JP2002215891A - Electronic point card method, and method, program and recording medium for issuing electronic point - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce the amount of calculation executed by a point issuing center. SOLUTION: A point issuing center receives the hash value h(SVu) of secret information SVu from a user in advance. If receiving a first point request Req, the center selects a piece of information from SVs, SVs', SVs" and more, and sends hn(SVs, h(SVu)) with signature to the user as PNT. If receiving a second or later point request Req=(previous PNT, h(SVu)), the center calculates the hash order t of a previous PNT. For the accumulated point number h, if the order t is greater than a value b, ht-b (SVs, h(SVn))=PNT is sent to the user. If not, hn-(b-t) (SVs', h(SVu))=PNT, and hn (SVs', h(SVu)) and its signature are sent to the user.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION The present invention relates to a system in which points are issued according to the amount of money or the number of times of use, and various services can be received in accordance with the number of points accumulated. The present invention relates to an electronic point card method that is implemented electronically in a situation where there are a large number of users that can be accessed offline.

[0002]

2. Description of the Related Art In a conventional electronic point card method, a user is registered in advance with a point issuing organization, and the point issuing organization manages the accumulated points at that time. . JP-A-10-78989, point card service system in a virtual shopping mall JP-A-2000-268094, merchandise point management system A method using a one-way function is considered for this method.
The one-way function is defined as follows: when x is given, from x, y = h
It is a function that is easy to find (x), but it is difficult to find x such that y = h (x) when y is given. The following can be considered as a method of an electronic reward card using the one-way function h. That point issuing organization holds the secret information SV _s, for the SV _s, a one-way function is applied m _{^{times, h m (SV s) =}} h (h (... h (SV s)) ...) ( the number of h calculates a m), the value h ^m (SV _s) to the user, performs a secure method, such as digital signatures, i.e. the m times one-way function h to this value SV _s We guarantee that we gave and hand.
This means that, as shown in FIG. 12, the user has received the point card with the number of points of one. Where h ^m (SV
m in _s ) is the number of times the one-way function h has been applied to SV _s , and is called the order.

[0003] After that, the user enters the point number w.
When applying, PNT = h^m(SV _s) The point issuing machine
Send to Seki, point issuing organization is SV_sOne-way
Apply function h and match the PNT sent,
Calculate the number of times (order) t to apply the one-way function (second application)
T = m), tw is calculated, and SV_sFor t-
The value h obtained by applying the one-way function w times^tw(SV_s)
Then, this is the number of points w
Return to the user as a new point PNT
You.

[0004] The user receives the PNT, and receives the PNT.
Is applied w times to obtain h ^w (PNT), verify that this value matches the previous PNT (in this case, h ^m (SV _s )), and verify that the point is correct. , It can be confirmed that it has been issued by the point issuing organization. In this way, as shown in FIG. 12, a value in which the number of applications of the one-way function h decreases according to the number of accumulated points is given to the user as the accumulated number of points. In this way, the point issuing organization only needs to generate a one-way function according to the number of applied points and send it to the user as a point, and the user must confirm that the sent point is correct. Can be.

[0005]

However, in the method using the one-way function, every time a user requests a point, the PNT corresponding to the point being applied and the SV
_{From the} number of applications of the one-way function h to _{s, the} accumulated value of points up to that point is checked, and the number of applications of the one-way function corresponding to the number of points to be newly added is determined from the accumulated value. Since the sex function application value is obtained and sent to the user as a point PNT, there is a problem that the amount of calculation at the point issuing organization is large.

[0006]

According to the first aspect of the present invention, the user makes a first point request by req = h (SV _u ) obtained by applying a one-way function h to the user's secret information SV _u and S
core (= 0) is sent to the point issuing organization,
When point issuing authority receives a point billing, secret point issuing authority SV _s value was applied to one-way function h with respect to _{Req PNT = h (SV s,} Req) and, S
The score obtained by adding +1 to the core is sent to the user. The user sets the PNT sent for the previous point request as Req for the second and subsequent point requests, and this and Sc
ore is sent to the point issuing organization, and the point issuing organization performs the same processing.

[0007] When the point issuing organization issues b (b is an integer of 2 or more) at a time, it applies the one-way function h to Req b times using SV _s. to PNT = h (SV _s using the SV _s for each 1 _{times, h (SV s, ...,} h (SV s, Re
q)...)) (number b of h) is calculated to create a PNT, the Score is updated by + b, and the PNT and the Score are sent to the user.

[0008] According to the second aspect of the invention, S made from SV _{s
V s, h (SV s)} , h 2 (SV s), ... and to be referred to as a series of SV _s, a h ^a (SV _s) is SV _s for a one-way function h by the value of applying a times Yes, a is called an order,
The user makes the first point request in Req = h (S
Done by sending to create a V _u) to the point issuing organization, point issuing authority PNT = h ⁿ to create a _{(SV s, h (SV u} )), to the user by performing a safety handle this as a point Send it, and request a point from the next time,
= (Previous PNT, h (SV _u )) to the point issuing institution, and the point issuing institution
The order t of NT is calculated, and if t> 1, PNT = h
_{^{t-1 (SV s, h}} (SV u)) a, t <1, then to transfer the series PNT = h ⁿ (SV _s' , h (SV _u )) is subjected to security processing and sent to the user.

