JP2011005104A - Game machine, authentication method and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To solve the problem of restriction in designing inevitably caused by a larger strength of security in the conventional game machines.SOLUTION: In addition to the purpose of attesting the authenticity of connection devices for a CPU, a power source on-command for designating the application or the initialization of the power source and the first authentication data for attesting own authenticity are outputted from the main control part 2a. A peripheral part 3a, which receives the outputs from the main control part 2a as its inputs, outputs the first authentication data while controlling the execution of the processing based on the power source on-command. The peripheral part 3a determines whether the main control part 2a is authentic or not, based on the second authentication data to be generated and outputted by an intermediate part 3b and makes a notification to the effects if it is determined not to be authentic. The intermediate part generates intermediate data for the determination on the authenticity of the main control part to reduce the burden on the peripheral part as compared with the case of making the peripheral part carry out all of the processing for the authentication, thereby enabling the determination on whether the main control part is authentic or not with a larger strength of security than ever.

Description

  The present invention relates to a gaming machine such as a pachinko machine.

  2. Description of the Related Art Conventionally, techniques for preventing fraud with respect to control boards mounted on various electronic devices have been proposed. The control board includes a main control board that controls the operation of the entire electronic device such as a pachinko game machine, and a controlled board (peripheral board) that operates each part of the electronic device. The main control board outputs a control signal including a control command to the peripheral board. The peripheral board performs an operation according to the control signal transmitted from the main control board.

  Examples of frauds with respect to the control board include a method of replacing a regular main control board with an unauthorized control board, or connecting an unauthorized control board between a regular main control board and a controlled board. In order to prevent such injustice, a technique has been proposed in which authentication data for authenticating the main control board is added to the control command, and the main control board is authenticated using the authentication data (for example, Patent Documents). 1).

  In Patent Document 1, as shown in FIG. 33, a main control unit 201 and a peripheral board that performs predetermined processing based on a control command transmitted by the main control unit 201 (effect control unit 202a, prize ball control unit 203d). In a pachinko machine equipped with That is, in the same figure, the adding unit 312 of the main control unit 201 controls the main control when the control command to be transmitted to the peripheral board is a miss command that causes the peripheral board to execute the process when the lottery result at the lottery is missed. Authentication data for authenticating the unit 201 is added to the control command. The transmission unit 314a transmits a control command to the peripheral board. The peripheral board receiving unit 321 receives the control command transmitted from the main control unit 201. The intermediate unit 322 authenticates the main control unit 201 using the control command received by the receiving unit 321.

  The control command storage unit 311 of the main control unit 201 stores control command data (control command data) to be transmitted to the peripheral board. A predetermined program code is recorded in the recording unit 313.

  The notification signal output unit 323 outputs a notification signal when the intermediate control unit 322 does not authenticate the main control unit. When the peripheral board has the effect control unit 202a, the notification signal output unit 323 outputs a notification signal to, for example, a symbol display unit (not shown) or a lamp control unit (not shown).

JP 2008-279042 A

By the way, if it is attempted to authenticate the main control unit 201 by increasing the security strength, the capacity of the authentication data increases or complicated calculation processing is required. If the capacity of the authentication data is increased or complicated arithmetic processing is required, the processing load on the peripheral board increases, which is not preferable. Therefore, in the conventional gaming machine, there is a design restriction when trying to increase the strength of security.
On the other hand, as described above, various preventive methods have been proposed for fraud against the main control unit. However, it is effective for preventing frauds with respect to peripheral boards, particularly control units related to performance. No method has been proposed.
In other words, in the case of pachinko machines, a variety of presentations using speakers, lighting lamps, liquid crystal displays, etc. are prepared, but these presentations are optimal depending on the gaming state etc. by the game machine developer. Designed and produced to be For this reason, if a third party makes a fraudulent action that tends to be easily selected at the time of a big win, for example, despite the fact that the big win lottery result is out of play, Reliability and trust to the manufacturer of the gaming machine may be significantly lost.

  The present invention provides a gaming machine, an authentication method, and a program that can determine whether or not a main control unit is valid without being restricted by design even when the strength of security is increased as compared with the prior art. For the purpose. Another object of the present invention is to provide a gaming machine, an authentication method, and a program that can prevent fraud with respect to peripheral boards and the like mainly related to performance.

