JP2009009327A - Settlement history preparation method and settlement history browsing method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To surely prevent the leak of member information at an automatic vending machine side while reducing a burden of ensuring security at the automatic vending machine side. <P>SOLUTION: In registering a member, a card number (a) is encrypted, and the ID number (b) of a user is generated, and in using an IC card, electronic money settlement is executed based on the card number (a) and an electronic money balance stored in an IC card 10, and the ID number b is acquired by encryption same as when registering the card number (a) of the used IC card 10, and the trace of the card number (a) is erased from records in the processing, and the history data of the electronic money settlement are prepared for every ID number based on the acquired ID number b and purchase data. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a settlement history creation method and a settlement history browsing method. More specifically, the present invention relates to a settlement history creation method and a settlement history that can reliably prevent the leakage of a user ID number when used in a vending machine or the like. It relates to browsing methods.

In recent years, vending machines that can use electronic money media such as IC cards have become widespread. An example of such a vending machine is a ticket vending machine. When a user uses a ticket vending machine, the user designates a desired ticket with a designation button or the like, and then brings the IC card close to the IC card reader / writer of the ticket vending machine. The IC card reader / writer of the ticket vending machine reads the card number and the balance information of the IC card that is brought close to it, performs a process of subtracting the price of the ticket designated by the user from the balance of the IC card and sells the designated ticket.
When operating such an IC card vending machine, for the convenience of the user, the settlement history in the electronic money medium is notified to the user. Such a payment history notification can be made at a terminal installed by an IC card issuer, but can be known from a website on the Internet connected from a terminal such as a PC or mobile phone owned by the user. It is hoped that it can be done.
In this way, if the user can access the site and send / receive information on the payment history via the Internet, in addition to notifying the user of the payment history, the service corresponding to the user's usage history can be provided. It can be expected to encourage the use of electronic money services.

The following can be assumed as a method of browsing the usage history of the IC card.
FIG. 14 is a block diagram showing an outline of a conventional vending system. First, the issue of the IC card 10 will be described. When the IC card 10 is issued, membership registration is performed. In member registration, at least a member ID number b corresponding to the card number a of the IC card and a password r corresponding to the ID number are registered. Thereby, the card number a, the ID number b, and the password r are associated as member information. Here, the IC card reader / writer 20 is connected to the member registration apparatus 40, and the card number a is read by the IC card reader / writer 20. The IC card reader / writer 20 is connected to the management center 30.
In the member registration device 40, an ID number b, which is a serial number, is issued by the ID issuing unit 41, then a password r corresponding to the ID number b is issued from the password generating unit 42, and a membership card 50 is issued.

When issuing a ticket with the ticket issuing device 60 using the IC card 10, the user selects the menu m with the menu selection unit 62 of the ticket issuing device 60, and the IC card is connected to the ticket issuing device 60. It is placed close to the reader / writer 20. In the ticket issuing device 60, the date data date from the date generator 61, the menu m from the menu selector 62, and the price y from the price generator 63 are generated, and the price y is reduced from the IC card 10 by the IC card reader / writer 20, The price y and the card number a are once transmitted to the data holding unit 64. Thereby, ticketing processing is performed.
Next, the ID generation unit 65 generates an ID number b based on the card number a. As the ID number b, member information created by the member registration device 40 is used. The ID generation unit 65 deletes the data of the card number a after generating the ID number b.
Then, the ticket issuing device 60 records the settlement history in the log recording unit 67. In the log recording unit 67, the date data date, the menu m, and the price y are sequentially stored. Further, the ticket issuing device 60 issues a receipt 70. The receipt issuing unit 68 writes the card number a and the price y in the receipt 70.

In this example, the user can access the server 80 from a terminal 90 connected via an Internet line or the like and browse the settlement history database 81 stored in the server 80. The settlement history database 81 is created based on the settlement history recorded in the log recording unit 67.
The payment history database 81 is browsed by inputting the URL of the server from the input unit 91 of the terminal 90 to connect to the server 80 and notifying the server 80 of the ID number b and the password r. The server 80 authenticates the ID number b and the password r, sends out the usage history of the ID number b stored in the settlement history database 81, and in the terminal 90, the user specified by the ID number b is displayed on the display unit 92. Display payment history.

In addition, there are the following vending machines that can extract and browse user sales history information. In Patent Document 1, each of a plurality of vending machines and a vending machine management apparatus can communicate with each other via a network, and the merchandise management apparatus is an electronic device recorded on a card inserted by a user. After confirming the money information, a group of products that can be purchased by the individual user is displayed, and it is determined whether or not the product selected by the individual user can be sold from the group of products. Vending machine and settling the price with a card, extracting the sales history information for each user from the information recorded on the card and the purchase contents of the individual user, and recording it in the information recording device, vending machine management device Collects the sales history information at a predetermined cycle, aggregates the sales history information to create sales management information and personal management information, and the merchandise management device stores the information read from the information recording device. Cipher Those that can be transmitted by.
JP 2003-30725 A

However, in the above-described settlement history creation method and settlement history browsing method, the card number is used together with the ID number when creating the settlement history in the ticket issuing device 60. Member information including such a card number needs to be strictly managed from the need to prevent theft. Further, when this member information is lost, there arises a problem that matching with the usage history cannot be obtained.
However, if the member information is backed up and stored in duplicate in response to the loss of member information, the data size to be managed is increased by the number of backups and the number of registered members, and only this large backup data is stored. However, it must be managed as confidential information, and security problems are likely to occur.