When the point issuing organization issues points of b points (b is an integer of 2 or more) at a time, if t> b with respect to the order t of the received previous PNT, PNT = ^htb (SV
_s , h (SV _u )) to the user, and if t < b, the sequence is changed to h ⁿ (SV _s ′). , h (SV _u )) and PNT = h
^{n- (bt)} (SV _s ′ , h (SV _u )) is subjected to security processing to at least the former and sent to the user. In the third invention, the point issuing authority in advance by using the received user ^{_{h (SV u) h n +}} 1 (SV s, h (SV u)), h n + 1 (SV s', h (S
^{_{V u)), h n +}} 1 (SV s ", h (SV u)), ... it sent to the user by performing a collectively safety process, the first time a user point according to Req = h n + ¹ ( SV _s , h (SV _u )), and from the second time onward, Req = (previous PNT, h (SV _u )) is sent to the point issuing organization, and the point issuing organization includes the previous PNT in Req. Otherwise, PNT = h ⁿ (SV _s ,
h (SV _u )) is determined by determining the order t of the PNT if the previous PNT is included, and PNT = h if t> 1.
_{^{t-1 (SV s, h}} (SV u)) a, t <1 if h ⁿ (SV _s',
h (SV _u )) to the user. The processing when point issuing authority that issues at a point of the point b (b is an integer of 2 or more) at a time, t> b if _{^{PNT = h tb (SV s,}} h (S
V _u )), and if t < b, change the sequence to PNT = h
^n- the _{^{(bt) (SV s',}} h (SV u)) send to the user.

[0010]

BRIEF DESCRIPTION OF THE DRAWINGS FIG.
As shown in FIG. 1, a plurality of user devices 100 and point issue
Data is transmitted from the engine device 200 via the network 300
Are described as being transmitted and received by
Network does not need to be connected,
For example, if the user device is a portable terminal such as an IC card,
The point issuing agency equipment is installed at the store, and both
Data may be directly exchanged. First Embodiment The user device 100 is shown in FIG.
0 are respectively shown in FIG.
User information ID in storage unit 101_u, Secret information SV _uRemember
The storage unit 20 of the point issuing organization device 200
1. Secret information SV_sIs stored.

As shown in FIG. 4, the user apparatus 100 inputs ID _u and SV _u to the one-way function calculation unit 102 at the time of requesting the first point, applies the one-way function h, and applies Req = h
(ID _u , SV _u ) is calculated, and this Req and Score are calculated.
(= 0) is transmitted by the transmission unit 104 to the point issuing institution apparatus 200 as a point request in the point request creation unit 103. Points issuer equipment 200 that has received them in the receiving unit 202 applies the one-way function h to enter the Req and SV _s one-way function calculating unit _{203 PNT = h (SV s,} Req) (= H (SV _s , h (I
D _u, SV _u))) to create a further score updating unit 204
The score is incremented by 1 and updated, and these are added to PNT and Sc.
Transmitting unit 205 to user device 100 as an ore point
I will send it back. When the receiving unit 105 receives the points PNT and Score in the receiving unit 105, the user unit 100 stores the points PNT and Score in the storage unit 101.

In the second and subsequent point requests, the user device 100 uses the PNT and the Score received from the previous point issuing institution device 200 to generate a point request.
In step 3, the transmitting unit 104 transmits Req (= PNT) and Score as a point request to the point issuing institution apparatus 200. The point issuing institution apparatus 200 performs the same processing as the first time for the received point request. Score
There Upon reaching the number of full amount specified point, the user device 100 PNT at that time, Score and ID _u, points issuer equipment from the transmission unit 104 SV _u as full amount notification 200
Send to And these data points issuer equipment 200 received from the user device 100, enter the SV _s verification unit 206, the PNT was created is decorated Score times one-way function, i.e., SV _u, h (SV _u, ID _u) was calculated by applying the one-way function h to ID _u, Scor using SV _s to h (SV _u, ID _u)
e times (e.g. m times) applying a one-way function using the SV _s for each application _{h (SV s, h (SV} s, (SV s, ..., h (SV s, h
(SV _u, ID _{u) ...))) h (SV u} , the number of ID _u) other than h calculates the m, to ensure that this calculation result and PNT matches, also received SV _u, is the same as the ID _u database 207 is not registered, and the S
V _u and ID _u are additionally registered in the database 207 as the full-reaching person. This allows the user to receive, for example, a service based on the point being full. When a new point request is made from the user device 100, the procedure shown in FIG. 4 is performed using secret information SV _u ′ that has not been used so far. If the full notice is received and the SV _u and ID _u are already registered in the database 207, the point service for the full notice has already been completed, and double use is prevented.

In this embodiment, the point issuing institution 200 only needs to apply the one-way function once for each point request, and the amount of calculation is small. Further, it is not necessary to reveal the user until the notification of the full amount, and the confidentiality is maintained until then. In this case, the point issuing organization device 2
The processing procedure of 00 is as shown in FIG. That is, if there is an input (S1), and if a point is requested (S2), the Sco
re is incremented by 1 (S3) or h (SV _s , Re
q) is calculated to obtain PNT (S4), and PNT and Sco
re is sent to the user device 100 (S5).