In order to solve the above problems and achieve the above object, the gaming machine of the present invention is a lottery means (for example, steps S312 and S314 in FIG. 13 and steps S404 and S406 in FIG. 14) for performing lottery when a predetermined condition is satisfied. ), Symbol changing means (for example, corresponding to step S414 in FIG. 14) and a lottery result of the lottery means. Based on this, the gaming machine is provided with a main control unit having a special state generating means (for example, corresponding to steps S410, S412, and S424 in FIG. 14) for generating a special state after stopping the symbol in a predetermined manner. And
The main control unit
A power-on command for designating idle power-on or designating initialization, and first authentication data for authenticating that it is valid,
further,
The output of the main control unit is used as an input, the execution of processing based on the power-on command is controlled, the peripheral unit that outputs the first authentication data, and the first authentication data output from the peripheral unit A second authentication data for determining whether or not the main control unit is legitimate based on, and an intermediate unit that outputs the second authentication data to the peripheral unit,
The peripheral portion is
A data processing device (for example, corresponding to the CPU 302 in FIG. 3) that determines whether or not the main control unit is valid based on the second authentication data, and performs data processing relating to the game, and the data processing device And an access control device for controlling access by
The data processing device includes:
Data processing means (for example, corresponding to the CPU core 303 in FIG. 5) and output means (for example, corresponding to the IF 312 in FIG. 5) for outputting information relating to instructions executed by the data processing means to the outside,
The access control device
Storage means for storing data for performing the data processing (for example, corresponding to the registers 234 and 236 in FIG. 5) and input means for inputting information related to the command from the output means (for example, the input unit 331 in FIG. 5) And an access control means (for example, corresponding to the access control unit 238 in FIG. 4) for controlling access to the storage means by the data processing device based on information on the command input by the input means. It is characterized by having.

  According to such a configuration, the intermediate unit generates second authentication data that is intermediate data for determining whether or not the main control unit is valid separately from the peripheral unit, and this second authentication is performed. Since the peripheral unit authenticates the main control unit using data, the burden on the peripheral unit is reduced compared to the case where all authentication processing is performed in the peripheral unit, the capacity of authentication data is increased, and complicated calculation processing is performed. Thus, it is possible to determine whether the main control unit is legitimate by increasing the strength of security compared to the conventional case. Further, the peripheral device data processing means CPU and access control device can perform connection device authentication of the connected device connected to the peripheral portion, and can mainly prevent fraud in the peripheral portion of the production. . Further, among the many control commands, since the authentication data is added to the power-on command and output, the possibility that the authentication data is wiretapped can be reduced.

  When the predetermined condition is established, the lottery means performs lottery with this as a trigger. Further, the symbol changing means displays the symbols in a variable manner by the symbol display means. Then, the special prize state is generated by the special prize state generating means after the symbol is stopped in a predetermined manner based on the lottery result of the lottery means. Further, the special prize state means an advantageous state in which a predetermined game value can be given to the player, and includes, for example, an opening operation of a special prize opening. In addition, as for the establishment of the predetermined condition, for a pachinko machine, for example, a game ball wins a start winning opening, and for a pachislot machine, for example, an operation lever that instructs a game start is operated. Is included.

In the data processing apparatus provided in the peripheral portion, the output means outputs information related to the command executed by the data processing means in the peripheral portion to the outside. Similarly, in the access control device provided in the peripheral portion, information relating to an instruction is input by the input means, and access to the storage means by the data processing device is controlled by the access control means based on the information relating to the input instruction. . This reduces the possibility that the data in the storage means will be illegally rewritten or read out.

  Here, as the information regarding the instruction, for example, (1) instruction code or instruction code string, (2) storage position information (for example, address) indicating the storage position of the instruction code or instruction code string, (3) instruction code or Execution result information indicating the execution result of the instruction code string (for example, the value of the flag register), or (4) secondary information obtained based on one or a plurality of pieces of information (for example, operation information obtained by operation or the like) ) Is included.

  The storage means may include any means that can store data at any time, and may store predetermined data in advance, or may store the present data without storing the predetermined data in advance. Predetermined data may be stored by an external input or the like during operation of the gaming machine.

  As for “control” of access, for example, (1) when it is determined that an access permission condition is established based on information on an instruction or secondary information obtained based on the information, a part or all of the access is permitted. If it is determined that the access permission condition is not satisfied, the access restriction condition is satisfied based on information related to the instruction or secondary information obtained based on the information, or (2) restricting part or all of the access. When it is determined, part or all of the access is restricted, and when it is determined that the access restriction condition is not satisfied, permitting part or all of the access is included. As the access permission condition or the access restriction condition, for example, (1) information related to the instruction or secondary information obtained based on the information is within a predetermined value, content, or range, and (2) information related to the instruction or the information It is included that the secondary information obtained based on is not within a predetermined value, content or range. As for “restriction” of access, for example, (1) prohibiting a part or all of access, and (2) controlling so that an access result corresponding to the access request cannot be obtained (for example, access request Read or write data different from the related data).

  Regarding the relationship between the instruction in the information related to the instruction and the access control, for example, (1) based on the information related to the instruction executed by the data processing means for accessing the storage means, the access related to the instruction (2) Based on the information related to the instruction executed by the data processing means, the access related to the instruction executed by the data processing means for accessing the storage means is controlled before or after the instruction. It is included. In the case of (2), the causal relationship is difficult to understand, and the possibility of fraudulent acts can be further reduced.

  Further, the access control means of the data processing device provided in the peripheral portion permits access to the storage means when it is determined that the access permission condition is satisfied based on the information related to the command input by the input means. When it is determined that the access permission condition is not satisfied, access to the storage unit may be restricted. With such a configuration, in the access control device, when it is determined by the access control means that the access permission condition is satisfied based on the information related to the input command, access to the storage means is permitted. On the other hand, if it is determined that the access permission condition is not satisfied based on the information related to the input command, access to the storage unit is restricted.

