JP2009277009A - Communication device and accounting system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enhance the reliability of detection of an unauthorized IC card when a road use toll is collected. <P>SOLUTION: In an on-board apparatus 20, an unauthorized IC card ID memory unit 26 stores unauthorized IC card IDs the use of which is prohibited; an IC card interface section 25 receives an IC card ID from a IC card 40; a determination section 28 checks the received IC card ID against IC card IDs which are stored in the unauthorized IC card ID memory unit 26, wherein the input IC card ID is not sent to an automatic toll collection server 1 if the received IC card ID matches an unauthorized IC card ID, or the input IC card ID is sent to the automatic toll collection server 1 if the received IC card ID does not match any unauthorized IC card ID; and the automatic toll collection server 1 performs the process for the IC card ID. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to toll collection such as tolls for toll roads, for example.

  In recent years, a toll collection system that collects tolls on toll roads and the like by an ETC (Electronic Toll Collection) system or the like has been used.

FIG. 14 shows an outline of a conventional ETC system.
In FIG. 14, a vehicle 700 is equipped with a vehicle-mounted device 600 having a wireless communication function.
The vehicle-mounted device 600 stores vehicle information and vehicle-mounted device ID (Identification Data) for uniquely identifying the vehicle-mounted device 600 in advance.
The in-vehicle device 600 has a charge payment function, and an IC (Integrated Circuit) card (not shown) having a uniquely identifiable ID can be attached and detached.
This IC card is pre-written with pass ticket information including route information, payment information, etc., and when the IC card is inserted into the vehicle-mounted device 600, the recorded information is read into the vehicle-mounted device 600.

On the other hand, the toll gate is provided with an antenna 500 for transmitting / receiving signals to / from the on-vehicle device 600 and an automatic fee collection server 100. The automatic fee collection server 100 communicates with the on-vehicle device 600 via the antenna 500. The roadside communication unit 200, the roadside processing unit 300 that processes transmission / reception data of the vehicle-mounted device 600, and the unauthorized IC card ID storage unit 400 that stores a list of unauthorized IC card IDs.
The automatic toll collection server 100 stores in the unauthorized IC card ID storage unit 400 based on the pass ticket information, vehicle information, onboard unit ID, and IC card ID sent from the onboard unit 600 of the vehicle 700 passing through the toll gate. The toll fee from the entrance toll gate to the toll gate is calculated by comparing with the unauthorized IC card ID list, and processed.
Then, the vehicle-mounted device 600 is notified of the normal processing, and necessary information such as toll and IC card ID is sent to the credit card company via the management server 31 which is a higher server, and the toll is paid through the credit company. Is called.
Further, the management server 31 transmits the unauthorized IC card ID list to the automatic fee collection server 100 of each tollgate, and the automatic fee collection server 100 records the received unauthorized IC card ID list in the unauthorized IC card ID storage unit 400. To do.

In such an ETC system, there is a problem of using an illegal IC card, for example, a card whose use is stopped by a credit card company or a forged card obtained by copying data of a legitimate IC card.
As a countermeasure, the automatic fee collection server 100 collates the ID of the unauthorized IC card with the list. However, when the list increases, the collation in a short time when the vehicle passes through the toll booth is not in time.
As another countermeasure, a technique for distributing illegal IC card ID information to the automatic fee collection server 100 in a short time and detecting an unauthorized vehicle is disclosed (see Patent Document 1).
JP 2006-227778 A

The conventional automatic toll collection system has to detect an illegal card use vehicle in a short time when the vehicle passes through the toll gate. Especially when the number of illegal IC card IDs increases, an automatic toll collection server Therefore, it is difficult to perform collation with all illegal IC card ID information.
In addition, in order to realize all verifications, the processing performance of the automatic fee collection server must be increased, and there is a problem that costs increase.

  The main object of the present invention is to solve the above-mentioned problems, and the main object is to improve the reliability of detecting illegal IC cards.

The communication device according to the present invention is
A communication device that transmits an ID (Identification Data) used for billing processing to a billing processing device,
A forbidden ID list storage unit for storing a forbidden ID list indicating as a forbidden ID an ID that is prohibited from being used for billing processing;
An ID input unit for inputting an ID;
When the input ID input by the ID input unit is compared with the prohibition ID list stored in the prohibition ID list storage unit, and the input ID matches any of the prohibition IDs, the charging of the input ID A determination unit that prohibits transmission to the processing apparatus and permits transmission of the input ID to the billing processing apparatus when the input ID does not match any of the prohibited IDs.

  According to the present invention, the communication device holds the prohibition ID list, and as a result of the collation between the input ID and the prohibition ID list, only IDs that do not correspond to the prohibition ID are transmitted to the billing processing device. Target IDs can be reduced, and ID verification omissions can be avoided.

Embodiment 1 FIG.
FIG. 1 shows a configuration example of an automatic fee collection system (billing processing system) according to the present embodiment.
In FIG. 1, an automatic toll collection server 1 is a facility installed at a toll booth and performs billing processing suitable for a toll booth (including a check barrier) such as an entrance toll booth or an exit toll booth. The automatic fee collection server 1 is an example of a charging processing device. The billing process means various processes necessary for billing and settlement of charges, such as transmitting the identification information of the entrance toll gate at the entrance toll gate to the road user and recording the IC card ID of the road user. This includes the transmission of billing information at the exit toll gate to road users and management servers, and the recording of the IC card ID of the road user.
As shown in FIG. 1, the automatic toll collection server 1 includes a roadside communication unit 2 (communication unit) having a wireless communication function, a roadside processing unit 3 that transmits and receives data, and performs processing for toll collection. It is composed of an unauthorized IC card ID storage unit 4 that records a list of IC card IDs, and performs wireless data transmission / reception with an on-vehicle device mounted on a vehicle passing through a toll gate via an antenna 5.