[0014] If the full amount notified in step S2 (if not point _{claims), Req ← h (SV u} , ID u) was _{calculated, Req ← h (SV s,} Req) to the Score count calculation (S6) If the calculation result is equal to the PNT (S7), it is checked whether SV _u and ID _u are registered in the database (S8).
V _u, additionally registers the ID _u in the database (S9).
Step S8 may be performed before steps S6 and S7. If they do not match in step S7, or if they are double used in step S8, a rejection notice is given in response to the full notice (S10). Second Embodiment This second embodiment is a method for issuing change points in addition to the first embodiment. That is, when the score is greater than the full number of points m when the full amount is notified, a new point card is issued for the excess. Requesting points and issuing points are the same as in the first embodiment.

When the score reaches the prescribed number of full points,
And, when the Score exceeds the full-value prescribed point number, the user apparatus 100 sets the PNT, Score and I at that time.
D _u, SV _u and SV _u 'h prepared using the (ID _u, SV _u' different SV _u is a) point issuing authority apparatus 2
Send to 00. Points issuer equipment 200 and those of the data received from the user, using the SV _s, PN
The T was created is decorated Score times one-way function, and this from the database 207 to verify that it is not one that is double used, added to the database 207 SV _u, the ID _u as full amount reached's register. These operations are the same as in the first embodiment.

The point issuing institution apparatus 200 further obtains a value Score exceeding the number m of the full amount prescribed points.
−m = α, and the received h (ID _u , SV _u ′) and SV
_The unidirectional function h is repeatedly applied α times to h (ID _u , SV _u ′) using SV _s using h _s , and PNT = h ( _S V _s ) using SV _s for each application. , h (SV _s , ..., h (SV _s , h (I
_{D u, SV u '))} ...)) h (ID u, SV u' number of h with the exception of) is calculated which is the α, this value as the PNT, user this with Score = α as your fishing point It is returned to the device 100. The user device 100 can newly use this as a point where Score = α. As shown by the broken line in FIG. 5, if the Score is larger than the full amount point m (S11), the difference α is determined (S11).
12), Req ← h (SV _u ′, ID _u ) is obtained, and Req
← h (SV _s , Req) is performed α times to obtain PNT (S
13), the PNT and Score = α are sent to the user device 100 as change points (S14).

In this example, the user apparatus 100 transmits secret information SV _u ′ of a different user in addition to the previously used SV _u at the time of the full notice when the Score exceeds the prescribed number m of the full amount. SV _u ′). Transmission of SV _u 'or h (SV _u') is sure that the Score received at point issuer equipment 200 is higher than the full amount points, new user private information points issuer equipment 200 to user equipment 100 May be requested and received. Third Embodiment In the first embodiment, one score is added for each point request, but one or more points may be added. In this case, the point issuing institution apparatus 200 applies the one-way function h to the Req received from the user apparatus 100 using the SV _s for each application.
done b times with _{s, PNT = h (SV s} , h (SV s, ..., h (SV s, Re
q)...)) The number of h calculates b, adds Score by b, and transmits the added Score and PNT to the user apparatus 100.
Here, b is an integer of 1 or more, and b or a value or data corresponding to b together with Req and Score is sent from the user device 100 to the point issuing institution device 200,
When a value or data corresponding to b is sent to the point issuing institution apparatus 200, it is converted to b and processed.

[0018] In the embodiments described above, at the point issuer equipment 200, when the one-way function calculation using the secret information SV _s, each time, different secret information S
V _s1 , SV _s2 , SV _s3 ,... _May be used sequentially. Fourth Embodiment points issuer equipment 200 SV _s, SV _{s', S}
V _s ″,..., And the user apparatus 100 outputs SV _u , SV _u ′, SV
_u ″,... are each secret information. User information of the user device 100 is ID _u .

At the time of requesting the first points, the user apparatus 100 sets Req = h (SV _u ) to the point issuing institution apparatus 20.
Pass to 0. As shown in FIG.
0 receives these (S1), and PNT = h ⁿ (S
V _s, and calculates _{h (SV u)) (S2} ), due the PNT digital signature to be subjected to a safety process (S
3) Transmit to the user device 100 (S4). In the next point request, the user device 100 transmits Req to the point issuing institution device as Req = (previous PNT, h (SV _u )). Upon receipt of this (S5), the point issuing institution apparatus 200 calculates the order (number of times h has been applied) t of the (previous PNT) included in the Req (S6), that is, the initial value when applied many times a one-way function h ⁿ to check equal to _{(SV s, h (SV u} )), the value is the order t the number of applications was subtracted from the n of that time, the order If t is t> 1, (S
^{7), PNT = h t-} 1 to calculate the _{(SV s, h (SV u} )) (S8), and transmits the PNT to the user device 100 (S9). If t is t <1, the next SV from the SV _s series
_s 'series and switch to PNT = h ⁿ (SV _s ', h (S
V _u )) (S10), the PNT is subjected to security processing such as digital signature (S11), and the user equipment 1
Send to 00.