  Further, the output means outputs an instruction code or an instruction code string executed by the data processing means, and the access permission condition is that the instruction code or instruction code string input by the input means is a predetermined code or code string. It may include being. With such a configuration, in the data processing apparatus, the output unit outputs an instruction code or an instruction code string executed by the data processing unit. In the access control device, an instruction code or an instruction code string is input by the input means, and when the access control means determines that the input instruction code or instruction code string is a predetermined code or code string, the storage means Access to is allowed. As a result, an illegally rewritten instruction code or instruction code string, or an instruction code or instruction code string whose contents have changed due to a bit error, is executed, so that the data in the storage means can be illegally rewritten or read. The possibility of doing is reduced.

The data processing device includes:
The apparatus further includes instruction code storage means (for example, corresponding to the ROM 304 in FIG. 5) for storing instruction codes executed by the data processing means, and the output means includes an instruction code or instruction code string executed by the data processing means. Storage position information indicating a storage position in the instruction code storage means is output, and the access permission condition may include that the storage position of the storage position information input by the input means is a predetermined storage position.

  With such a configuration, in the data processing apparatus, the output means outputs storage position information indicating the storage position in the instruction code storage means of the instruction code or instruction code string executed by the data processing means. In the access control device, storage position information is input by the input means, and access to the storage means is permitted when the access control means determines that the storage position of the input storage position information is a predetermined storage position. Is done. As a result, the possibility that the data in the storage means is illegally rewritten or read out by executing the instruction code or the instruction code string stored in the illegal position is reduced.

  Here, as the storage position of the instruction code string, for example, the storage position of the first instruction code in the instruction code string, the storage position of the predetermined instruction code in the instruction code string, the instruction code included in the instruction code string, Each storage location is included. In addition, the instruction code storage means includes a means capable of storing the instruction code at any time and at any time, and may store the instruction code in advance, or without storing the instruction code in advance, An instruction code may be stored by an external input or the like during operation of the gaming machine.

Furthermore, the data processing device comprises:
Instruction code storage means for storing an instruction code executed by the data processing means;
Arithmetic means (for example, corresponding to the check value calculation unit 318 in FIG. 23) that performs a predetermined operation using at least a part of the instruction code or instruction code string stored in the instruction code storage means;
The output means outputs a calculation result of the calculation means;
The access permission condition may include that the calculation result input by the input unit is a predetermined result. In such a configuration, in the data processing apparatus, the calculation means performs a predetermined calculation using at least a part of the instruction code or the instruction code string stored in the instruction code storage means, and the output means performs the calculation. The calculation result is output. In the access control device, the calculation result of the calculation means is input by the input means, and when the access control means determines that the input calculation result is a predetermined result, access to the storage means is permitted.

The data processing apparatus includes: an instruction code storage unit that stores an instruction code executed by the data processing unit; and an operation unit that performs a predetermined operation using a predetermined fixed value stored in the instruction code storage unit. For example, it corresponds to the check value calculation unit 318 in FIG. 23), and the output means outputs the calculation result of the calculation means,
The access permission condition may include that the calculation result input by the input unit is a predetermined result.

  With such a configuration, in the data processing apparatus, the calculation unit performs a predetermined calculation using a predetermined fixed value stored in the instruction code storage unit, and the output unit outputs the calculation result. . In the access control device, the calculation result of the calculation means is input by the input means, and when the access control means determines that the input calculation result is a predetermined result, access to the storage means is permitted.

  Further, the output means outputs execution result information indicating an execution result of an instruction code or an instruction code sequence executed by the data processing means, and the access permission condition is an execution result of the execution result information input by the input means. May be a predetermined result.

  With such a configuration, in the data processing apparatus, the output means outputs execution result information indicating the execution result of the instruction code or the instruction code string executed by the data processing means. In the access control device, when the execution result information is input by the input unit, and the access control unit determines that the execution result of the input execution result information is a predetermined result, access to the storage unit is permitted. The As a result, an illegally rewritten instruction code or instruction code string, or an instruction code or instruction code string whose contents have changed due to a bit error, is executed, so that the data in the storage means can be illegally rewritten or read. The possibility of doing is reduced.

  The access control means may control access to a specific address space in the storage means. With such a configuration, in the access control device, access to a specific address space in the storage means is controlled by the access control means. Thereby, by controlling access to the address space in which important information such as confidential information is stored in the storage means, the possibility that the important information is illegally rewritten or read is reduced.

  Furthermore, a control status notifying unit that notifies the status of access control by the access control unit may be further provided. With such a configuration, the status of access control by the access control means is notified by the control status notification means.

  Here, the control status notification means may be notified by a method capable of recognizing the notification target, and when the notification target is a person, for example, display, sound output, vibration, or other methods perceivable by the five senses. Can do. When the notification target is a computer or the like, signal output, data transmission, or other methods that can be recognized by the computer or the like can be performed.