That is, when such management is performed, the possibility that the member information including the backup data is leaked to the outside increases. Such leakage of member information, that is, personal information must be strictly prevented. For this reason, ensuring security on the store side equipped with the vending machine causes a great burden.
Accordingly, the present invention provides a payment history creation method and a payment history browsing method that can reliably prevent the leakage of member information on the vending machine side while reducing the burden of ensuring security on the vending machine side. With the goal.

  The present invention has been made to solve the problem, and the invention of claim 1 generates an ID number as an ID number, and uses the electronic money medium to make a payment from the electronic money medium. A step of performing an encryption process on a predetermined basic value determined based on the acquired medium number to obtain the ID number; a step of deleting a record of the medium number temporarily held for performing the process; and the acquired A step of creating payment history data by associating the ID number with the data relating to the payment.

  According to the settlement history creation method of the present invention, the user ID number is subjected to predetermined encryption processing on a predetermined basic value determined based on the medium number stored in the electronic money medium when the electronic money medium is issued. Is set as the value obtained. When the electronic money medium is used, the product is settled using the medium number, and at this time, the medium number itself is not stored. Further, when creating a settlement history, the ID number is generated from the medium number by executing the encryption process used when the electronic money medium is issued, and the trace of the medium number is erased after the ID number is generated. For this reason, the medium number is deleted when the product is sold and when the settlement history is created. Further, since the ID number is obtained by encrypting the medium number, there is no possibility that the medium number is known from the settlement history. For this reason, when creating a payment history, there is no need to perform management such as backup of the medium number, prevention of outflow, and the like, without leaving the medium number.

The invention of claim 2 is characterized in that the encryption process includes an ElGamal encryption process using the difficulty of calculation of the discrete logarithm problem.
According to the settlement history creation method of the present invention, since the ElGamal encryption process using the calculation difficulty of the discrete logarithm problem is included as the encryption process, it is possible to obtain the medium number from the settlement history including the ID number. It can be virtually impossible.

The invention according to claim 3 is characterized in that the basic value is a conversion value obtained by always generating the same value for the same input value and performing conversion without collision on the medium number.
According to the settlement history creation method of the present invention, the basic value to be encrypted is a conversion value obtained by always generating the same value as the value obtained from the medium number and performing conversion without collision. It becomes even more difficult to obtain the medium number from the settlement history including the ID number.

According to a fourth aspect of the present invention, the ID number is obtained by bit-connecting a value obtained by subjecting the basic value to a predetermined encryption process and a code indicating a type of electronic money service that can be used by the electronic money medium. It is characterized by being.
According to the settlement history creation method of the present invention, since the ID number is determined from the medium number and the service type number indicating the type of electronic money service that can be used by the electronic money medium, the medium number and the electronic money service are determined from the ID number of the settlement history. Can be known, and the settlement history can be used effectively.

  In the invention of claim 5, a value obtained by performing a predetermined encryption process on a predetermined basic value determined based on a medium number stored in the electronic money medium is set as an ID number of the electronic money medium, and the ID number And registering it in a user database in association with the corresponding password, and when making a payment using the electronic money medium, the electronic value is set to a predetermined basic value determined based on a medium number acquired from the electronic money medium. A step of performing encryption processing performed at the time of money medium registration to obtain the ID number; a step of erasing the record of the medium number temporarily stored for performing the processing; and the acquired ID number and data relating to the settlement Creating payment history data in association with each other, storing the payment history data in a payment history database, A step of transmitting an ID number and a password corresponding to the ID number from the terminal to the server operating the payment history database when browsing the payment history stored in the payment history database; A step of permitting browsing of the payment history stored in the payment history database only when the ID number and the password are compared with those registered in the user database and determined to be valid. And

  According to the settlement history browsing method of the present invention, the user ID number is subjected to a predetermined encryption process on a predetermined basic value determined based on the medium number stored in the electronic money medium when the electronic money medium is issued. Is set as the value obtained. When using the electronic money medium, the product is settled by using the medium number. At this time, the medium number itself is not stored. In addition, when a payment history that is the basis of the payment history database is created, the ID number is generated from the medium number by executing the encryption process used when the electronic money medium is issued. Traces are erased. For this reason, the medium number is deleted when the product is sold and when the settlement history is created. Further, since the ID number is obtained by encrypting the medium number, there is no possibility that the medium number is known from the settlement history. For this reason, when creating a settlement history, which is the basis for creating a settlement history database, there is no need to perform management such as backup of the media number, prevention of outflow, etc. without leaving a media number.