As shown i.e. in Fig. 7, for example first SV _s
H ⁿ as sequence _{(SV s, h (SV u} )) transmitted by performing safety processing to the user equipment 100 to the first point, thus the user device 100 receives _{^{h n (SV s, h (}} SV u) )
Can be verified to be the first point, or it is guaranteed to be the first point. H ^t orders t the one-way function _{(SV s, h (SV u} )) is reduced by one in sequence each time performing points claims. The user apparatus 100 repeatedly applies the one-way function h to the received PNT,
First received h ⁿ from the number of application times when consistent with _{(SV s, h (SV u} )), it can be confirmed that there is no error in the number of points received PNT.

The point request is repeated, and h (SV _s , h
(SV _u )), that is, the next point request charged up to n points, that is, for the (n + 1) -point, is changed to another one-way function h ⁿ ( _S SV _s , h (SV _u )) of the SV _s sequence,
Similarly, a PNT in which the number of applications of the one-way function h is reduced by one for each point request is generated, and the number of points becomes 2n, that is, PNT = h (SV _s ′). , h (S
Becomes V _u)), the next point claims, that is, when 2n + 1 point in the billing is carried out further one-way function of another SV _s sequence h ⁿ (SV _s ", switch onto h (SV _u)) the _{^{PNT = h n (SV s "}} , h (SV u)) is transmitted is subjected to safety processing to the user equipment 100.

For example, if it becomes full at 3n points, it means that one place of the SV _s sequence is divided into three as compared with the case shown in FIG. 12, and PNT issuance in each SV _s sequence The number of repetitions of the one-way function at the time can be reduced. PNT with full amount notified when the number of points PNT becomes full amount at the user device 100, SV _u, and transmits h a (SV _u ') to the point issuer equipment 200 as necessary. Points issuer equipment 200 as shown in FIG. 8 receives these (S1), the received SV _u is registered in the database 207, i.e. checks whether dual use (S2), if a double use The one-way function h is applied to the received SV _u to obtain h (SV _u ), and the one-way function h is applied n times using this and SV _s to obtain h ⁿ (SV
_s , h (SV _u )), and this value is
Transmitted h ⁿ to 00 investigated it matches _{(SV s, h (SV u} )), as well _{^{h n (SV s', h}} (SV u)), h n (S
V _s ″, h (SV _u )) and checks whether they match those previously transmitted, and the received PNT is h (S
_{V s ", h (SV u} )) and examined for a match (S3). Note that this confirmation is for example _{^{h n (SV s", h}} (SV u) and), h
May only with _{(SV s ", h (SV} u)). If these match is verified additionally registers the SV _u in the database 207 (S4). The received h (SV _u ') The following point Used for issuing cards.

Next, a case where the number of points to be added at one time in the point engine device 200 is not limited to 1 and a case where the number is applied to the multiple one-way function series shown in FIG. 7 will be described. The number of points b to be added by the point institution device 200 is an integer of 1 or more. This b is the case where the value is transmitted from the user device 100 and the case where the corresponding value or data is received and converted into the number of points b. There is. The processing in this case is the same as that of steps S1 to S6 in the processing shown in FIG. After calculating the order t of the previous PNT in step S6, it is checked whether t> b as shown in FIG. 7 (S7), and t> b
Value, if _{^{h tb (SV s, h (}} SV u)) the calculation results calculated as PNT (S8), the user equipment 1 that PNT
00 (S9).

If t> b is not satisfied in step S7, SV _s
Transfer series, h ^{n- (b -t)} In this example (SV _s', h _(S
V _u)) was calculated which was a PNT, yet h ⁿ (SV _s', h
(SV _u )) is calculated (S10). _{^{h n (SV s', h}} (S
V _u )) is subjected to security processing such as a digital signature (S11), and Sig _b (h ⁿ (SV
_s ′, h (SV _u ))) and the PNT are transmitted to the user apparatus 100 (S12). Incidentally, if b is plural when the first point according _{^{h n (SV s, h (}} SV u)) PNT = h together with a letter by performing safety processing _{^{nb-1 (SV s, h}} (SV u)) and It may be sent to the user device.

[0025] After confirming the validity of the PNT received to do your fishing point issuing the full amount notification processing in the case of using the plurality of sequences of SV _s shown in FIG. 7, FIG. 8
If the point number d of the PNT is larger than the full amount point e as shown by a broken line in FIG.
6), h (S) obtained by applying a one-way function h to secret information SV _u ′ different from the user secret information SV _{u up} to that time.
V _u ′) and from the beginning of a plurality of SV _s sequences,
_{^{h nr (SV s, h (}} SV u ')) was calculated, which was with your fishing point PNT, also _{^{h n (SV s, h (}} SV u'))
It was calculated ^{(S7), h n (SV} s, h (SV u ')) to the subjected to safety process (S8), and transmits this with Otsuri point PNT to the user equipment 100 (S9). In this example, the point number 3n is the upper limit of the number of points that can be expressed by this system, and the full point e is a value less than 3n. It is another example of using the fifth embodiment the plurality of SV _s sequence. In advance, the user device assigns h (SV _u ) to the point issuing institution device 200
When the point issuing institution apparatus 200 receives h (SV _u ) as shown in FIG. 10 (S1), h ^{k + 1} (S
V _s , h (SV _u )), h ^k (SV _s ′, h (SV _u )), h ^k (S
V _s ″, h (SV _u )),... (S2), perform security processing on them collectively (S3),
00 (S4). At this stage, it is 0 points.