  When it is determined that the main control unit is not valid, the peripheral unit may notify the fact. This makes it easier for employees and players of pachinko halls to recognize the state.

  The peripheral unit may determine whether or not the main control unit is valid after a period during which processing based on the power-on command is executed. After the period when the process based on the power-on command is executed, by determining whether or not the main control unit is valid, even if the capacity of the authentication data is increased or a complicated calculation process is performed, Compared to the case where all authentication processing is performed in the peripheral portion, the burden on the peripheral portion is reduced. Therefore, it is possible to determine whether or not the main control unit is legitimate by increasing the strength of security compared to the conventional case.

  You may provide the single path | route used for signal transmission / reception with the said peripheral part and the said intermediate part. Even when the authentication data is exchanged through a single route, it is possible to determine whether the main control unit is valid by increasing the strength of security compared to the conventional case.

  Provided with two paths used for signal exchange between the peripheral part and the intermediate part, the peripheral part outputs the first authentication data to the intermediate part by one of the paths, the intermediate part, The second authentication data may be output to the peripheral portion through the other of the paths. Even when authentication data is exchanged through two routes, it is possible to determine whether or not the main control unit is legitimate by increasing the strength of security compared to the conventional case.

  The authentication method of the present invention is applied to the gaming machine, and includes a power-on command for designating power-on or designating initialization, and first authentication data for authenticating itself. An authentication method for authenticating the main control unit in a gaming machine comprising a main control unit for outputting and a peripheral unit for controlling execution of processing based on the power-on command, the authentication method being connected to the data processing means A connected device authentication step (for example, corresponding to S104 in FIG. 10) for performing device authentication, an output step for outputting information related to a command executed by the data processing means, and information related to the command are input from the output means Controlling the access to the storage means by the data processing device based on the input step to be performed and information on the instruction input in the input step Based on the access control step, the acquisition step of acquiring the first authentication data via the peripheral portion (for example, corresponding to S8 and S10 in FIG. 26), and the first authentication data acquired in the acquisition step. Generating second authentication data for determining whether or not the main control unit is valid, and outputting the second authentication data to the peripheral unit (for example, in S11 to S14 in FIG. 26) And a step (for example, corresponding to S16 in FIG. 26) of determining whether or not the main control unit is valid based on the second authentication data. As described above, the authentication method of the present invention generates the second authentication data, which is intermediate data, using the first authentication data acquired through the peripheral portion, and the peripheral portion uses the second authentication data. Since the main control unit is authenticated, the burden on the peripheral part is reduced compared to the case where the entire authentication process is performed in the peripheral part, the capacity of authentication data is increased, and complicated calculation processing is performed to increase the security strength. It is possible to determine whether or not the main control unit is valid by making it larger than before.

  When it is determined that the main control unit is not valid, it may further include a notification signal output step (for example, corresponding to S18 in FIG. 26) for outputting a signal for notifying the authentication result. This makes it easier for employees and players of pachinko halls to recognize the state.

  It may be determined whether or not the main control unit is valid after a period during which processing based on the power-on command is executed. Even after the period when the process based on the power-on command is executed, it is possible to determine whether the main control unit is legitimate, thereby increasing the capacity of the authentication data or performing complicated arithmetic processing. The second authentication data can be generated independently of the operation of the peripheral portion. Therefore, it is possible to determine whether or not the main control unit is legitimate by increasing the strength of security compared to the conventional case.

  A program according to the present invention causes a computer to execute each step of the authentication method. In addition to performing connected device authentication by the peripheral CPU and access control device as data processing means, the main control unit is authenticated using authentication data acquired via the peripheral unit and the intermediate unit. Compared to the case where it is performed in the peripheral part, the burden on the peripheral part is reduced, the capacity of the authentication data is increased, or complicated calculation processing is performed to increase the security strength compared to the conventional one and the main control part is legitimate. It can be determined whether or not there is. Further, by outputting a signal for informing the authentication result, it becomes easier for employees and players of the pachinko hall to recognize the state.

  According to the present invention, the second authentication data as the intermediate data is generated in the intermediate unit provided separately from the peripheral unit that receives the control command from the main control unit, and the peripheral unit is used by using the second authentication data. Authenticates the main control unit, which reduces the burden on the peripheral part compared to the case where the entire authentication process is performed in the peripheral part, increases the capacity of authentication data, and performs complex arithmetic processing to increase the security strength. However, the processing load on the peripheral portion does not increase even if it is made larger than before, and it is possible to determine whether or not the main control portion is valid without being restricted by design. In addition, since the peripheral portion is further provided with a data processing device that performs data processing related to the production and an access control device that controls access by the data processing device, it is possible to perform device authentication connected to the peripheral portion, It is possible to prevent fraud mainly for the production in the surrounding area. Further, among the many control commands, since the authentication data is added to the power-on command and output, the possibility that the authentication data is wiretapped can be reduced.