The unauthorized IC card ID list in the unauthorized IC card ID storage unit 4 is created from an IC card ID or the like that could not be settled by the credit company, and is updated as necessary. Note that, as a general rule, the unauthorized IC card ID storage unit 4 is always updated to the latest state (a state in which the latest unauthorized IC card ID that could not be settled by the credit company is included).
The unauthorized IC card ID storage unit 4 is provided in an external storage device such as a hard disk device, an external memory, or a memory in a microprocessor constituting the roadside processing unit 3.
The unauthorized IC card ID is an ID of an IC card that is prohibited from being used for billing processing, and is an example of a prohibited ID. An unauthorized IC card list that is a list of unauthorized IC card IDs is an example of a prohibited ID list, and an unauthorized IC card ID storage unit 4 that stores an unauthorized IC card ID list is an example of a prohibited ID list storage unit.

The vehicle-mounted device 20 can exchange data with the automatic fee collection server 1 and can read and write data recorded on the IC card 40.
The vehicle-mounted device 20 includes an antenna 21, a wireless communication unit 22 (communication unit) that wirelessly communicates with the automatic fee collection server 1, for example, a processing unit 23 composed of a microprocessor, and a man-machine that receives a user operation and responds to the result. The interface unit 24 and the IC card interface unit 25 that communicates with the IC card 40 are configured. The vehicle-mounted device 20 is an example of a communication device.

The IC card interface unit 25 inputs the IC card ID and the pass ticket information from the IC card 40. The IC card interface unit 25 is an example of an ID input unit.
The processing unit 23 includes an unauthorized IC card ID storage unit 26 that records a list of unauthorized IC card IDs configured from a non-volatile memory, a buffer 27 that holds data read from the IC card 40, and a read from the IC card 40. There is a determination unit 28 that collates the IC card ID with the unauthorized IC card ID list recorded in the unauthorized IC card ID storage unit 26.
The unauthorized IC card ID storage unit 26 is an example of a prohibited ID list storage unit.
The unauthorized IC card ID storage unit 26 cannot read the unauthorized IC card ID list by the user's operation, and can record or update it by communication with the automatic fee collection server 1.

  The determination unit 28 determines whether the input IC card ID is invalid as a result of collation between the IC card ID input by the IC card interface unit 25 and the unauthorized IC card ID list recorded in the unauthorized IC card ID storage unit 26. If the input IC card ID matches the IC card ID, the input IC card ID is prohibited from being transmitted to the automatic fee collection server 1, and the input IC card ID does not match any unauthorized IC card ID. The transmission of the ID to the automatic fee collection server 1 is permitted.

  The IC card 40 is composed of, for example, a microprocessor, and the internal non-volatile memory uniquely identifies entrance toll gates and exit toll gates necessary for toll collection, information on tolls related to traffic routes, and IC cards. An IC card ID is stored.

Next, the operation will be described with reference to FIGS.
When the user inserts the IC card into the vehicle-mounted device 20 (S100), in the vehicle-mounted device 20, the IC card interface unit 25 reads the IC card ID before reading all the pass ticket information (S101).
Then, the determination unit 28 collates the read IC card ID with the ID list stored in the unauthorized IC card ID storage unit 26 (S102), and the read ID is not included in the unauthorized IC card ID list. The IC card interface unit 25 reads the pass ticket information only when it is considered normal (S103). Then, the passport information and the IC card ID are transmitted from the wireless communication unit 22 to the automatic toll collection server 1.
When the read ID is included in the unauthorized IC card ID list, it is determined that the inserted IC card is an unauthorized IC card, and the process is interrupted.
Thereafter, for example, the user is informed from the man-machine interface unit that the IC card cannot be used.
Thus, if the input ID does not match any ID shown in the unauthorized IC card ID list as a result of the verification, the determination unit 28 transmits the ID to the automatic fee collection server 1. If the input ID matches one of the IDs shown in the unauthorized IC card ID list, transmission of the ID to the automatic fee collection server 1 is prohibited.

  In this example, the vehicle-mounted device 20 performs collation in the determination unit 28 before reading out the pass ticket information. However, the check is performed after the pass ticket information is read out, and the information read out in the case of an unauthorized IC card is used. The operation of discarding may be used.

Next, processing when passing through the toll gate will be described with reference to FIG.
When the vehicle passes through the toll gate, the IC card is inserted into the vehicle-mounted device 20.
The automatic toll collection server 1 detects the vehicle (S105), and the roadside communication unit 2 wirelessly communicates with the vehicle-mounted device 20 to acquire necessary information such as the pass ticket information and IC card ID read from the IC card (S106). ), The roadside processing unit 3 performs toll collection processing (S107).
Then, data required for toll collection, for example, information indicating an entrance toll gate if it is an entrance, and pass ticket information such as a toll if it is an exit are transmitted to the vehicle-mounted device (S108).
Then, the unauthorized IC card ID list recorded in the unauthorized IC card ID storage unit 4 is transmitted to the vehicle-mounted device 20 (S109).
The in-vehicle device records the received unauthorized IC card ID list in the unauthorized IC card ID storage unit 26 (S110).

As described above, since the vehicle-mounted device detects an unauthorized IC card at the time of insertion before using the IC card based on the stored list of unauthorized IC card IDs, payment cannot be made after passing the toll road. Use of unauthorized IC cards can be prevented.
Also, every time the toll gate passes, the latest unauthorized IC card ID list is sent from the automatic toll collection server to the in-vehicle device, so the list of unauthorized IC card IDs stored in the in-vehicle device can be kept up-to-date. Thus, the reliability of detecting illegal IC cards can be improved.