At the time of requesting a point, the user apparatus 100 transmits Req = h ^{n + 1} (SV _s , h (SV _u )) for the first time. The point issuing institution apparatus 200 has a point request R
When eq is received (S5), it is checked whether it is the first one, that is, whether its Req is ^equal to h ^{n + 1} (SV _s , h (SV _u )) (S6), and if they are equal, PNT = h ⁿ ( SV _s , h
(SV _u )) is calculated (S7), and the calculation result is transmitted to the user apparatus 100 as PNT (S8). In the case of the second or subsequent point request, the user device 100 sets Req =
(PNT, h (SV _u ) of the previous time) is passed to the point issuing agency 200. H ^{n + 1} Req points issuer equipment 200 received is at step _{S6 (SV s, h (SV} u))
Previous degree of PNT in Req If they do not match with the received and calculated t (h is the number of times has been performed) (S9), if the t is t> a 1 (S10), PNT = h t- ¹ (SV
_s , h (SV _u )) is calculated (S11), and the result is calculated as PN
It is transmitted to the user device 100 as T (S8). Calculated t is 'then change the sequence h ^k (SV _s' from SV _s sequence if t <1 SV _s compute _{the, h (SV u)) (} S1
2), the calculation result is returned to the user device 100 as PNT.

That is, in this case, as shown in FIG.
If V _s series of three, as is understood from comparison with FIG. 7, initially each series SV _s, SV _s', N + 1 of SV _s ″
Because the following one-way function value is sent subjected safety processing to the user equipment, when to switch the SV _s sequence, safety processing for the first value of the transfer were sequence (highest degree) No need to apply. The number of points to be given and the value of PNT are the same in FIG. 7 and FIG. Since the value of the (n + 1) th order is safely transmitted for each sequence in the user device 100,
Confirmation of whether the PNT is correct can be performed in the same manner as in the case of FIG.

Also in the fifth embodiment, the point
Adding more than one point at a time with the line agency 200
Can also. The processing in this case is performed in steps S1 to S1 in FIG.
The same processing as in step S6 is performed.
PNT = h, where b is the number of ^{n-b + 1}(SV_s, h (S
V_u)), And in step S10, it is checked whether t> b.
If t> b, PNT = h in step S11.^tb(S
V_s, h (SV_u)), And if t> b, the step
PNT = h in step S12^{n- (bt)}(SV_s', H (SV_u))
Can be calculated.

The full amount notified in the method shown in FIG. 11 PNT, SV _u, h and (SV _u ') feeding to a point issuer equipment 200 as necessary, and as shown in FIG. 8 at point issuer equipment 200 However, in this case, the one-way function h is applied n + 1 times in step S3 in FIG. 8 to check whether they match. Issuance of your fishing points can also be performed in the same manner, PNT = h ^nr in step S7 in this case Figure 8 in addition to the _{(SV s, h (SV u} ')), h n + 1 (SV s, h ( SV _u ')), h ^{n + 1} (SV _s ' ,
h (SV _u ')),... are also collectively subjected to security processing for the one-way function value of order n + 1 and sent to the user equipment.

In each of the above-described embodiments, the secret information SV _s1 , SV _s2 , SV _s3,.
If h ^x (SV _s ), h ^x−1 (SV _s ), h ^x−2 (SV _s ),... Are used, only SV _s is held, and necessary secret information is calculated from SV _s. The storage capacity of the point issuing institution device 200 for storing secret information can be reduced. Similarly, the secret information SV _u of the user device 100,
_{SV u ', SV u ",} h y (SV u) as ^{..., h y-1 (SV} u), h
^y-2 (SV _u ),... may be used. In this way, when additionally registering in the database 207, the secret information up to that point is deleted, and the secret information received this time, for example, h ^y-2 (S
V _u ). That h ^y-2 to (SV _u), by applying the one-way function _{^{h h y-1 (SV u}} ) , and the If this value is registered in the database 207, the h ^y-2 (S
It can be confirmed that V _u ) is not for double use. Therefore, there is a full notice, and it is not necessary to store all of the user secret information in the database 207 for legitimate ones.
Only the latest one piece of secret information needs to be registered, and the storage capacity can be reduced.

In the above description, for example, h (ID _u , SV _u )
The ID _u, applying a one-way function h to the bit coupling of the SV _u, but in mind, for example, ID _u and SV
such as to the exclusive OR of _u applying a one-way function h, as long as it contains an ID _u and SV _u. Further, in the above, ID _u is used, but this may be omitted.
Conversely, in the embodiment shown in FIGS.
Instead h (SV _u, ID _u) of (SV _u) may be used. One calculation amount of the one-way function h is set to 1, and the calculation amount for applying the security processing function F (for example, digital signature) at that time is set to C (F). Assuming that the maximum value of the direction function is m, the total amount of calculation C from the first to the m-th time in the point issuing agency apparatus
(P) Is C (P) = (M (m + 1) / 2) + C (F)
Becomes

On the other hand, in the method shown in FIG.
Assuming that the application length of the one-way function of the V _s sequence is m as in the case of FIG. 12, the total amount of calculation is C (I1) = (m / n) · (n (n + 1) / 2) + ( m / n) · C (F) = (m (h + 1) / 2) + (m / n) · C (F) In the method shown in FIG. 11, the total amount of calculation is C (I2) = (m / n) ｛(n + 1) + (n (n + 1) / 2)｝ + C (F) = (m / n) ｛(n + 1) (n + 2) / 2)｝ + C (F) C (I1), C (I2) Minimum value C (I1) _min , C
(I2) _min is n ({C2 · C (F)) and C (I1) _min = n} (1
/ 2) + {(2 · C (F))} When n = {2, C (I2) _min = m ((3/2) + √)
2) It becomes + C (F).