  According to the sixth aspect of the present invention, a value obtained by performing a predetermined encryption process on a predetermined basic value determined based on a medium number stored in the electronic money medium is set as an ID number of the electronic money medium, and the electronic money When a payment is made using the electronic money medium, a periodical ID number determined including information related to the period regarding the medium, a step of registering the periodical ID number and the corresponding password in the user database, and registering them in the user database A step of determining whether or not it is within a browsing period designated by an ID number acquired from the electronic money medium, and a predetermined basis determined from a medium number stored in the electronic money medium when the electronic money medium is issued Generating the time-limited ID number based on the ID number obtained by subjecting the value to a predetermined encryption process and the time limit information; A step of simultaneously generating the password as corresponding to the time-limited ID number obtained by the step of generating a number, and an encryption performed at the time of issuing the electronic money to the card number as a medium number used in electronic money settlement A payment history data creation step for performing processing including processing, and creating based on an ID number obtained by erasing the record of the medium number from the record of the processing. An ID number that is a basis for creating the time-limited ID number is acquired from the attached ID number, and the settlement history server is browsed based on the ID number.

According to the present invention, the user ID number is a value obtained by performing a predetermined encryption process on a predetermined basic value determined based on a medium number stored in the electronic money medium when the electronic money medium is issued. Is set. Further, the user-limited ID number includes an ID number obtained by applying a predetermined encryption process to a predetermined basic value determined from a medium number stored in the electronic money medium when the electronic money medium is issued, and time limit information. And is generated based on
When using the electronic money medium, the product is settled by using the medium number. At this time, the medium number itself is not stored. In addition, when a payment history that is the basis of the payment history database is created, the ID number is generated from the medium number by executing the encryption process used when the electronic money medium is issued. Traces are erased. For this reason, the medium number is deleted when the product is sold and when the settlement history is created. Further, since the ID number is obtained by encrypting the medium number, there is no possibility that the medium number is known from the settlement history. For this reason, when creating a settlement history, which is the basis for creating a settlement history database, there is no need to perform management such as backup of the media number, prevention of outflow, etc. without leaving a media number. Further, when browsing the settlement history database, browsing is permitted based on the time-limited ID number, and only browsing within the time limit with the predetermined time-limited ID number can be permitted.

The invention of claim 7 is the settlement history browsing method according to claim 5 or 6, characterized in that the encryption process includes an ElGamal encryption process using the difficulty of calculation of the discrete logarithm problem. To do.
According to the settlement history browsing method of the present invention, since the ElGamal encryption process using the calculation difficulty of the discrete logarithm problem is included as the encryption process, it is possible to obtain the medium number from the settlement history including the ID number. It can be virtually impossible.

The invention according to claim 8 is the settlement history browsing method according to any one of claims 5 to 7, wherein the same value is always generated from the medium number as the basic value, and conversion without collision is performed. The conversion value is generated, and the conversion value is further encrypted.
According to the settlement history browsing method of the present invention, the basic value that is the object of encryption is a conversion value obtained by always generating the same value as the value obtained from the medium number and performing conversion without collision. It becomes even more difficult to obtain the medium number from the settlement history including the ID number.

  According to the settlement history creation method according to the present invention, when an electronic money medium is issued, a value obtained by performing a predetermined encryption process on a predetermined basic value determined based on a medium number stored in the electronic money medium is obtained. The electronic money is generated as an ID number of the user of the electronic money medium, and based on the medium number obtained from the electronic money medium and the electronic money balance stored in the electronic money medium when the electronic money medium is used. The settlement is performed, the ID number is obtained by performing processing including encryption processing performed at the time of registration of the electronic money medium on a predetermined value determined from the medium number of the used electronic money medium, and from the record in the processing Delete the trace of the medium number, and create electronic money settlement history data for each ID number based on the earned ID number and the purchase data Then, when creating the settlement history, the ID number is generated by executing the encryption process used when issuing the electronic money medium from the medium number, and the trace of the medium number is erased after the ID number is generated. It is no longer necessary to perform management such as backup and leakage prevention.

  According to the settlement history browsing method of the present invention, when the electronic money medium is issued, an ID number determined from the medium number of the electronic money medium and a password corresponding to the ID number are determined, and the ID When a server having a settlement history database in which settlement history is stored for each number and a terminal connected to the server via a line are entered, and an ID number and a password corresponding to the ID number are input from the terminal The server is a settlement history browsing method for permitting browsing of the settlement history database on the terminal, and the ID number is determined based on a medium number stored in the electronic money medium when the electronic money medium is issued. Obtained by applying a predetermined encryption process to the basic value of the password, and the password is generated at the same time as corresponding to the obtained ID number. The payment history data stored in the payment history database is subjected to a process including an encryption process performed at the time of registration of the electronic money medium from the medium number using the medium number used in the electronic money payment. Is created based on the ID number obtained by erasing the trace of the medium number from when the settlement history as the basis of the settlement history database is created, the ID number is derived from the medium number from the electronic number. It is generated by executing the encryption process used at the time of issuing the money medium, and the trace of the medium number is deleted after the ID number is generated. Therefore, it is not necessary to perform management such as backup of the medium number and prevention of outflow.