In the above description, the automatic fee collection server 1 performs the charging process for the ID without checking the IC card ID received from the vehicle-mounted device 20, but as shown in S111 in FIG. In addition, limited verification may be performed in the automatic fee collection server 1. Note that S105 to S110 in FIG. 13 are the same as the processes shown in FIG.
For example, in the automatic fee collection server 1, the unauthorized IC card ID storage unit 4 has the ID of the unauthorized IC card selected as the verification target separately from the unauthorized IC card ID list transmitted to the vehicle-mounted device 20 in S109 of FIG. The roadside processing unit 3 collates the ID received from the vehicle-mounted device 20 with the list of IDs to be collated stored in the unauthorized IC card ID storage unit 4. If the received ID matches one of the IDs shown in the list of IDs to be verified, the charging process using the received ID is not performed, and the received ID is shown in the list of IDs to be verified. If it does not match any ID, billing processing using the received ID is performed.
As an ID to be verified, for example, an ID of an IC card that has recently been cheated or an ID of an IC card with a large damage amount can be considered.

Moreover, since the contents of the unauthorized IC card ID list possessed by each onboard device 20 (recently updated, not updated for a long time, etc.) are different, the automatic fee collection server 1 is possessed by the onboard device 20. The matching may be performed according to the contents of the illegal IC card ID list.
In this case, for example, in the vehicle-mounted device 20, the input ID is compared with the ID stored in the unauthorized IC card ID storage unit 26 in the procedure shown in FIG. 2, and the input ID does not match any ID. In addition to the ID and the pass ticket information, information (possession ID specifying information) that can specify the ID stored in the unauthorized IC card ID storage unit 26 is transmitted to the automatic fee collection server 1.
The possessed ID specifying information is, for example, the ID of the automatic charge collection server 1 of the ID stored last in the unauthorized IC card ID list of the vehicle-mounted device 20 or the ID stored last in the unauthorized IC card ID list of the vehicle-mounted device 20. It is the storage date and time in the unauthorized IC card ID storage unit 4.
The automatic toll collection server 1 receives the possessed ID specifying information together with the ID and the pass ticket information from the in-vehicle device 20, and the roadside processing unit 3 determines the ID (the communication device possessed) that the in-vehicle device 20 possesses from the owned ID specifying information. Prohibition ID) is specified, an ID that is not possessed by the vehicle-mounted device 20 is selected from the illegal IC card IDs included in the unauthorized IC card ID storage unit 4, and the selected ID and the ID received from the vehicle-mounted device 20 are Perform the verification.
In this example, the unauthorized IC card ID storage unit 4 stores, for example, a plurality of IDs in the order in which the IDs are stored, and the last ID stored in the vehicle-mounted device 20 is indicated in the possessed ID specifying information. The roadside processing unit 3 can determine that the ID in the order after the ID indicated in the possessed ID specifying information is an ID that is not held by the vehicle-mounted device 20.
In addition, the unauthorized IC card ID storage unit 4 manages, for example, the storage date and time (date and time added to the unauthorized IC card ID list) for each ID, and the storage date and time is indicated in the possessed ID specifying information, The roadside processing unit 3 can determine that an ID with a date and time later than the date and time indicated in the possessed ID specifying information is an ID that the vehicle-mounted device 20 does not hold. In this case, since the storage date and time in the unauthorized IC card ID storage unit 4 is described for each ID in the unauthorized IC card ID list transmitted in S109 in FIG. The storage date and time can be notified.

  As described above, in the present embodiment, in the toll road automatic toll collection system, the unauthorized IC card ID storage unit installed at the toll booth and stores the ID of the unauthorized IC card, and the unauthorized IC card ID storage unit in the vehicle-mounted device. The automatic fee collection server that transmits information has been described.

  In the present embodiment, in the toll road automatic toll collection system, an unauthorized IC card ID storage unit that performs wireless communication with an automated toll collection server installed at a toll booth and stores the received unauthorized IC card ID list; An automatic toll collecting vehicle-mounted device that includes an IC card ID read from an inserted IC card and a determination unit that collates information in the unauthorized IC card ID storage unit has been described.

  In the present embodiment, in the toll road automatic toll collection system, the toll road has an unauthorized IC card ID storage unit that stores an unauthorized IC card ID and stores an unauthorized IC card ID list on the vehicle-mounted device. An automatic fee collection server to be transmitted, an unauthorized IC card ID storage unit for performing wireless communication with the automatic fee collection server and storing the received unauthorized IC card ID list, an IC card ID and an unauthorized IC read from the inserted IC card An automatic toll collection system including an on-vehicle device having a determination unit that collates with information in a card ID storage unit has been described.

Embodiment 2. FIG.
In the first embodiment described above, the in-vehicle device 20 has the form in which the unauthorized IC card ID storage unit 26 is provided in the processing unit 23. Next, the unauthorized IC card ID storage unit 26 is stored in a memory external to the processing unit 23. An embodiment provided in FIG.
In this case, there is a problem such as falsification or leakage of the unauthorized IC card ID list in the communication path between the processing unit 23 and the unauthorized IC card ID storage unit 26.
In this embodiment, an example for solving these problems will be described.
FIG. 4 is a configuration diagram of the vehicle-mounted device 20 in such a case.
The automatic fee collection server 1 is the same as that of the first embodiment.

The unauthorized IC card ID storage unit 26 is connected to the processing unit 23.
The processing unit 23 includes an encryption unit 29 that encrypts and decrypts input data, an integrity information generation unit 30 that generates integrity information from the input data, and an encryption key storage unit that records an encryption key used for encryption and decryption There are 32.
The integrity information is information for detecting that the data has been tampered with, and includes a digital signature, a CRC (Cyclic Redundancy Check), a hash value, a message authenticator, and the like.
The encryption key storage unit 32 is provided in a non-volatile memory in the processing unit 23.
Note that the encryption unit 29 and the integrity information generation unit 30 perform authentication processing of the unauthorized IC card ID list, and are examples of authentication processing units.

