semiconductor memory. The recording medium 37 is fixedly provided in the storage device 36 or is detachably provided. The recording medium 37 includes a local processing program as the system program and various application programs corresponding to the system. The data and the like processed by the processing program are stored. Further, the storage device 36 is provided with a storage area for storing the secret key 36a and the like. The secret key 36a is key information for decrypting information (ticket information T ″ + terminal display data D ′) encrypted by the ticket sales server 1 with the mobile terminal public key.

Next, the operation will be described. The ticket purchase process executed by the CPU 11 of the ticket sales server 1 will be described based on the flowchart shown in FIG.
Here, a program for realizing each function described in this flowchart is stored in the recording medium 17 in the form of a readable program code.
U11 sequentially executes the operation according to the program code. Further, the CPU 11 can also sequentially execute an operation according to the above-described program code transmitted via the transmission medium. That is, an operation specific to this embodiment can be executed using a program / data externally supplied via a transmission medium in addition to the recording medium 17.

In FIG. 6, when the portable terminal 3 accesses the ticket sales server 1 via the communication network N, the CPU 11 receives a request for user authentication (step A1). When user authentication is requested from the mobile terminal 3 (step A1; YES), the CPU 11 determines whether or not user registration has been performed (step A2), and if user registration has been performed (step A2; YES). If the user registration has not been made (step A2; NO), the user registration (sends a user registration page to the user of the mobile terminal 3 and sends the address, name, telephone number,
Input of device number, personal identification number, etc. of mobile terminal 3 is accepted)
(Step A3).

Then, the CPU 11 determines whether or not the user is qualified to purchase a ticket (step A).
4), if the user is not qualified to purchase a ticket (step A4; NO), the CPU 11 transmits an error message to the portable terminal 3 (step A5), and ends the ticket purchase processing of FIG. If the user is qualified to purchase a ticket (step A4; YES), the fact that the user has been authenticated is transmitted to the portable terminal 3 (step A).
6).

Next, the CPU 11 receives the ticket payment method transmitted from the portable terminal 3 (step A).
7) It is determined whether there is no omission or the like in the payment method (step A8). If there is any omission in the payment method (step A8; NO), a message such as "There is an item that has not been entered" is transmitted to the portable terminal 3 (step A9), and the process returns to step A7. If there is no omission in the payment method (Step A8; YE
S), a message such as "Payment method has been confirmed" is transmitted to the mobile terminal 3 (step A10).

Next, the CPU 11 accepts a request for a ticket menu from the portable terminal 3 (step A11). When a request for the ticket menu is made from the portable terminal 3 (step A11; YES), the CPU 11 proceeds to the step S11. A list of ticket menus is transmitted to the mobile terminal 3 (step A12). After that, one of the ticket menus is selected from the ticket menu on the mobile terminal 3,
Upon receiving the selection information (step A13; YE
S), confirming the contents of the selection information, reading the ticket information corresponding to the selection information from the ticket information DB,
The ticket information is encrypted with the local server public key 16b (step A14).

Next, the CPU 11 determines whether or not the encryption method has been determined with the portable terminal 3 (step A15), and if the encryption method has been determined with the portable terminal 3 (step A15). Step A15; YES), and proceeds to Step A17. If the encryption method has not been determined with the mobile terminal 3 (step A15; NO), the encryption method is determined (step A16), and the public key transmitted from the mobile terminal 3 is received. Public key for mobile terminal 16c
(Step A17).

Then, the CPU 11 encrypts the information obtained by adding the terminal display data D indicating the ticket content to the ticket information T 'encrypted in step A14 using the key information of the portable terminal public key 16c (step A1).
8) Transmit the encrypted information (ticket information T ″ + terminal display data D ′) to the portable terminal 3 (step A1).
9), a notification of ticket sales completion is transmitted to the mobile terminal 3 (step A20), and the ticket purchase processing of FIG. 6 ends.

At this stage, the portable terminal 3 obtains the ticket information T ″ encrypted in two steps by the key information of the local server public key 16b and the portable terminal public key 16c, and the portable terminal public key 16c. And the terminal display data D ′ encrypted in one step by the key information of the terminal display data D ′. When the mobile terminal 3 decrypts the information received by the secret key 36a, only the terminal display data D is converted into a format that can be output to the display unit 32, and the ticket information T cannot be completely decrypted. Therefore, in the mobile terminal 3, additional information of the purchased ticket can be confirmed by the information included in the terminal display data. However, since the important data portion related to the validity of the ticket and the like is still encrypted, the mobile terminal 3 is not encrypted. Even if 3 is operated, the information of the ticket cannot be changed. When the user of the mobile terminal 3 who decrypts the terminal display data of the received information uses the purchased ticket, the user carries the mobile terminal 3 to the site on the date when the ticket can be used, and goes to the local server. Access 2

Next, by access from the portable terminal 3,
The on-site processing executed by the CPU 21 of the on-site server 2 will be described based on the flowchart shown in FIG.