  Furthermore, according to the settlement history browsing method according to the present invention, when an electronic money medium is issued, an ID number determined from a medium number of the electronic money medium and a time-limited ID determined including information related to the time limit regarding the electronic money medium And a password corresponding to the ID number with a time limit, a server having a payment history database in which a payment history is stored for each ID number, and a terminal connected to the server via a line And when the ID number with a time limit and the password are input from the terminal, the server determines whether it is within the browsing period specified by the ID number and allows the terminal to view the payment history database. In the history browsing method, the ID number with a time limit is a predetermined number determined from a medium number stored in the electronic money medium when the electronic money medium is issued The password is generated based on the ID number obtained by applying a predetermined encryption process to the basic value and the time limit information, and the password is generated simultaneously corresponding to the obtained time limit ID number, and the settlement The settlement history data stored in the history database is subjected to processing including encryption processing performed at the time of issuing the electronic money on the card number with the medium number used in the electronic money settlement, and from the record of the processing, It is created based on the ID number obtained by erasing the trace, and the server obtains the ID number that is the basis for creating the time-limited ID number from the input time-limited ID number, and based on this ID number The settlement history server is browsed, so when the settlement history that forms the basis of the settlement history database is created, the media number does not remain, In addition to eliminating management such as backup and leak prevention, browsing of the payment history database is permitted based on a time-limited ID number, and only browsing within the time limit with a predetermined time-limited ID number is permitted. can do.

Hereinafter, the present invention will be described in detail with reference to embodiments shown in the drawings. However, the components, types, combinations, shapes, relative arrangements, and the like described in this embodiment are merely illustrative examples and not intended to limit the scope of the present invention only unless otherwise specified. .
First, the overall system of the first embodiment will be described. FIG. 1 is a schematic diagram showing a vending system to which a settlement history creation method and a settlement history browsing method according to an embodiment are applied.
The vending system according to this example includes a vending machine 100, a server 200 connected to the vending machine 100, and a user terminal 400 that can be connected to the server 200 via the Internet.
In the vending system according to this example, the IC card 10 corresponding to the electronic money system is used. The IC card 10 stores a unique card number a and balance data. The user registers as a member when using the IC card 10 and sets an ID number b and a password r. This registration is performed by the member registration apparatus 500. The IC card reader / writer 20 is arranged in the member registration device 500, and generates an ID number b from a card number a unique to the IC card 10 and a password r corresponding to the ID number b.

Further, the vending machine 100 includes an IC card reader / writer 20, and performs a settlement process for updating the balance data of the IC card 10 in accordance with the menu m designated by the user, and a ticket issuing process for the designated menu m. The ID number b is calculated from the card number a read from the IC card 10, and a settlement history is generated based on the date data date, the menu m, the ID number b, and the amount y. Also, in the vending machine 100, a receipt 700 is issued based on the card number a and the amount y and provided to the user. In this figure, the IC card reader / writer 20 is described as being connected to the vending machine 100 and the member registration apparatus 500, but actually the vending machine 100 and the member registration apparatus 500 are individually connected. You may arrange.
The server 200 also includes a payment history database 210 that is created based on the payment history stored in the log processing unit 115 of the vending machine 100 and stores payment history data for each ID number, and the vending machine 100. And a user database 220 created based on the ID number b and the password r.
The user terminal 400 can browse the settlement history of the ID number in the settlement history database 210 in the server 200 when the user inputs the ID number and password to access the server 200.

Next, a registration device for the IC card 10 will be described. FIG. 2 is a functional block diagram showing the configuration of the member registration apparatus shown in FIG. The member registration apparatus 500 includes the IC card reader / writer 20, an ID number generation unit 510 that generates an ID number b from the card number a of the IC card read by the IC card reader / writer 20, and a password generation unit corresponding to the ID number. 520, and a membership card issuing unit 530 that issues a membership card 540 with the ID number b and the password r.
Next, the vending machine will be described. FIG. 3 is a functional block diagram of the vending machine shown in FIG. The vending machine 100 according to this example reads the card number and balance data of the IC card 10 and updates the balance data, the settlement processing unit 111 that performs settlement processing of the ticket issuance, and the actual ticketing A ticket processing unit 112 for performing the above, a card information processing unit 113 for generating an ID number based on the card number a of the IC card 10, a receipt issuing unit 114 for issuing a receipt in which a menu, an amount, etc. are described, And a log processing unit 115 that generates and stores a settlement history for each ID number.

  Hereinafter, a processing procedure of the vending system according to this example will be described. First, processing in the member registration apparatus 500 will be described. FIG. 4 is a flowchart showing a processing procedure of the member registration apparatus shown in FIG. In the member registration apparatus 500, the card number a of the IC card 10 is acquired by the IC card reader / writer 20 (step S11). Then, a conversion value a ′ serving as a basis for generating an ID number is generated from the card number a acquired by the IC card reader / writer 20 in the ID number generation unit 510 (step S12). This a 'is performed by always generating the same value for the same input and performing a collision-free conversion "a' = func (a)". For this conversion, for example, padding data can be added to a, a hash value of a can be added to a, or a random number can be generated using a as a seed. Also, a can be used as it is as a '.