Next, the operation will be described with reference to FIGS.
After receiving the list of unauthorized IC card IDs, the vehicle-mounted device 20 generates integrity information by the integrity information generating unit 30 before recording it in the unauthorized IC card ID storage unit 26 (S120).
In the present embodiment, the integrity information is a hash value.
Next, the unauthorized IC card list and the generated hash value are encrypted by the encryption unit 29 using the encryption key stored in the encryption key storage unit 32 (S121), and the encrypted unauthorized IC card list and the hash value are converted into the unauthorized IC card. Record in the ID storage unit 26 (S122).
The vehicle-mounted device 20 reads the encrypted IC card ID list and hash value from the IC card ID storage unit 26 before collating the IC card ID read from the IC card with the IC card ID list (S125).
Then, the encryption unit 29 decrypts the encryption key stored in the encryption key storage unit 32 (S126).
Next, a hash value is generated by the integrity information generation unit 30 from the decrypted unauthorized IC card ID list (S127), and the integrity information generation unit 30 compares the generated hash value with the decrypted hash value. (S128).
If the hash values match as a result of the comparison, the process ends normally and the IC card ID inserted in the vehicle-mounted device 20 is verified in the same manner as in the first embodiment.
If they do not match, the unauthorized IC card ID list may have been tampered with, so the process ends abnormally. For example, the man-machine interface unit 24 notifies the user to that effect.

As described above, since a large amount of non-volatile memory outside the processing unit is used as the unauthorized IC card ID storage unit, a large number of unauthorized IC card lists can be stored in the vehicle-mounted device 20. Detection reliability can be improved.
Since the integrity information is added to the unauthorized IC card ID list and the integrity information and the unauthorized IC card ID list are encrypted, the unauthorized IC card ID is used in the communication path between the processing unit and the unauthorized IC card ID storage unit. Tampering and leakage of the list can be prevented, and the secure vehicle-mounted device 20 can be provided.
In the present embodiment, the unauthorized IC card ID storage unit is provided inside the vehicle-mounted device 20, but the unauthorized IC card ID storage unit may be configured in a large-capacity memory outside the vehicle-mounted device 20. Absent.

  As described above, in the present embodiment, the unauthorized IC card ID storage unit provided outside the processing unit and the information stored in the unauthorized IC card ID storage unit provided in the processing unit are encrypted, or the information that is read is decrypted. Unit, an encryption key storage unit for storing an encryption key used for encryption / decryption, and an integrity information generation unit for generating integrity information for verifying that the information has not been tampered with Explained.

Embodiment 3 FIG.
In Embodiments 1 and 2, the list of unauthorized IC card IDs is transmitted from the automatic fee collection server 1 to the vehicle-mounted device 20, and then the unauthorized IC card ID is selectively transmitted from the automatic fee collection server 1. An embodiment for transmitting a list of

FIG. 7 is a configuration diagram of the automatic fee collection server 1 in such a case.
The configuration of the vehicle-mounted device 20 may be the same as in the first and second embodiments.
The selection unit 6 selects an ID to be transmitted to the vehicle-mounted device 20 from the unauthorized IC card ID list recorded in the unauthorized IC card ID storage unit 4 according to a predetermined condition, thereby transmitting the unauthorized IC card ID list for transmission (selection prohibited ID). List), which is connected between the roadside processing unit 3 and the unauthorized IC card ID storage unit 4 in the present embodiment.

Next, the operation will be described.
In the automatic fee collection server 1, before transmitting the list of unauthorized IC card IDs to the vehicle-mounted device 20, the selection unit 6 selects an ID to be transmitted from the ID list in the unauthorized IC card ID storage unit 4, and transmits the unauthorized IC card for transmission. Create an ID list.
The selection method includes, for example, a method of extracting only an IC card ID for which fraud has recently been performed, a method of extracting an IC card ID with a large damage amount, and the like.
Then, the roadside processing unit 3 transmits the transmission unauthorized IC card ID list to the vehicle-mounted device 20 via the antenna 5.
The vehicle-mounted device 20 records the received list of unauthorized IC card IDs in the unauthorized IC card ID storage unit 26 and uses it when collating with the ID of the inserted IC card.

As described above, since the automatic fee collection server 1 selectively transmits the list of unauthorized IC card IDs to the vehicle-mounted device 20, the amount of communication data and the communication time between the automatic fee collection server 1 and the vehicle-mounted device 20 are reduced. It is possible to improve the reliability of communication with the vehicle-mounted device 20 mounted on a vehicle traveling at high speed. Moreover, the storage capacity of the unauthorized IC card ID storage unit of the vehicle-mounted device 20 can be reduced, and the inexpensive vehicle-mounted device 20 can be provided.
In the present embodiment, the connection form between the unauthorized IC card ID storage unit and the processing unit is shown. However, the unauthorized IC card ID storage unit may be connected even when the selection unit 6 is connected to the roadside processing unit 3. 4 may be connected. In addition, the automatic fee collection server 1 may create an unauthorized IC card ID list for transmission in advance and transmit the list to the vehicle-mounted device 20 when the vehicle passes.