It is a figure which shows the structural example of the game board of the game machine by this Embodiment. It is a figure which shows the structural example of the gaming machine by this Embodiment. It is a block diagram which shows the structure of a main control part. It is a block diagram which shows the more detailed structure of a main control part. It is a block diagram which shows the more detailed structure of an effect control part. It is a block diagram which shows the structure of a CPU core and an access control apparatus. It is a flowchart which shows an access control process. It is the figure which showed typically the memory structure of ROM. It is a figure which shows the data structure of a control command. It is a flowchart which shows a game control process. It is a flowchart which shows operation | movement of the CPU core and access control apparatus accompanying execution of a connection apparatus authentication process. It is a flowchart which shows a control command transmission process. It is a flowchart which shows a winning determination process. It is a flowchart which shows a jackpot determination process. It is a flowchart which shows an electric accessory control process. It is a flowchart which shows production control processing. It is a flowchart which shows a control command reception process. It is a flowchart which shows a fluctuation pattern command process. It is a flowchart which shows a jackpot command process. It is explanatory drawing which shows the outline | summary of the access control which an access control part performs. It is explanatory drawing which shows the outline | summary of the access control which an access control part performs. It is a block diagram which shows the structure of a main control part. It is a block diagram which shows the structure of an effect control part. It is a flowchart which shows a check value calculation process. It is a flowchart which shows an access control process. It is a figure which shows the sequence of the authentication operation | movement of the pachinko machine based on a power-on command. It is a figure which shows the sequence of operation | movement of the pachinko machine based on control commands other than a power-on command. It is a 1st figure which shows the timing at which the processing effect based on a power-on command or a pre-process or a post-process is performed, and the timing at which an authentication process is performed. It is a 2nd figure which shows the timing at which the processing effect based on a power-on command or a pre-process or a post-process is performed, and the timing at which an authentication process is performed. It is a figure which shows the other structural example of the gaming machine by this Embodiment. It is a figure which shows the structure which added the alerting | reporting part to the structure of FIG. It is a figure which shows the structure which added the alerting | reporting part to the structure of FIG. It is a block diagram of the conventional game machine.

EMBODIMENT OF THE INVENTION Below, the form for implementing this invention is demonstrated with reference to drawings. Here, a case where the gaming machine, the authentication method, and the program according to the present invention are applied to a pachinko machine will be described.
[Composition of game board]
First, the configuration of the game board 1 in the pachinko machine will be described.
FIG. 1 is a front view of the game board 1.

  In FIG. 1, two rails 102 a and 102 b are provided on the left side of the game board 1 so as to draw an arc and extend upward. The game area 101 is provided with a plurality of nails (not shown) for making the trajectory of the game ball fall irregularly, and a windmill or a prize opening for changing the fall direction of the game ball is provided in the middle of the fall. It has been. The game ball is fired by a launching unit (not shown) disposed at a lower position of the game board 1 and rises between the rails 102a and 102b to reach the upper position of the game board 1, and then falls within the game area 101. To do.

  In the center of the game board 1, there is provided a symbol display unit 104 that displays the effect symbols in three regions while independently varying the effect symbols. The symbol display unit 104 is, for example, a variable display device such as a liquid crystal display (LCD (Liquid Crystal Display)) or a CRT (Cathode Ray Tube) display, a 7-segment LED, a dot matrix display device, a drum that variably displays by rotating a motor. Etc., and the effect symbols composed of a plurality of numbers, symbols, etc. are variably displayed.

  Below the symbol display unit 104 is provided a start winning opening 105 through which a game ball can be won. A winning gate 106 is provided on each of the left and right sides of the symbol display unit 104. When the game ball passes through the winning gate 106, a predetermined lottery is performed, and when the winning ball is won, the start winning opening 105 is opened for a predetermined time.

  A normal winning opening 107 is provided on each of the left and right sides of the start winning opening 105. When a game ball wins the normal winning opening 107, a predetermined number (for example, 10) of game balls is paid out as a prize ball for each game ball.

Below the start winning opening 105, it is normally closed, but when the design symbol on the symbol display unit 104 becomes a jackpot symbol (for example, “777”), the game ball can be won in an open state. A special winning opening 109 is provided. When the jackpot lottery results in a “hit” (hereinafter simply referred to as “hit”), the opening and closing members installed on the entire surface of the big winning opening 109 repeat the opening and closing operation. While the open / close member is open, a large number of game balls are received. When a game ball wins the big winning opening 109, a predetermined number (for example, 10) of game balls is paid out as a prize ball for each game ball. The opening of the special winning opening 109 continues until a predetermined time (for example, 30 seconds) elapses or a predetermined number (for example, 10) of game balls wins. One opening period of the big prize opening 109 is called a round, and the round continues a maximum of a predetermined number of times (hereinafter referred to as the maximum number of rounds).
At the lowermost part of the game area 101, a collection port 108 is provided for collecting game balls that have not won any prize opening.
[Overall configuration of gaming machine]

  FIG. 2 is a block diagram showing the overall configuration of the gaming machine of the present embodiment. As shown in FIG. 2, the gaming machine has a game board 1, a main control board 2, and a peripheral board 3. The main control board 2 and the peripheral board 3 constitute a gaming machine control device 100.