In FIG. 7, when the portable terminal 3 accesses the local server 2 via the communication network N, C
The PU 21 receives a user authentication request from the mobile terminal 3. When user authentication is requested (step B1; YE
S), the CPU 21 requests the mobile terminal 3 to input a personal identification number (step B2), and receives the personal identification number transmitted from the mobile terminal 3 (step B3).

The CPU 21 receives ticket purchaser information (user information) from the ticket sales server 1,
By comparing the personal identification number and the identification number of the portable terminal 3 included in the user information with the personal identification number and the identification number of the portable terminal 3 (telephone number or device number) transmitted from the portable terminal 3, Then, the validity of the user is confirmed (step B4). If the mobile terminal 3 and its user are not valid (step B4; NO), the CP
U21 transmits an error message to mobile terminal 3 (step B5), and ends the local processing in FIG.

If the portable terminal 3 and its user are valid (step B4; YES), the CPU 21 transmits to the portable terminal 3 that the user has been authenticated (step B4).
6), receive the ticket information T 'transmitted from the mobile terminal 3 (step B7). Then, the CPU 21 decrypts the ticket information T 'using the secret key 26a (step B8), and determines whether or not the ticket information T' can be decrypted (step B9). If the ticket information T 'is not decipherable (step B9; NO), the CPU 21 transmits an error message to the portable terminal 3 (step B10),
The on-site processing in FIG. 7 ends. If the ticket information T ′ is decipherable and the ticket information T ′ is valid ticket information that satisfies the service use conditions (step B9; YES), the local server 2 To provide a service (step B11),
Alternatively, a process for providing a service is performed, a service completion notification is transmitted to the mobile terminal 3 (step B12), and the local process in FIG. 7 ends.

As described above, the ticket sales server 1
Information obtained by encrypting the ticket information purchased by the user of the mobile terminal 3 with the local server public key and adding terminal display data indicating the contents of the encrypted ticket data (encrypted ticket information + terminal display data) Is further encrypted with the mobile terminal public key and transmitted to the mobile terminal 3. In addition, the ticket sales server 1 transmits ticket purchaser information in response to a request from the local server 2.
Further, the mobile terminal 3 decrypts the transmitted information (encrypted ticket information + terminal display data) using the secret key, and converts the terminal display data of the transmitted information into the display unit of the mobile terminal 3. 32 is displayed. The user can decode the terminal display data. Then, the user who has decrypted the terminal display data can use the local server 2 on the date when the ticket can be used.
To request authentication. And local server 2
Requests the ticket sales server 1 to transmit purchaser information, compares the received purchaser information with the password transmitted from the user of the mobile terminal 3 and the identification number of the mobile terminal 3, and checks the validity of the user. The ticket data is received from the mobile terminal 3 only when it is determined that the user is a valid user and the mobile terminal 3 is valid.
The ticket data is decrypted using the secret key.

Therefore, the ticket sales server 1 uses the public key notified in advance from the local server 2 of the place where the ticket is exercised and the public key notified in advance from the portable terminal 3 carried by the ticket purchaser. Since the information can be encrypted in two steps, forgery of the ticket becomes difficult and unauthorized use of the ticket can be prevented. Further, by registering the user information and the terminal information of the user who purchases the ticket, the user who exercises the ticket can be restricted. Therefore, even if the portable terminal 3 is lost, the user can exercise the right of the ticket. can do. When the terminal display data (additional data) is additional information relating to the ticket data (processing target data), the information relating to the processing target data (ticket expiration date, venue, etc.) is used as the additional information. Since the confirmation can be made at the second terminal, a highly practical data processing system can be provided.

In the above-described embodiment, the user of the portable terminal 3 is authenticated by using a personal identification number. However, any user who can identify an individual, such as a password, voice, or fingerprint, may be used. If voice recognition or fingerprint authentication is performed, it is possible to identify individuals more reliably.

In the above-described embodiment, the validity of the ticket is cited as the information included in the ticket data to be encrypted. However, information such as user information of the ticket purchaser and the like whose security is to be protected is further included. It may be.

In the above-described embodiment, the ticket sales server 1 and the local server 2 have been described as being constituted by general-purpose computers.
May be configured by a data distribution terminal installed in a convenience store, a station, a ticket sales counter, or the like. Further, the local server 2 may be provided in, for example, a computer that controls an entrance / exit gate installed in a concert hall. In this case, the user may directly connect to the ticket sales server 1 or the local server 2 without using the Internet by using a transmission medium such as infrared communication or short-range wireless communication of a portable terminal or a cable.