Further, as shown in the first embodiment, the vehicle-mounted device 20 is included in the unauthorized IC card ID list stored in the unauthorized IC card ID storage unit 26 together with the ID to be charged and the pass ticket information. Information that can identify the current ID (owned ID identification information) may be transmitted to the automatic fee collection server 1.
As in the first embodiment, the possessed ID specifying information is, for example, the ID stored last in the unauthorized IC card ID list of the vehicle-mounted device 20 or the ID stored last in the unauthorized IC card ID list of the vehicle-mounted device 20. The date and time of storage in the unauthorized IC card ID storage unit 4 of the automatic fee collection server 1.
The automatic toll collection server 1 receives the possessed ID specifying information together with the ID and the pass ticket information from the in-vehicle device 20, and the selection unit 6 determines the ID (possible communication device possession prohibition of the in-vehicle device 20 from the owned ID specifying information ID) is specified, an ID that is not possessed by the vehicle-mounted device 20 is selected from the illegal IC card IDs included in the illegal IC card ID storage unit 4, and a transmission illegal IC card ID list is created from the selected IDs. To do.
In this example, as in the first embodiment, the unauthorized IC card ID storage unit 4 stores a plurality of IDs, for example, in the order in which the IDs are stored, and is finally stored in the in-vehicle device 20 in the possessed ID specifying information. When the ID is displayed, the selection unit 6 can determine that the ID in the order after the ID indicated in the possessed ID specifying information is an ID that is not held by the vehicle-mounted device 20.
In addition, the unauthorized IC card ID storage unit 4 manages, for example, the storage date and time (date and time added to the unauthorized IC card ID list) for each ID, and the storage date and time is indicated in the possessed ID specifying information, The selection unit 6 can determine that an ID with a date and time later than the date and time indicated in the possessed ID specifying information is an ID that the vehicle-mounted device 20 does not hold. In this case, since the storage date and time in the unauthorized IC card ID storage unit 4 is described for each ID in the unauthorized IC card ID list transmitted in S109 in FIG. The storage date and time can be notified.

  As described above, in the present embodiment, the automatic fee collection server that selects and transmits the unauthorized IC card ID list to be transmitted to the vehicle-mounted device has been described.

Embodiment 4 FIG.
In the third embodiment, each time a vehicle passes from the automatic fee collection server 1, a fraudulent IC card ID list for transmission is created. Embodiments created in the above are shown.

FIG. 8 is a configuration diagram of the automatic fee collection server 1 in such a case.
The configuration of the vehicle-mounted device 20 may be the same as in the first and second embodiments.
The unauthorized IC card ID buffer 7 is a memory that stores a transmitting unauthorized IC card ID list for transmission to the vehicle-mounted device 20.
The illegal IC card ID buffer 7 is provided in an external storage device such as a hard disk device, an external memory, or a memory in a microprocessor constituting the roadside processing unit.
In this embodiment, the unauthorized IC card ID buffer 7 also functions as a prohibited ID list storage unit.
The management server 31 is an example of a management device that generates a fraudulent IC card ID list for transmission to be transmitted to the automatic fee collection server 1.

Next, the operation will be described with reference to FIG.
The management server 31 selects an unauthorized IC card ID for transmission to the vehicle-mounted device 20 from the unauthorized IC card ID list, and creates an unauthorized IC card ID list for transmission (S130).
As in the third embodiment, the selection method includes, for example, a method of extracting only an IC card ID for which fraud has recently been performed, a method of extracting an IC card ID having a large damage amount, and the like.
Then, the management server transmits the unauthorized IC card ID list for transmission to the automatic fee collection server 1 of each tollgate (S131).
The automatic fee collection server 1 receives the unauthorized IC card ID list for transmission and records it in the unauthorized IC card ID buffer 7 (S132).
Then, when the vehicle passes through the toll gate (S133) and communicates with the vehicle-mounted device 20, a toll collection process is performed (S134), and then the roadside processing unit 3 selects the selection stored in the unauthorized IC card ID buffer 7 The list of the obtained IC card IDs is transmitted to the vehicle-mounted device 20 via the antenna (S135).
The vehicle-mounted device 20 records the received list of unauthorized IC card IDs in the unauthorized IC card ID storage unit 26 (S136).
After that, it is used when collating with the ID of the inserted IC card.

As described above, since the management server 31 selects a list of illegal IC card IDs in a lump and transmits it to the automatic fee collection server 1 of each tollgate, the illegal IC card can be efficiently processed in the entire automatic fee collection system. It is possible to construct a secure system for detecting
In addition, the workload at the toll gate can be reduced, erroneous operations can be reduced, and inexpensive servers and systems can be constructed.

  As described above, in the present embodiment, the automatic fee collection server that transmits the unauthorized IC card ID list for transmission received from the management server that is the host server to the vehicle-mounted device has been described.

Embodiment 5 FIG.
In the above embodiment, the use of the unauthorized IC card is detected by the vehicle-mounted device 20, but when the check by the vehicle-mounted device 20 is passed, the automatic fee collection server 1 efficiently uses the unauthorized IC card. An example of automatic detection will be described.

FIG. 10 is a configuration diagram of the automatic fee collection server in such a case.
The automatic toll collection server 1a is installed at the entrance toll booth, and the automatic toll collection server 1b is installed at the exit toll booth, which are connected via a network.
The automatic toll collection server 1a at the entrance toll gate is provided with an emergency fraud IC card ID transmission unit 8 that transmits the unauthorized IC card ID to another exit toll gate.
The automatic toll collection server 1b at the exit toll booth includes an emergency fraud IC card ID receiving unit 9 that receives the fraud IC card ID from the entrance toll booth, unauthorized IC card ID transmission to other exit toll booths, and other exit charges. There is provided an emergency fraud IC card ID release transmission / reception unit 10 for receiving from a place.
In FIG. 10, the entrance toll gate is described as an example of the first toll gate, and the exit toll gate is described as an example of the second toll gate.
The automatic fee collection server 1a is an example of a first billing processing device, and the automatic fee collection server 1b is an example of a second billing processing device.