  The main control board 2 is a board having a main control unit 2a. The main control unit 2a has a control command for controlling an effect relating to the game executed by the game board 1 or pre-processing or post-processing of the effect, and a first command for authenticating the main control unit 2a. It is a means for outputting authentication data.

  Here, “production” is, for example, a jackpot production by lottery. “Pre-production of the effect” is, for example, a process of setting a value for changing the symbol in the register when the symbol displayed by the symbol display unit is changed. However, the main control unit 2a may not output the control data but may output the control command and the first authentication data to the peripheral unit 3a. For example, when the contents of the control are clear, such as when the power of the pachinko machine is going to be turned on, the control data is not output. In this case, the power of the pachinko machine is turned on as preprocessing for the effect. Note that the “post-processing of the effect” is, for example, a process of initializing the contents of the RAM described later after the effect.

  The peripheral substrate 3 is a substrate having a peripheral portion 3a, an intermediate portion 3b, and a bus 3c. The peripheral unit 3a receives the output of the main control unit 2a as input, and controls the execution of the pre-processing or post-processing of the production or production based on the control command from the main control unit 2a, and the first from the main control unit 2a. The authentication data is output to the intermediate unit 3b.

  The intermediate unit 3b is provided at a subsequent stage of the peripheral unit 3a, and a second unit for determining whether the main control unit 2a is valid based on the first authentication data output from the peripheral unit 3a. This is means for generating authentication data and outputting it to the peripheral part 3a. Apart from the peripheral part, a configuration with an intermediate part is adopted. For this reason, even if the main control unit and the peripheral unit are not authenticated by the general configuration of the main control unit, adding an intermediate unit minimizes changes in the specifications of the peripheral unit and minimizes the main control unit Authentication can be performed. When it is determined that the main control unit 2a is not valid, the peripheral unit 3a performs control for notifying that the main control unit 2a is not valid. When the main control unit 2a notifies that it is not valid, the notification by displaying on a liquid crystal (not shown) provided in the gaming machine or lighting a lamp or the like under the control of the peripheral unit 3a Is done. The notification using the liquid crystal and the lamp will be described in detail later.

Not only visual notification by lighting a liquid crystal display or a lamp, but also auditory notification by outputting sound from a speaker (not shown) or tactile notification by vibrating a vibrator (not shown) may be performed. Moreover, you may perform combining the said alert | report. The bus 3c is the only communication path used for exchanging signals between the peripheral part 3a and the intermediate part 3b. A single bus 3c provided between the peripheral part 3a and the intermediate part 3b is used as a bidirectional communication path.
[Configuration of game control device]
Next, the configuration of the game control device in the pachinko machine will be described.
FIG. 3 is a block diagram showing a configuration of the game control device 100.

As shown in FIG. 3, the game control device 100 includes a main control board 2, a peripheral board 3, and a prize ball control unit 400. In this example, the main control board 2 is provided with a main control unit 2a that performs main control of the game. The main control unit 2a includes a DIP (Dual Inline
A CPU 202 that is a one-chip type microprocessor including a package) and an access control device 230 that controls access to the CPU 202 are provided. Further, the peripheral board 3 generates an effect control unit 300 that controls the effect of the game by the control of the main control unit 2a, and second authentication data for authenticating the main control unit 2a. An intermediate portion 3b that outputs to 3a is provided. The effect control unit 300 is an example of the peripheral portion 3a in FIG. The prize ball control unit 400 controls the payout of game balls under the control of the main control unit 2a.

  The main control unit 2a performs main control of the game, and transmits various control commands for performing game effect control or game ball payout control to the effect control unit 300 and the prize ball control unit 400, respectively.

  The main control unit 2 a includes a start winning port detection unit 280 that detects a game ball won in the start winning port 105, a gate detection unit 282 that detects a game ball that has passed the winning gate 106, and a normal winning port 107. An ordinary winning opening detection unit 284 that detects the game ball that has been played and a large winning opening detection unit 286 that detects the game ball that has won the winning prize port 109 are connected. These detection parts 280-286 can be comprised using a proximity switch, for example.

  The I / F 210 is further connected to a big prize opening / closing part 288 that opens and closes the opening / closing member of the big prize opening 109 during the big hit, an effect control part 300, and a prize ball control part 400. Note that communication with the effect control unit 300 is in one direction from the main control unit 2a to the effect control unit 300. In contrast, communication with the prize ball control unit 400 is bidirectional.

  The big prize opening opening / closing unit 288 can be configured using, for example, a solenoid. The jackpot is pre-programmed to occur with a predetermined probability (for example, 1/300) based on the jackpot random number.