The difference between these and C (P) is C (P) −C (I1) _min = (1/2) (m−√ (2 ·
C (F)) ² > 0, and if m > n = √ (2 · C (F), the method shown in FIG. 7 does not depend on C (F), and the calculation amount is larger than the method shown in FIG. Generally, if the calculation amount of the function h is 1 and F is a digital signature, C (F) = 1000
Since it is set to about 0, the method shown in FIG. 7 can be expected to be sufficiently effective even when applied to an existing general point card system.

C (P) -C (I2) _min = (m / 2)
(M-2-2√2), and if m > 2 + 2√2 and n = √2, the method shown in FIG. 11 requires less calculation than the method shown in FIG. 12 regardless of C (F). . In the current point card system, it is assumed that m is about 100 to 1,000,000, and a sufficient effect can be expected by applying the method shown in FIG. 11 to an existing general point card system. In each of the above-described embodiments, the user device 100 and the point issuing institution device 200 may be configured to execute a program by a computer and to function.

[0035]

According to the above embodiments, an electronic point card system can be constructed by using a one-way function having high security and a processing speed higher than that of an electronic signature. Until the number of accumulated points reaches the full amount, the user information ID _u is protected by the one-way function h, so that the user can participate anonymously until the full amount. Further, it has issued PNT using SV _s the point issuer equipment,
Since it becomes proof that the user has issued, it is not necessary to manage the user's point acquisition status in a database or the like. This eliminates the need for the point issuing organization to prepare a large-scale database or the like even in an environment where many users exist, such as on the Internet. Further, by managing the ID _u and the SV _u sent at the time of the notification of reaching the full amount, double use of points can be avoided.

[Brief description of the drawings]

FIG. 1 is a diagram showing an example of a system configuration to which the present invention is applied.

FIG. 2 is a diagram illustrating an example of a functional configuration of a user device according to the first embodiment.

FIG. 3 is a diagram illustrating an example of a functional configuration of a point issuing organization device according to the first embodiment.

FIG. 4 is a diagram showing a procedure for requesting and issuing points in a single issue.

FIG. 5 is a diagram showing an example of a processing procedure of the point issuing organization device of FIG. 3;

FIG. 6 is a flowchart illustrating an example of a processing procedure of a point issuing institution device according to a fourth embodiment.

FIG. 7 is a diagram showing an example of the relationship between SV _s series and its transfer and points in the fourth embodiment.

FIG. 8 is a view showing an example of a procedure of a full notice process and a change point issuing procedure in the fourth embodiment.

FIG. 9 is a flowchart showing a part of a processing procedure example in which the number of points issued at a time is generalized in the fourth embodiment;

FIG. 10 is a flowchart illustrating an example of a processing procedure of a point issuing organization device according to a fifth embodiment.

11 is a diagram showing an example of the relationship between the sequence and its transfer and point of SV _s in the fifth embodiment.

FIG. 12 is a diagram for explaining an improved point issuing procedure.

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G07G 1/12 321 G07G 1/12 321P (72) Inventor Hikaru Morita 2-3-3 Otemachi, Chiyoda-ku, Tokyo No. 1 Nippon Telegraph and Telephone Corporation F-term (reference) 3E042 CC02 CC04 EA01

Claims (19)