Next, the operation will be described with reference to FIG.
When a vehicle using an unauthorized IC card passes through the entrance toll gate A and detects the use of the unauthorized IC card (S140), the emergency unauthorized IC card ID transmission unit 8 of the automatic fee collection server 1a passes through the network. Warning information notifying the ID of the detected unauthorized IC card is transmitted to the other exit toll booths B and C (S141).
In the automatic toll collection server 1b at the exit toll gate, the emergency unauthorized IC card ID receiving unit 9 receives warning information indicating the unauthorized IC card ID. Then, the search priority of the unauthorized IC card ID indicated in the received warning information is increased in the list (S142). A search with a high search priority is searched before other ones with a low priority, and is subject to collation first.

FIG. 12 shows an example of the unauthorized IC card list.
In this example, the priority “H” is high and “L” is low.
When the unauthorized IC card ID1 is received from the entrance toll gate, the priority of ID1 is changed from “L” to “H” at the exit toll gate.
Thereby, every time the vehicle passes, the automatic toll collection server 1b at the exit toll booth checks the IC card ID received from the vehicle-mounted device 20 with the list from the one with the priority “H”. Thereby, the use of an unauthorized IC card can be detected efficiently.

When the use of the unauthorized IC card ID1 is detected at the exit toll gate B (S143), the vehicle is stopped by closing a gate (not shown) and the normal toll is collected.
Then, the emergency fraud IC card ID release transmission / reception unit 10 transmits ID1 to another exit toll gate so that the priority of the fraud IC card ID1 is lowered (S144).
The automatic toll collection server 1b at the exit toll booth that has received the unauthorized IC card ID1 and the automatic toll collection server 1b at the exit toll booth that has detected the use of the unauthorized IC card change the priority of the unauthorized IC card ID 1 from "H" to "L". (S145).

As described above, the automatic toll collection server at the entrance toll booth reports to the exit toll booth that a vehicle using an unauthorized IC card has entered the toll road, and the corresponding IC card ID is given priority at the exit toll booth. Since the priority is restored after detecting the illegal IC card, the use of the illegal IC card can be efficiently detected, and a secure automatic fee collection system can be constructed.
In this embodiment, priority is provided to the list of the unauthorized IC card ID storage unit, but the ID received by the emergency unauthorized IC card ID receiving unit is stored in the buffer of the roadside processing unit, and the list in the buffer It is also possible to use a form of collating with priority.
Further, in this embodiment, the unauthorized IC card ID storage unit provided in the automatic fee collection server is a list of only unauthorized IC card IDs. It is also possible to make a list combining vehicle-mounted device IDs and unauthorized IC card IDs, which are information for uniquely identifying devices, and detect unauthorized IC cards based on combinations of IC card IDs and vehicle-mounted device 20IDs.

  As described above, in this embodiment, the automatic toll collection server provided with the emergency fraud IC card ID transmission unit that is installed at the entrance toll gate and transmits the detected fraud IC card ID to another exit toll gate has been described.

  In the present embodiment, the emergency fraud IC card ID receiving unit that is installed at the exit toll gate and receives the fraud IC card ID from another entrance toll gate, and the fraud IC card ID is transmitted to the other exit toll gate. Or an emergency fraud IC card ID cancellation transmission / reception unit that receives an fraud IC card ID from another exit toll gate, and the IC card ID check when passing through the vehicle takes precedence over the IC card ID received by the emergency fraud IC card ID reception unit The automatic toll collection server to be performed was explained.

Finally, hardware configuration examples of the automatic fee collection server 1 and the vehicle-mounted device 20 shown in the first to fifth embodiments will be described.
FIG. 15 is a diagram illustrating an example of hardware resources of the automatic fee collection server 1 and the vehicle-mounted device 20 illustrated in the first to fifth embodiments.
The configuration of FIG. 15 is merely an example of the hardware configuration of the automatic fee collection server 1 and the vehicle-mounted device 20, and the hardware configuration of the automatic fee collection server 1 and the vehicle-mounted device 20 is the configuration described in FIG. The configuration is not limited to this, and other configurations may be used.

In FIG. 15, the automatic fee collection server 1 and the vehicle-mounted device 20 include a CPU 911 (also referred to as a central processing unit, a central processing unit, a processing unit, an arithmetic unit, a microprocessor, a microcomputer, and a processor) that executes a program.
The CPU 911 is connected to, for example, a ROM (Read Only Memory) 913, a RAM (Random Access Memory) 914, a communication board 915, a display device 901, a touch panel 902, and a magnetic disk device 920 via a bus 912. Control the device.
Further, the CPU 911 may be connected to an FDD 904 (Flexible Disk Drive), a compact disk device 905 (CDD), a keyboard, a mouse, a printer device, and a scanner device. Further, instead of the magnetic disk device 920, a storage device such as an optical disk device or a memory card (registered trademark) read / write device may be used.
The RAM 914 is an example of a volatile memory. The storage media of the ROM 913, the FDD 904, the CDD 905, and the magnetic disk device 920 are an example of a nonvolatile memory. These are examples of the storage device.
A communication board 915, a touch panel 902, a keyboard, a mouse, a scanner device, an FDD 904, and the like are examples of input devices.
Further, the communication board 915, the display device 901, the printer device, and the like are examples of an output device.

  The communication board 915 is used for wireless communication of IDs and passport information. In the case of the automatic toll collection server 1, for example, the communication board 915 includes a LAN (local area network), the Internet, and a WAN (wide area network). It may be connected to the

The magnetic disk device 920 stores an operating system 921 (OS), a window system 922, a program group 923, and a file group 924.
The programs in the program group 923 are executed by the CPU 911 using the operating system 921 and the window system 922.

The RAM 914 temporarily stores at least part of the operating system 921 program and application programs to be executed by the CPU 911.
The RAM 914 stores various data necessary for processing by the CPU 911.