The effect control unit 300 receives a control command from the main control unit 2a, and performs an effect control of the game based on the received control command. The effect control unit 300 includes a ROM 304 that stores a control program, a CPU 302 that executes an effect control process according to the control program stored in the ROM 304, a RAM 306 that functions as a data work area during the arithmetic processing of the CPU 302, and a symbol display unit 104 VRAM 308 for writing image data to be processed, I / Fs 310 and 312 for inputting / outputting to / from an external device, and an access control device 330 for controlling access to the CPU 302.
The ROM 304 stores an expected value for collation with the verification value. The verification value is for authenticating the main control unit 2a, and the expected value is the same value as the verification value.

  The RAM 306 stores input data from the main control unit 2a, data for arithmetic processing, a random number counter for generating random numbers, various other counters, and various flags.

  The I / F 310 includes a main control unit 2a, a symbol display unit 104, a sound control unit 382 that performs sound control for outputting sound from the speaker 380, and a lamp control unit 386 that performs lamp control for lighting the lamp 384. It is connected.

The access control device 330 is connected to the CPU 302 via an I / F (interface) 312 and controls access from the CPU 302. Details thereof will be described later.

  The award ball control unit 400 receives a control command from the main control unit 2a, and performs payout control of the game ball based on the received control command. The prize ball control unit 400 includes a ROM 404 that stores a control program, a CPU 402 that executes a payout control process according to the control program in the ROM 404, a RAM 406 that functions as a data work area during the calculation process of the CPU 402, and an external device. And an I / F 410 that performs output.

  Connected to the I / F 410 are a main control unit 2 a, a payout unit 480 that pays out a predetermined number of game balls from a storage unit for game balls, and a launch unit 482 that launches game balls to the game board 1.

  The award ball control unit 400 controls the payout unit 480 to pay out a predetermined number of game balls in accordance with winnings in each winning award (starting winning port 105, normal winning port 107, large winning port 109). . In addition, an operation on the launch unit 482 is detected, and the launch of the game ball is controlled.

  The launching unit 482 includes a sensor (not shown) that detects an operation by the player and a solenoid (not shown) that launches a game ball. When the award ball control unit 400 detects an operation by the sensor of the launch unit 482, the prize ball control unit 400 intermittently fires a game ball by driving a solenoid according to the operation amount.

The main control unit 2a, the effect control unit 300, and the prize ball control unit 400 are provided on different printed boards. However, the present invention is not limited to this, and the prize ball control unit 400 is the same print as the main control unit 2a. It can also be provided on the substrate.
[Configuration of main control unit and production control unit]
Next, the configuration of the main control unit 2a and the effect control unit 300 will be described.
4 and 5 are block diagrams showing more detailed configurations of the main control unit 2a and the effect control unit 300, respectively.

  First, as shown in FIG. 4, the main control unit 2a includes a CPU 202, which is a one-chip type microprocessor made of DIP, an access control device 230 that controls access by the CPU 202, and a test used for a pachinko machine verification test. And a port 240.

  The CPU 202 includes a ROM 204 that stores a control program, a CPU core 203 that executes game control processing in accordance with the control program stored in the ROM 204, a RAM 206 that functions as a data work area when the CPU core 203 performs arithmetic processing, and an inspection port 240. And a security inspection circuit 208 that outputs an instruction code string executed by the CPU core 203 and other inspection data.

  The CPU 202 further includes I / Fs 210 and 212 that perform input / output with an external device, and a timer 214 that measures time. The CPU core 203, ROM 204, RAM 206, security inspection circuit 208, I / Fs 210 and 212, and timer 214 are connected to each other via a bus 216.

  The RAM 206 stores input / output data for the main control unit 2a, data for arithmetic processing, various counters, a jackpot flag and other various flags, and the number of reserved balls. Here, the number of reserved balls refers to the number of game balls won in the start winning opening 105 and the jackpot lottery is not performed.

  An access control device 230 is connected to the I / F 212. Due to its hardware structure, the CPU 202 does not output address signals, data signals, and control signals transmitted / received via the bus 216 to the outside. Further, since the signal line of the bus 216 is built in the CPU 202, it is difficult to directly connect the access control device 230 to the signal line of the bus 216 because it requires modification. Therefore, in the configuration as it is, the access control device 230 cannot acquire information related to an instruction executed by the CPU core 203. Therefore, in the present embodiment, as information relating to instructions executed by the CPU core 203, an instruction code string executed by the CPU core 203 and an address (hereinafter simply referred to as an address) in the ROM 204 are transmitted via the I / F 212. The CPU core 203 is caused to execute the output process. This output process can be incorporated as one process of the control program in the ROM 204, for example. Thereby, the access control device 230 can input the instruction code string executed by the CPU core 203 and its address from the I / F 212. Here, the address of the instruction code string refers to the address of the first instruction code in the instruction code string.

  On the other hand, as shown in FIG. 5, the effect control unit 300 includes a CPU 302 that is a one-chip type microprocessor made of DIP or the like, and an access control device 330 that controls access by the CPU 302.

  The CPU 302 mainly includes a ROM 304 that stores an effect control program, a CPU core 303 that executes effect control processing according to the control program of the ROM 304, and a RAM 306 that functions as a data work area during the arithmetic processing of the CPU core 303. And an effect-related device 314 and a VRAM 308 that writes image data to be displayed on the symbol display unit 104, which is one of the effect-related devices 314.