[Claims] 1. A user device transmits secret information SV of the user.
_u is created as a one-way function value Req = h (SV _u ), and R
sent to the point issuer equipment eq and Score a (= 0) as the initial point according points issuer equipment which has received the point claims, unidirectional using Req received secret information SV _s point issuing organization function value _{PNT = h (SV s, Req} ) create and adds one to or received Score, PN
T and the added Score are sent to the user device as points, and in the second and subsequent point requests, the user device sends the PNT and Score sent from the point issuing institution device for the previous point request to new point requests, respectively. Re
q, Score and send it to the point issuing agency
The point issuing institution receiving the point request Req and Score processes the Req and Score respectively as in the first time to create PNT and Score, sends them to the user device, and the score of the user device reaches the full amount. At this time, the user apparatus receives a PNT, Scor for the full amount as a full amount notification.
e and SV _u are sent to the point issuing institution device, and the point issuing institution device sends the PNT, Sc sent from the user device.
ore, using the SV _u and your secret information SV _s, PNT
Is the Score one-way function h using SV _u and SV _s
Is confirmed that the full amount notification is not a double use from the database.
The method of electronic point card, characterized in that it additionally registered in the database V _u as full amount reached's. 2. The method according to claim 1, wherein the point issuing authority device is b (b is an integer of 2 or more) at a time.
When issuing point, with respect to Req, using each time SV _s applying a one-way function h by using a SV _s, performed b _{times, PNT = h (SV s,} h (SV s ,…, H (SV _s , Re
q) ...)) (the number b of h) is calculated to create a PNT, and S
updating the core by + b and sending the PNT and the score to the user equipment. 3. The method according to claim 1, wherein the point issuing institution receives a full arrival notification and, if the prescribed number of full points m <Score, the SV in the full arrival notification received from the user device. _u a new and different user secret information SV _u 'of the one-way function value h (SV _u')
As the new Req, claims from their own secret information SV _s claim 2
Make the same confirmation and registration as described above,
Each time applying a one-way function using V _s
Using a V _s, α = Score-m times saying _{PNT = h (SV s, h} (SV s, ..., h (SV s, Re
q)...)) (a number α of h) is calculated to create a PNT, and these are sent to the user device as change points with Score set to α. 4. The method according to claim 1, wherein the user apparatus sets the initial Req to h ^k (SV _u ), and sets the initial Req as a new Req to be used for each notification of the full amount, and the previous Req = h
h ^j-1 (SV _u ) is used for ^j (SV _u ) (k> j), and the point issuing institution device is h ^{j + 1} (SV _u ) which was previously stored in the database at the time of additional registration as a full-reaching person. Clear the method of electronic point card, characterized in that newly registering h ^j (SV _u). 5. A method according to any one of claims 1 to 4, the method of the electronic point card points issuer equipment, which comprises using a different SV _s for each calculation of the one-way function. 6. SV made from _{SV s s, h (SV s} ),
h ² (SV _s), ... and to be referred to as SV _s series (h ^a (S
V _s ) indicates that the one-way function h has been applied to SV _s a times.) The point issuing authority device has secret information SV _s , S
V _s', SV _{s ",} to hold the ..., at the time of the user device is the first point billing, point claim by applying the one-way function h to secret information SV _u of the user R
eq = h (SV _u ) is created and sent to the point issuing institution, and the point issuing institution receives Req = h (SV _u ).
And point to a one-way function h to the secret information SV _s of the issuing authority was applied n times _{^{PNT = h n (SV s,}} h (S
V _u )) is set to 1 point, the security processing is applied to this, and the result is sent to the user device. In the next point request, the user device requests the point PNT sent previously and h (SV _u ). Req
= (Previous PNT, h (SV _u )) to the point issuing institution, and the point issuing institution receiving it sends the previous PNT included in the received point request Req.
The order (number of times h is applied) t of NT is calculated, and t>
If the _{1 (SV s, h (SV} u)) one-way function for applying t-1 times ^{PNT = h t-1 (SV} s, h (SV u))
And send it to the user device as a point PNT,
If t <1 and transfer the series _{(SV s', h (SV} u)
PNT = h ⁿ (SV
_s ′ , h (SV _u )) as a point PNT, which is subjected to security processing and sent to a user device. 7. The method according to claim 6, wherein the point issuing institution apparatus, when issuing points of b points (b is an integer of 2 or more) at a time, determines the degree of the previous PNT included in the received Req. On the other hand, if t> b, (SV
_s, sends h a (SV _u)) with respect to a one-way function h n-b times the applied _{^{PNT = h tb (SV s,}} h (SV u)) to the user equipment as a point PNT by creating, t <b If then change the sequence _{(SV s, h (SV u} )) value the one-way function h is applied n times to _{^{h n (SV s', h}} (SV u)) and n-
( ^Bt ) times applied value PNT = h ^{n− ( bt)} (SV _s ′, h
(SV _u )) and at least h ⁿ (SV _s ′, h (SV _u ))
A security process, and sending the created PNT to the user device as a point. 8. The secret information of the user equipment in advance sent to the point issuing organization device h (SV _u) of applying the one-way function to the secret information SV _u of the user, point issuer equipment is point issuing authority _{SV s, SV s', SV} s ", ... and the sending has been h (SV _u) and in each one-way function h n
Value has been applied +1 times _{^{h n + 1 (SV s,}} h (SV u)) , h
_{^{n + 1 (SV s',}} h (SV u)), h n + 1 (SV s ", h (S
V _u )),... Are collectively subjected to security processing and sent to the user equipment.