The ROM 913 stores a BIOS (Basic Input Output System) program, and the magnetic disk device 920 stores a boot program.
When the automatic fee collection server 1 and the vehicle-mounted device 20 are activated, the BIOS program in the ROM 913 and the boot program for the magnetic disk device 920 are executed, and the operating system 921 is activated by the BIOS program and the boot program.

  The program group 923 stores a program for executing the function described as “˜unit” in the description of the first to fifth embodiments. The program is read and executed by the CPU 911.

In the file group 924, in the description of the first to fifth embodiments, “determination of”, “calculation of”, “collation of”, “comparison of”, “update of”, and “setting of” are set. ”,“ Registration of ”,“ Selection of ”, etc. Information, data, signal values, variable values, and parameters indicating the results of the processing are indicated as“ ˜file ”and“ ˜database ”items. It is remembered.
The “˜file” and “˜database” are stored in a recording medium such as a disk or a memory. Information, data, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU 911 via a read / write circuit, and extracted, searched, referenced, compared, and calculated. Used for CPU operations such as calculation, processing, editing, output, printing, and display.
Information, data, signal values, variable values, and parameters are stored in the main memory, registers, cache memory, and buffers during the CPU operations of extraction, search, reference, comparison, calculation, processing, editing, output, printing, and display. It is temporarily stored in a memory or the like.
In addition, the arrows in the flowcharts described in the first to fifth embodiments mainly indicate input / output of data and signals. The data and signal values are the RAM 914 memory, the FDD 904 flexible disk, the CDD 905 compact disk, and the magnetic field. Recording is performed on a recording medium such as a magnetic disk of the disk device 920, other optical disks, mini disks, DVDs, and the like. Data and signals are transmitted online via a bus 912, signal lines, cables, or other transmission media.

  In addition, what is described as “˜unit” in the description of the first to fifth embodiments may be “˜circuit”, “˜device”, “˜device”, and “˜step”, It may be “˜procedure” or “˜processing”. That is, what is described as “˜unit” may be realized by firmware stored in the ROM 913. Alternatively, it may be implemented only by software, only hardware such as elements, devices, substrates, wirings, etc., or a combination of software and hardware, and further a combination of firmware. Firmware and software are stored as programs in a recording medium such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, and a DVD. The program is read by the CPU 911 and executed by the CPU 911. That is, the program causes the computer to function as “to part” in the first to fifth embodiments. Alternatively, the computer executes the procedure and method of “to part” in the first to fifth embodiments.

  As described above, the automatic fee collection server 1 and the vehicle-mounted device 20 shown in the first to fifth embodiments include a CPU as a processing device, a memory as a storage device, a magnetic disk, etc., a touch panel as an input device, a mouse, a communication board, and an output device. The computer includes a display device, a communication board, and the like, and implements the functions indicated as “unit” as described above using the processing device, the storage device, the input device, and the output device.

1 is a diagram illustrating a configuration example of an automatic fee collection system according to Embodiment 1. FIG. FIG. 3 is a flowchart showing an operation example of the vehicle-mounted device according to the first embodiment. The flowchart figure which shows the operation example of the automatic fee collection server which concerns on Embodiment 1, and an onboard equipment. FIG. 5 shows a configuration example of an on-vehicle device according to a second embodiment. The flowchart figure which shows the operation example of the onboard equipment which concerns on Embodiment 2. FIG. The flowchart figure which shows the operation example of the onboard equipment which concerns on Embodiment 2. FIG. FIG. 10 is a diagram illustrating a configuration example of an automatic fee collection server according to a third embodiment. The figure which shows the structural example of the automatic fee collection server which concerns on Embodiment 4. FIG. The flowchart figure which shows the operation example of the automatic fee collection server which concerns on Embodiment 4, a management server, and onboard equipment. FIG. 10 is a diagram illustrating a configuration example of an automatic fee collection system according to a fifth embodiment. FIG. 10 is a flowchart showing an operation example of the automatic fee collection server according to the fifth embodiment. FIG. 20 is a diagram showing an example of an unauthorized IC card ID list according to the fifth embodiment. The flowchart figure which shows the operation example of the automatic fee collection server which concerns on Embodiment 1, and an onboard equipment. The figure which shows the structural example of the conventional automatic fee collection system. The figure which shows the hardware structural example of the automatic fee collection server which concerns on Embodiment 1-5, and onboard equipment.

Explanation of symbols

  1 automatic toll collection server, 2 roadside communication unit, 3 roadside processing unit, 4 illegal IC card ID storage unit, 5 antenna, 6 selection unit, 7 illegal IC card ID buffer, 8 emergency illegal IC card ID transmission unit, 9 emergency illegal IC card ID reception unit, 10 emergency fraud IC card ID release transmission / reception unit, 20 onboard equipment, 21 antenna, 22 wireless communication unit, 23 processing unit, 24 man-machine interface unit, 25 IC card interface unit, 26 fraud IC card ID storage Part, 27 buffer, 28 determination part, 29 encryption part, 30 integrity information generation part, 31 management server, 32 encryption key storage part, 40 IC card.