Next, a is deleted from the member registration apparatus 500 (step S13), and the common key encryption process “b = Enb (a ′, k)” is executed by using the change value a ′ and the key k to obtain the ID. The number b is generated (step S14).
Then, a ′ is deleted from the ID number generator 510 (step S16), the password r is generated by the password generator 520 (step S16), and the membership card 540 is issued with the ID number b and the password r (step S16). S17). Thus, the user can access the server 200 from the user terminal 400 with the ID number b and the password r and browse the payment history stored in the payment history database 210. The password may be an arbitrary character string set by the user, or may be automatically generated by a password generation unit.

Next, a case where a ticket of a desired menu m is purchased with the vending machine 100 using the IC card 10 will be described. FIG. 5 is a flowchart showing a processing procedure of the vending machine shown in FIG.
When purchasing a ticket, the user selects a desired menu m with a selection button (not shown) of the vending machine 100 and places the IC card 10 close to the IC card reader / writer 20. The vending machine 100 acquires the date data date (step S21) and reads the card number a of the IC card 10 and the balance with the IC card reader / writer 20 (step S22). If the menu m can be purchased with the remaining money, the checkout processing unit 111 performs a process of reducing the purchase amount y from the IC card (step S23), and the ticketing processing unit 112 performs the ticketing process (step S24).

Next, the card information processing unit 113 generates the ID number b from the card number a. This process has the same contents as the process performed by the vending machine 100. That is, the conversion value a ′ that is the basis for generating the ID number is generated from the card number a acquired by the IC card reader / writer 20 (step S25). Next, a is deleted from the vending machine 100 (step S26), and the ID number b is generated (step S27). The ID number b is generated by executing a common key encryption process “b = Enb (a ′, k)” using the change value a ′ and the key k. Then, a ′ is deleted (step S28), and a change value a ′ is generated from the ID number b and the key k, a card number a is generated from the change value a ′, and the change value a ′ is deleted. A receipt 700 is issued by the receipt issuing unit 114, and the card number a after the receipt 700 is issued is deleted (step S29). The reason why the card number a is generated and deleted again when the receipt 700 is issued is to prevent the card number a from remaining in the vending machine 100.
Then, the log processing unit 115 edits the settlement history based on the date data date, the menu m, the generated ID number b, and the purchase amount y (step S30).

In the server 200, a payment history database 210 is generated based on the payment history. When the user terminal 400 is accessed, the server 200 confirms the ID number b and the password r with reference to the user database 220, and permits browsing of the settlement history database 210 when browsing is possible.
Therefore, according to the vending system according to the present example, when the payment history is created, the ID number b is generated from the card number a by executing the encryption process used when the electronic money medium is issued, and the ID number b is generated. Since the trace of the card number “a” is later erased, the card number “a” is not left in the vending machine when creating the payment history, so that it is possible to prevent the card number “a” from flowing out.
In addition, since the vending system according to this example employs a common key encryption process as an encryption process for generating the ID number b from the card number a, it is practical to know the card number a from the ID number b. Since it is impossible, the card number a can be securely kept secret.

  Next, a vending machine system according to a second example will be described. FIG. 6 is a schematic diagram showing a vending system to which the payment history creation method and the payment history browsing method according to the second embodiment are applied. In this example, the configurations of the vending machine 100, the server 200, the Internet 300, and the member registration apparatus 500 are the same as those in the first example. In this example, the member registration apparatus 500 and the vending machine 100 have different encryption methods for generating the ID number b from the card number a.

  Hereinafter, a processing procedure of the vending system according to this example will be described. First, processing in the member registration apparatus 500 will be described. FIG. 7 is a flowchart showing a processing procedure of the member registration apparatus shown in FIG. In the member registration apparatus 500, the card number a of the IC card 10 is acquired by the IC card reader / writer 20 (step S41). Then, a conversion value a ′ serving as a basis for generating an ID number is generated from the card number a acquired by the IC card reader / writer 20 in the ID number generation unit 510 (step S42). This a 'is performed by always generating the same value for the same input value and executing the conversion "a' = func (a)" without collision. For this conversion, for example, padding data can be added to a, a hash value of a can be added to a, or a random number can be generated using a as a seed. Also, a can be used as it is as a '.

Next, a is deleted from the member registration apparatus 500 (step S43), and the ID number b is generated (step S44).
The generation of the ID number b is an ElGamal encryption process using the difficulty of calculation of the discrete logarithm problem, that is, the expression b = ga ^′ mod p (p is the order of the definition field, and g is the generation of b. This includes encryption processing using the computational difficulty of the original logarithm problem.
Then, a ′ is deleted (step S45), the password r is generated by the password generation unit 520 (step S46), and the membership card 540 is issued with the ID number b and the password r (step S47). Thus, the user can access the server 200 from the user terminal 400 with the ID number b and the password r and browse the payment history stored in the payment history database 210.

Next, a case where a ticket of a desired menu m is purchased with the vending machine 100 using the IC card 10 will be described. FIG. 8 is a flowchart showing a processing procedure of the vending machine shown in FIG.
When purchasing a ticket, the user selects a desired menu m with a selection button (not shown) of the vending machine 100 and places the IC card 10 close to the IC card reader / writer 20. The vending machine 100 acquires the date data date (step S51) and reads the card number a of the IC card 10 and the balance with the IC card reader / writer 20 (step S52). If the menu m can be purchased with the balance, the checkout processing unit 111 performs a process of reducing the purchase amount y from the IC card (step S53), and the ticketing processing unit 112 performs the ticketing process (step S54).