Further, the servers 1 and 2 may be configured by one computer, or a plurality of computers may be a LAN (Local Area Network), a WAN (Wide
(Area Network), an intranet, or a computer network system communicatively connected via a network such as the Internet. In the case of a computer network system configured by a plurality of computers, it is desirable that the processes executed to realize the above functions be distributed and processed by the computers.

[0078]

According to the first aspect of the present invention, the processing target data to be processed by the third terminal is encrypted so that it cannot be decrypted by the second terminal but can be decrypted by the third terminal. Since the data is transmitted from the first terminal to the third terminal via the second terminal, the data to be processed in the second terminal is prevented from being falsified, and the security is guaranteed. Further, the additional data output from the second terminal is encrypted by the second encryption means so that the additional data can be decrypted by the second terminal, and is transmitted from the first terminal to the second terminal. Tampering of additional data during data transmission is prevented, and security is ensured.

According to the second aspect of the present invention, the data to be processed is encrypted with an encryption key unique to the third terminal, and the first encrypted data is encrypted with an encryption key unique to the second terminal. Since the processing target data and the additional data encrypted by the means can be encrypted, the processing target data is encrypted with two different encryption keys, and the processing target data is encrypted by the first terminal via the second terminal. When transmitted to the third terminal, the data to be processed in the second terminal is prevented from being falsified, and security is guaranteed.

According to the third aspect of the present invention, since the data to be processed includes at least electronic ticket data, tampering of the ticket data is prevented, and security is ensured.

According to the invention described in claim 4, the processing target data to be processed in the third terminal is encrypted so that it cannot be decrypted by the second terminal but can be decrypted by the third terminal. Third from the first terminal via the second terminal
Since the data is transmitted to the second terminal, the data to be processed in the second terminal can be prevented from being falsified, and a data processing method that ensures security can be easily provided. The additional data output from the second terminal is transmitted to the second terminal by the second encryption means.
Since the data is encrypted so that it can be decrypted by the first terminal and transmitted from the first terminal to the second terminal, it is possible to provide a data processing method in which additional data is prevented from being falsified at the time of data transmission and security is ensured.

[Brief description of the drawings]

FIG. 1 is a diagram showing a system configuration of a data encryption system 100.

FIG. 2 is a diagram illustrating an encryption / decryption procedure according to the present embodiment.

FIG. 3 is a diagram showing an internal configuration of the ticket sales server 1.

FIG. 4 is a diagram showing an internal configuration of a local server 2.

FIG. 5 is a diagram showing an internal configuration of the portable terminal 3.

FIG. 6 is a flowchart illustrating a flow of a ticket purchase process.

FIG. 7 is a flowchart showing a flow of a local process.

[Explanation of symbols]

 Reference Signs List 1 ticket sales server 11 CPU 12 display unit 13 input unit 14 transmission control unit 15 RAM 16 storage device 16a ticket information database 16b local server public key 16c portable terminal public key 17 recording medium 18 bus 2 local server 21 CPU 22 display unit Reference Signs List 23 input unit 24 transmission control unit 25 RAM 26 storage device 26a secret key 27 recording medium 28 bus 3 portable terminal 31 CPU 32 display unit 33 input unit 34 transmission control unit 35 RAM 36 storage device 36a secret key 37 recording medium 38 bus 100 data Processing system D Terminal display data N Communication network T Ticket information

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04L 9/14 H04L 9/00 641 9/32 673A 673B 675D

Claims (4)

[Claims] 1. Data for transmitting transmission data transmitted from a first terminal to a third terminal via a second terminal, and processing data to be processed included in the transmission data at the third terminal. A processing system, wherein the first terminal encrypts the data to be processed so that the data can be decrypted by the third terminal; and the first terminal encrypts the data to be processed by the first terminal. Additional data to be output to the second terminal is added to the data to be processed, and the data is further encrypted so that the additional data can be decrypted by the second terminal. Second
Data processing means for transmitting to the second terminal the processing target data and the additional data encrypted by the second encryption means as transmission data. system. 2. The method according to claim 1, wherein the first encrypting means encrypts the data to be processed using an encryption key stored in the first terminal and unique to the third terminal, Means for encrypting the processing target data and the additional data encrypted by the first encryption means using an encryption key unique to the second terminal stored in the first terminal. The data processing system according to claim 1, wherein: 3. The data to be processed includes at least electronic ticket data.
Or the data processing system according to 2. 4. Data for transmitting transmission data transmitted from a first terminal to a third terminal via a second terminal, and processing data to be processed included in the transmission data at the third terminal. A processing method, wherein the first terminal encrypts the data to be processed so that the data can be decrypted by the third terminal, and encrypts the data by the first encryption step. Additional data to be output to the second terminal is added to the data to be processed, and the data is further encrypted so that the additional data can be decrypted by the second terminal. Second
And a data transmission step of transmitting the processing target data and the additional data encrypted by the second encryption step as transmission data to the second terminal. Data processing method to be performed.