Claims (12)

A communication device that transmits an ID (Identification Data) used for billing processing to a billing processing device,
A forbidden ID list storage unit for storing a forbidden ID list indicating as a forbidden ID an ID that is prohibited from being used for billing processing;
An ID input unit for inputting an ID;
When the input ID input by the ID input unit is compared with the prohibition ID list stored in the prohibition ID list storage unit, and the input ID matches any of the prohibition IDs, the charging of the input ID A communication apparatus comprising: a determination unit that prohibits transmission to a processing apparatus and permits transmission of the input ID to the billing processing apparatus when the input ID does not match any of the prohibition IDs. The communication device further includes:
A communication unit that transmits the input ID to the billing processing device and receives a prohibition ID list from the billing processing device when transmission of the input ID is permitted by the determination unit;
The prohibition ID list storage unit
The communication apparatus according to claim 1, wherein a forbidden ID list received by the communication unit is stored. The communication device further includes:
An authentication processing unit that performs an authentication process on the prohibition ID list stored in the prohibition ID list storage unit;
The determination unit
3. The communication apparatus according to claim 1, wherein when the prohibition ID list is authenticated by the authentication processing unit, the authenticated prohibition ID list is collated with the input ID. The communication device
The communication apparatus according to any one of claims 1 to 3, wherein an ID mounted on a vehicle and used for road fee charging processing is wirelessly transmitted to the charging processing device. A charging processing system comprising: a charging processing device that performs charging processing; and a communication device that transmits an ID (Identification Data) used for charging processing to the charging processing device,
The communication device
A forbidden ID list storage unit for storing a forbidden ID list indicating as a forbidden ID an ID that is prohibited from being used for billing processing;
An ID input unit for inputting an ID;
When the input ID input by the ID input unit is compared with the prohibition ID list stored in the prohibition ID list storage unit, and the input ID matches any of the prohibition IDs, the charging of the input ID A determination unit that prohibits transmission to the processing device and permits transmission of the input ID to the billing processing device when the input ID does not match any of the prohibited IDs;
A communication unit that transmits the input ID to the billing processing device and receives a prohibition ID list from the billing processing device when transmission of the input ID is permitted by the determination unit;
The billing processing device
A prohibition ID list storage unit storing the prohibition ID list updated to the latest state;
A communication unit that receives an ID transmitted from the communication device as a reception ID, and transmits at least a part of the prohibited ID list stored in the prohibited ID list storage unit to the communication device;
An accounting processing system comprising: an accounting processing unit that performs accounting processing using the reception ID received by the communication unit. In the communication device,
The prohibition ID list storage unit
6. The accounting processing system according to claim 5, wherein a prohibition ID list received by the communication unit is stored. In the charging processing apparatus,
The prohibition ID list storage unit
Storing a collation target prohibition ID list indicating prohibition IDs selected as collation targets;
The billing processing unit
When the received ID received by the communication unit and the verification target prohibition ID list stored in the prohibition ID list storage unit are collated, and the received ID matches any prohibition ID in the verification target prohibition ID list The charging process using the reception ID is performed when the charging process using the reception ID is not performed and the reception ID does not match any of the prohibition IDs in the verification target prohibition ID list. The charging processing system according to 5 or 6. In the communication device,
The communication unit is
The charging ID is transmitted to the billing processing apparatus, and information capable of specifying the prohibition ID included in the prohibition ID list stored in the prohibition ID list storage unit is transmitted as possession ID specifying information. ,
In the charging processing apparatus,
The billing processing unit
Based on the possession ID specifying information transmitted from the communication device, the prohibition ID included in the prohibition ID list possessed by the communication device is identified as the communication device possession prohibition ID and stored in the prohibition ID list storage unit. A prohibition ID other than the communication device possession prohibition ID is selected from the prohibition IDs included in the prohibition ID list, the selected prohibition ID is compared with the reception ID received by the communication unit, and the reception ID is any The billing process using the reception ID is not performed when matching with the prohibition ID, and the billing process using the reception ID is performed when the reception ID does not match any prohibition ID. Item 8. A billing processing system according to any one of Items 5 to 7. The charging processing device further includes:
A selection unit that selects a prohibition ID that matches a specific condition from prohibition IDs included in the prohibition ID list stored in the prohibition ID list storage unit and generates a selection prohibition ID list indicating the selected prohibition ID; ,
In the charging processing apparatus,
The communication unit is
The billing processing system according to claim 5, wherein the selection prohibition ID list generated by the selection unit is transmitted to the communication device. In the communication device,
The communication unit is
The charging ID is transmitted to the billing processing apparatus, and information capable of specifying the prohibition ID included in the prohibition ID list stored in the prohibition ID list storage unit is transmitted as possession ID specifying information. ,
In the charging processing apparatus,
The selection unit includes:
Based on the possession ID specifying information transmitted from the communication device, the prohibition ID included in the prohibition ID list possessed by the communication device is identified as the communication device possession prohibition ID and stored in the prohibition ID list storage unit. 10. The billing according to claim 9, wherein a prohibition ID other than a communication device possession prohibition ID is selected from prohibition IDs included in the prohibition ID list, and a selection prohibition ID list indicating the selected prohibition ID is generated. Processing system. The billing processing device
Connected to a management device that generates a forbidden ID list to be transmitted to the communication device;
In the charging processing apparatus,
The communication unit is
Receiving a forbidden ID list generated by the management device;
The prohibition ID list storage unit
The billing processing system according to claim 5, wherein a prohibition ID list received from the management device by the communication unit is stored. A first billing processing device that receives a billing processing ID (Identification Data) from an in-vehicle communication device mounted on a vehicle passing through a first toll gate on a toll road, and performs billing processing using the received ID When,
A second billing processing device that receives a billing processing ID from an in-vehicle communication device mounted on a vehicle passing through the second toll gate on the toll road and performs billing processing using the received ID; And
The first charging processing device and the second charging processing device are respectively
The ID that is prohibited from being used for the billing process is managed as a prohibited ID, and every time the ID is received from the in-vehicle communication device, the received ID is checked against the prohibited ID.
The first billing apparatus is
As a result of collating the ID received from any of the in-vehicle communication devices with the prohibition ID, if the received ID matches any of the prohibition IDs, warning information for notifying the received ID is sent to the second billing processing device. Send
The second billing apparatus is
When the warning information is received from the first charging processing device, the charging processing system is characterized in that the forbidden ID corresponding to the ID notified in the warning information is preferentially used as a target for collation.

Images