Next, the card information processing unit 113 generates the ID number b from the card number a. This process has the same contents as the process performed by the vending machine 100. That is, the conversion value a ′ that is the basis for generating the ID number is generated from the card number a acquired by the IC card reader / writer 20 (step S55). Next, a is deleted from the vending machine 100 (step S56), and the ID number b is generated (step S57). The generation of the ID number b is an ElGamal encryption process using the difficulty of calculation of the discrete logarithm problem, that is, the expression b = ga ^′ mod p (p is the order of the definition field, g is the generator of b ) Encryption processing is performed using the computational difficulty of the divisor logarithm problem. Then, a ′ is erased (step S58), and a receipt 700 is issued by the receipt issuing unit 114 using the card number a and the sales amount y based on (step S59).
Then, the log processing unit 115 edits the settlement history based on the date data date, the menu m, the generated ID number b, and the purchase amount y (step S60).

Then, the server 200 generates a payment history database 210 based on the payment history.
When the user terminal 400 is accessed, the server 200 confirms the ID number b and the password r with reference to the user database 220, and permits browsing of the settlement history database 210 when browsing is possible.
Therefore, according to the vending system according to the present example, when the payment history is created, the ID number b is generated from the card number a by executing the encryption process used when the electronic money medium is issued, and the ID number b is generated. Since the trace of the card number “a” is later erased, the card number “a” is not left in the vending machine when creating the payment history, so that it is possible to prevent the card number “a” from flowing out.
Further, in the vending system according to the present example, ElGamal encryption processing is adopted as the encryption processing for generating the ID number b from the card number a, so that the card number a is known from the ID number b. Since this is practically impossible, the card number a can be securely kept secret.

Next, a vending machine system according to a third example will be described. FIG. 9 is a schematic diagram showing a vending system to which the payment history creating method and the payment history browsing method according to the third embodiment are applied, and FIG. 10 is a flowchart showing the processing of the vending system shown in FIG. is there.
In this example, the configurations of the vending machine 100, the server 200, the Internet 300, and the member registration apparatus 500 are the same as those in the first example. In this example, when the member registration apparatus 500 and the vending machine 100 generate the ID number b from the card number a, the ID number b is set based on the card number a and the card type code cc that identifies the type of electronic money service. create. Here, the card type code cc is preset such as “01” when the card type is A, “03” when the card type is B, and “04” when the card type is C.

The vending machine 100 generates an ID number b and a card type code cc from the card number a, and performs a settlement process, a ticket issuing process, a receipt issuing process, and a settlement history creating process.
First, membership card issuance processing in the member registration apparatus 500 will be described. FIG. 4 is a flowchart showing a processing procedure of the member registration apparatus shown in FIG. In the member registration apparatus 500, the card number a of the IC card 10 is acquired by the IC card reader / writer 20 (step S71). Then, a conversion value a ′ serving as a basis for generating an ID number is generated from the card number a acquired by the IC card reader / writer 20 in the ID number generation unit 510 (step S72). This a ′ is performed by always generating the same value for the same input value and executing a conversion “a ′ = func (a)” without collision.

Next, a is deleted from the member registration apparatus 500 (step S43), and the secondary conversion value tmp is generated (step S74). The generation of the quadratic transformation value tmp is an ElGamal encryption process using the difficulty of calculation of the discrete logarithm problem, that is, the expression tmp = ga ^′ mod p (p is the order of the definition field, g is b This includes encryption processing using the calculation difficulty of the divisor logarithm problem. This encryption process can adopt the common key encryption method used in the first embodiment.
Then, a ′ is deleted (step S75), and the ID number b is generated (step S77). The ID number b is generated by bit concatenating the card type code cc and the secondary conversion value tmp (b = cc || tmp: “||” is an operator representing bit concatenation).
Then, the secondary conversion value tmp is deleted (step S78), a password r is generated by the password generation unit 520 (step S79), and a membership card 540 using the ID number b and the password r is issued (step S80). Thus, the user can access the server 200 from the user terminal 400 with the ID number b and the password r and browse the payment history stored in the payment history database 210.

Next, a case where a ticket of a desired menu m is purchased with the vending machine 100 using the IC card 10 will be described. In this example, the ID number b is generated by the same process as that performed by the vending machine 100. That is, a conversion value a ′ is generated from the card number a, a secondary conversion value tmp is further generated from the conversion value a ′, and the card type code cc is bit-connected to the secondary conversion value tmp to obtain the ID number b. Generate.
The vending machine 100 uses the card number a to issue a ticket and issue a receipt 700 in the same manner as in the first embodiment. The date data date, the menu m, the generated ID number b, the purchase price. Edit the payment history based on y. Then, the server 200 generates a payment history database 210 based on the payment history.