q = h ^{n + 1} (SV _s , h (SV _u )) at the time of the second or subsequent point request, point request Req = (previous PNT,
h (SV _u )) to the point issuing agency, and the point issuing agency receives the received point request Req.
If the previous PNT is not included in PNT = h ⁿ (SV
_s , h (SV _u )), and if the previous PNT is included, the order (the number of times h is applied) t of the previous PNT is calculated, and if t> 1, (SV _s , h (SV _u )) to which the one-way function h is applied t−1 times PNT = ht ⁻¹ (SV _s ,
h (SV _u )), and sends it to the user device with the PNT as a point. When t < 1, (SV _s ′, h (S
V _u )), a value PNT obtained by applying the one-way function h n times PNT =
h ⁿ method of an electronic point card, characterized in that sending to the user equipment _{(SV s', h (SV} u)) as a point. 9. The method according to claim 8, wherein when the point issuing agency issues points b (b is an integer of 2 or more) at a time, the degree t of the previous PNT included in the received Req is t. And if t> b,
Send _{(SV s, h (SV u} )) the one-way function h by applying tb times PNT = h ^tb to the user device as a point to create a _{(SV s, h (SV u} )), If t < b (SV
_s , h (SV _u )) with the one-way function h as n- (b-
t) applied PNT = h ^{n− (bt)} (SV _s ′, h (S
V _u )), and sending it to the user device as a point. 10. The method according to claim 6, wherein the secret information SV _s , SV _s ', S
V _s ″,..., H ^x (SV _s ), h ^x−1 (SV _s ), h ^x−2 (S
V _s ), ..., an electronic reward card method. 11. The method according to claim 1, wherein the secret information SV _u , SV _u ′, SV _u ″,..., H ^y (SV _u ), h ^y−1 (SV _u ), h ^y-2 (SV _u ),... 12. The method according to claim 1, wherein the secret information SV _u , SV _u ′, SV _u ″,...
A method of an electronic point card, wherein a public identifier ID _{u of a} user is combined. 13. A point issuing method points issuer equipment receives the point according Req and Score from the user equipment, receiving a secret information SV _s point issuing organization Req
Using a one-way function value _{PNT = h (SV s, Req} )
Create and adds one to or received Score, sent to the user device Score was PNT and the addition of the above prepared as a point, full amount reaches including secret information SV _u than user device PNT, Score and a user equipment notified, PNT, Score, using SV _u and the secret information SV _s, verifies that the PNT is SV _u, using the SV _s is Score times one-way function h has been created is subjected, the full amount Ensure that the arrival notification SV _u is not registered in the database, electronic point issuing method characterized by additionally registering in the database the SV _u as full amount reached's. 14. A point issuance method for a point issuing institution device, wherein a first point request from a user device is Req = h (SV _u ).
Receives, the h (SV _u) secret information of the point issuing authority SV _s for a one-way function h n times the applied PNT = h ⁿ (S
V _s, created as a point a h (SV _u)), with respect to the PNT, sent to the user equipment by performing safety processing, points after the next time from the user device according to Req = (previous PNT, h (SV _u )) and the previous P included in the received point request Req
The order t of the NT (the number of times h is applied) t is calculated, and it is determined whether or not t> 1. If t> 1, (S
V _s, sent h a one-way function for the (SV _u)) were applied t-1 times ^{PNT = h t-1 (SV} s, h (SV u)) to the user device as a point PNT to create a, If t < 1, other secret information S of the point issuing organization
Using V _s ′ and h (SV _u ), a one-way function h is applied n times to (SV _s ′, h (SV _u )) PNT = h ⁿ (S
V _s ′ , h (SV _u )), to create a point PNT, subject it to security processing, and send it to the user device. 15. The method according to claim 14, wherein when issuing points of b points (b is an integer of 2 or more) at a time, t> b with respect to the order of the previous PNT included in the received Req. whether the examined, t> if _{b (SV s, h (SV} u)) with respect to PNT was applied tb times a one-way function _{^{h = h tb (SV s,}} h (SV
sent to the user equipment as a point PNT to create a _u)), t <if _{b (SV s, h (SV} u)) value the one-way function h is applied n times with respect to h ⁿ (SV _s ', H (SV _u )) and n-
(Bt) times the applied value ^{PNT = h n- (bt) (} SV s', h
(SV _u )), perform security processing on at least h ⁿ (SV _s ′, h (SV _u )), and send the created PNT as a point to the user device. Electronic point issuance method. 16. A point issuing method points issuer equipment receives h of applying the one-way function to the secret information SV _u of the user from the user device (SV _u) in advance, and its h (SV _u) Secret information S of the point issuing organization
_{V s, SV s', SV} s ", the value of the one-way function h is applied n + 1 times each ... to _{^{h n + 1 (SV s,}} h (SV u)) , h
_{^{n + 1 (SV s',}} h (SV u)), h n + 1 (SV s ", h (S
V _u )), are collectively subjected to security processing, sent to the user device, receive the first point request from the user device, and receive the second and subsequent point requests from the user device Req = (last time It is checked whether the previous PNT is included in the received point request Req, and if it is not included, PNT =
h ⁿ to create a _{(SV s, h (SV u} )), if it contains a previous PNT order of the previous PNT (number h is applied) to calculate the t, t> 1 or not And if t> 1, PNT = ht ^-1 (S
V _s , h (SV _u )), and if t < 1, use PNT using 1 or other secret information SV _s ′.
= H ⁿ (SV _s ′, h (S V _u )), and sends the PNT as a point to the user device. 17. The method according to claim 16, wherein when issuing b points (b is an integer of 2 or more) at a time, the order t of the previous PNT included in the received Req is calculated; > B, and if t> b, PNT = ^htb (S
V _s, to create a _{h (SV u)), t} < if ^{b PNT = h n- (bt)} (SV s', h (S
_Vu )), and sending the PNT as a point to the user device. 18. A program for causing a computer to execute the method according to claim 13. 19. A computer-readable recording medium on which a program for causing a computer to execute the method according to claim 13 is recorded.