When the user terminal 400 is accessed, the server 200 confirms the ID number b and the password r with reference to the user database 220, and permits browsing of the settlement history database 210 in the case of browsing.
Therefore, according to the vending system according to the present example, when the payment history is created, the ID number b is generated from the card number a by executing the encryption process used when the electronic money medium is issued, and the ID number b is generated. Since the trace of the card number “a” is later erased, the card number “a” is not left in the vending machine when the payment history is created.
Further, according to the vending system according to the present example, since the history data is stored in the settlement history based on the ID number b including the card type, the settlement history data of the card type of the predetermined card company is extracted. be able to. In addition, when the secondary conversion value tmp is generated, if a common key encryption is used as an encryption method and a different key is used for each card company, when the payment history is given to the card company, the company is included together with the payment history data. By passing the key, it becomes possible to decrypt only the payment history using the card of the card company.

Next, a vending machine system according to a fourth example will be described. FIG. 11 is a schematic diagram showing a vending system to which a settlement history creating method and a settlement history browsing method according to the fourth embodiment are applied.
In this example, the configurations of the vending machine 100, the server 200, the Internet 300, and the member registration apparatus 500 are the same as those in the first example. In this example, the member registration apparatus 500 sets a card number a to an ID number b, a browsing ID number VB with a valid expiry date e set, and a password r corresponding to the browsing ID number VB. The vending machine 100 acquires the ID number b from the card number a, and performs a settlement process, a ticket issuing process, a receipt issuing process, and a settlement history creating process. On the other hand, the server 200 extracts the ID number b and the expiration date e from the VB input from the user terminal 400, determines whether the browsing request from the user terminal is the browsing deadline, and determines whether browsing is possible. .

First, membership card issuance processing in the member registration apparatus 500 will be described. As in the second embodiment described above, the ID number b is generated by generating a conversion value a ′ by “a ′ = func (a)” based on the card number a, and further, from this conversion value a ′, ElGamal encryption processing using the computational difficulty of the discrete logarithm problem, that is, the divisor logarithm problem of the expression b = ga ^′ mod p (p is the order of the definition field and g is the generator of b) An ID number b is generated by an encryption process using calculation difficulty.
Then, after generating the ID number b, the browsing ID number VB is generated. FIG. 12 is a flowchart showing a process for generating the browsing ID number VB in the member registration apparatus of the vending system shown in FIG.

The ID number b is acquired (step S91), and then the expiration date e stored in the expiration date database 550 in advance and the conversion key ke corresponding to the expiration date are acquired. Then, the ID number generation unit 510 performs common key encryption based on the expiration date e and the conversion key ke (step S92), and generates a time-limited ID conversion value EB. Here, the validity period e is generated by the validity period generator 560, and the conversion key ke is generated by the conversion key generator 570. Also, the time-limited ID conversion value EB is generated by “EB = Enc (b, ke)”, a common key encryption process using the conversion key ke as a common key.
Thereafter, the time-limited ID conversion value EB and the expiration date e are bit-connected (step S93) to generate a browsing ID number VB (VB = e || EB). Also, a password r corresponding to the browsing ID number VB is generated, and a browsing ID number VB and a membership card 540 corresponding to the password r are issued.
Thus, the member registration apparatus 500 generates the ID number b, the browsing ID number VB, and the password r. Thereafter, the vending machine 100 uses the card number a to the ID number b, and the server 200 uses the browsing ID number VB for processing.

Next, a case where a ticket of a desired menu m is purchased with the vending machine 100 using the IC card 10 will be described. In this example, the ID number b is generated by the same process as the ID number b generation process in the vending machine 100. That is, a conversion value a ′ is generated from the card number a, and an ID number b is generated from the conversion value a ′.
The vending machine 100 uses the card number a to perform the sales process and the issuance process of the receipt 700 in the same manner as in the first embodiment, and the date data date, menu m, the generated ID number b, the purchase price. Edit the payment history based on y.
Then, the server 200 generates a payment history database 210 based on the payment history.
When there is an application for browsing the user terminal 400, the server 200 generates an expiration date e and an ID number b from the browsing ID number VB, refers to the expiration date database 230, and the application is within the expiration date, and the password r Is appropriate, the settlement history database 210 with the ID number b is browsed from the settlement history database 210. The term database 230 has the same content as the term database 550 used for member registration.

Hereinafter, processing in the server 200 will be described. FIG. 13 is a flowchart showing processing of the browsing ID number VB in the server of the vending system shown in FIG. The server 200 acquires the browsing ID number VB from the user terminal 400 (step S101). Then, the browsing ID number VB is divided into bits based on “VB = e || EB” to obtain an expiration date e (step S102), and the expiration date e is compared with the date data date to determine whether or not browsing is possible. If it is judged and can be browsed, the conversion key ke is acquired by referring to the expiration date database 230 based on the expiration date e, and the ID number b is acquired and output by the common key encryption process performed by the member registration apparatus 500 ( Step S104).
Based on the ID number b, the expiration date database 230 is referred to, and the payment history database 210 is permitted to be browsed within the viewing period.

Therefore, according to the vending system according to the present example, when the payment history is created, the ID number b is generated from the card number a by executing the encryption process used when the electronic money medium is issued, and the ID number b is generated. Since the trace of the card number “a” is later erased, the card number “a” is not left in the vending machine when the payment history is created.
Further, according to the vending system according to the present example, it is possible to set a viewing time limit from the user terminal to the settlement history database of the server without setting a use time limit for the IC card vending machine.

1 is a schematic diagram showing a vending system to which a settlement history creation method and a settlement history browsing method according to an embodiment are applied. It is a functional block diagram which shows the structure of the member registration apparatus shown in FIG. It is a functional block diagram of the vending machine shown in FIG. It is a flowchart which shows the process sequence of the member registration apparatus shown in FIG. It is a flowchart which shows the process sequence of the vending machine shown in FIG. It is the schematic which shows the vending system to which the payment history creation method and payment history browsing method which concern on 2nd Example are applied. It is a flowchart which shows the process sequence of the member registration apparatus shown in FIG. It is a flowchart which shows the process sequence of the vending machine shown in FIG. It is the schematic which shows the vending system to which the payment history creation method and payment history browsing method which concern on 3rd Embodiment are applied. It is a flowchart which shows the process in the member registration apparatus of the vending system shown in FIG. It is the schematic which shows the vending system to which the payment history creation method and payment history browsing method which concern on the example of 4th Embodiment are applied. It is a flowchart which shows the process in the member registration apparatus of the vending system shown in FIG. It is a flowchart which shows the process of ID number VB for browsing in the server of the automatic vending system shown in FIG. It is a block diagram which shows the outline | summary of the vending system to which the usage history preparation method and usage history browsing method of the conventional IC card are applied.

Explanation of symbols

  10 IC card, 20 IC card reader / writer, 30 management center, 100 vending machine, 111 settlement processing unit, 112 ticketing processing unit, 113 card information processing unit, 114 receipt issuing unit, 115 log processing unit, 200 server, 210 Payment history database, 220 user database, 230 term database, 300 Internet, 400 user terminal, 500 member registration device, 510 ID number generation unit, 520 password generation unit, 530 membership card issue unit, 540 membership card, 550 expiration date database, 560 Validity generator, 570 conversion key generator, 700 Receipt

Claims (8)

  When the ID number is generated and payment is made using the electronic money medium, the ID number is obtained by performing encryption processing on a predetermined basic value determined based on the medium number acquired from the electronic money medium. A step of deleting the record of the medium number temporarily held for performing the processing, and a step of creating payment history data by associating the acquired ID number with the data relating to the payment. A payment history creation method.   The settlement history creation method according to claim 1, wherein the encryption process includes an ElGamal encryption process using calculation difficulty of a discrete logarithm problem.   3. The settlement according to claim 1, wherein the basic value is a conversion value obtained by always generating the same value for the same input value and performing conversion without collision on the medium number. History creation method.   The ID number is obtained by bit-connecting a value obtained by performing a predetermined encryption process on the basic value and a code indicating a type of electronic money service that can be used by the electronic money medium. The settlement history creation method according to any one of claims 1 to 3. A value obtained by performing a predetermined encryption process on a predetermined basic value determined based on a medium number stored in the electronic money medium is set as an ID number of the electronic money medium, and the ID number and a password corresponding to the ID number Registering them in the user database,
A step of obtaining the ID number by performing an encryption process performed at the time of registration of the electronic money medium on a predetermined basic value determined based on a medium number acquired from the electronic money medium when the electronic money medium is used for payment; When,
Deleting the record of the medium number temporarily held to perform the processing;
Creating payment history data by associating the acquired ID number with data relating to the payment;
Storing the payment history data in a payment history database;
A step of transmitting an ID number and a password corresponding to the ID number from the terminal to a server operating the payment history database when browsing the payment history stored in the payment history database from the terminal;
Permitting the browsing of the settlement history stored in the settlement history database only when the ID number and password received by the server are compared with those registered in the user database and determined to be valid;
A payment history browsing method characterized by comprising: A value obtained by performing a predetermined encryption process on a predetermined basic value determined based on a medium number stored in the electronic money medium is used as an ID number of the electronic money medium, and includes information related to a time limit relating to the electronic money medium A step of registering the time-limited ID number and the corresponding password in the user database,
Determining whether or not it is within a browsing period designated by an ID number acquired from the electronic money medium when the electronic money medium is settled;
Based on the ID number obtained by applying a predetermined encryption process to a predetermined basic value determined from the medium number stored in the electronic money medium when the electronic money medium is issued and the time limit information, the time-limited ID number is Generating step;
Simultaneously generating the password as corresponding to the time-limited ID number obtained by the step of generating the time-limited ID number;
An ID number obtained by performing processing including encryption processing performed at the time of issuing the electronic money on the card number as the medium number used in electronic money settlement, and deleting the recording of the medium number from the recording of the processing A payment history data creation step created based on
The server obtains an ID number that is a basis for creating the time-limited ID number from the input time-limited ID number, and makes the payment history server browse based on the ID number History browsing method.   The settlement history browsing method according to claim 5 or 6, wherein the encryption processing includes ElGamal encryption processing using calculation difficulty of the discrete logarithm problem.   6. The conversion value obtained by always generating the same value as the basic value from the medium number and performing conversion without collision, and further encrypting the conversion value. The settlement history browsing method according to any one of claims 1 to 7.

Images