  The CPU 302 further includes I / Fs 310 and 312 that perform input / output with external devices such as the main control unit 2a and the prize ball control unit 400. The CPU core 303, the ROM 304, the RAM 306, the VRAM 308, the I / Fs 310 and 312, and the effect related device 314 are connected to each other via a bus 316.

  An access control device 330 is connected to the I / F 312. Due to its hardware structure, the CPU 302 does not output address signals, data signals, and control signals transmitted / received via the bus 316 to the outside. Further, since the signal line of the bus 316 is built in the CPU 302, it is difficult to directly connect the access control device 330 to the signal line of the bus 316 because it requires modification. Therefore, in the configuration as it is, the access control device 330 cannot acquire information related to an instruction executed by the CPU core 303. Therefore, in this effect control unit 300 as well, the CPU core performs processing for outputting the instruction code string executed by the CPU core 303 and its address in the ROM 304 via the I / F 312 as information related to the instruction executed by the CPU core 303. 303 is executed. This output process can be incorporated as one process of the control program in the ROM 304, for example. As a result, the access control device 330 can input the instruction code string executed by the CPU core 303 and its address from the I / F 312.

The prize ball control unit 400 includes a CPU 402, a ROM 404, a RAM 406, and an I / F 410, and a prize ball related device group 414 including a plurality of devices necessary for game ball payout control.

[Configuration of CPU core and access control device]
Next, the CPU core 203 of the main control unit 2a shown in FIG. 4 and the access control device 230 provided on the main control unit 2a side, and the CPU core 303 of the effect control unit 300 shown in FIG. The configuration of the access control device 330 provided on the unit 300 side will be described.
FIG. 6 is a block diagram showing the configuration of the CPU core 203 (303) and the access control device 230 (330). Since the CPU core 203 and the access control device 230 in the main control unit 2a and the CPU core 303 and the access control device 330 in the production control unit 300 have the same configuration, these are shown in FIG. It will be explained collectively. 6 and the following parentheses indicate the CPU core 303 and the access control device 330 in the effect control unit 300. In FIG. 6, a part of the configuration is omitted for convenience of explanation.

As shown in the figure, the CPU core 203 (303) reads (fetches) the instruction code string stored in the ROM 204 (304), and performs data processing according to the read instruction code string. The CPU core 203 (303) includes a control unit 203a (303a), a calculation unit 203b (203b), and a register 203c (203c).
The control unit 203a (303a) controls the overall operation of the CPU 202 (302), and outputs a control signal to the bus 216 (316) in order to read and write instruction code strings and other data.
The operation unit 203b (203b) performs an operation on the data held in the register 203c (203c).
The register 203c (303c) holds the instruction code string read from the ROM 204 (304), its address, and the data processed by the arithmetic unit 203b (303b).

The access control device 230 (303) generates random numbers used for game (production) control and authentication information necessary for authentication and holds data processed by the CPU core 203 (303). The access control device 230 (330) includes an input unit 231 (331), a calculation unit 232 (332), registers 234 (334), 236 (336), and an access control unit 238 (338).
The input unit 231 (331) includes a latch circuit and the like, and inputs an instruction code string executed by the CPU core 203 (303) and its address from the I / F 212 (312).

The calculation unit 232 (332) includes a random number generator or the like, and generates at least one of a random number used for game (production) control and authentication information necessary for authentication. Random numbers used for game control include random numbers used for jackpot lottery (big hit determined random numbers), random numbers for determining the stop mode of the effect symbols (stop symbol determined random numbers), random numbers for determining the change pattern of the effect symbols (variation) Pattern determination random number) and other random numbers used for game control. In addition, as random numbers used for effect control, a sound and a lamp effect are determined together with a random number for determining a specific effect symbol corresponding to a control command sent from the main control unit 2a and a variation pattern effect by the effect symbol. There are random numbers for that.
The register 234 (334) holds the random number and authentication information generated by the calculation unit 232 (332). Access to the register 234 (334) is controlled by the access control unit 238 (338).
The register 236 (336) holds data processed by the CPU core 203 (303). Access to the register 236 (336) is controlled by the access control unit 238 (338).

  When the access control unit 238 (338) inputs a read request to the registers 234 (334) and 236 (336), it inputs a read command and its address related to the read request from the input unit 231 (331) and inputs them. When it is determined that the access permission condition is satisfied based on the read command and the address, the reading of data from the registers 234 (334) and 236 (336) is permitted. On the other hand, when it is determined that the access permission condition is not satisfied, reading of data from the registers 234 (334) and 236 (336) is prohibited. Specifically, the instruction code string input by the input unit 231 (331) is a code string permitted in advance (hereinafter referred to as a permitted instruction code string), and the address of the instruction code string is permitted in advance. The data can be read from the registers 234 (334) and 236 (336) only when the address is a registered address (hereinafter referred to as a permitted address).

When a write request for the register 236 (336) is input, the access control unit 238 (338) inputs a write command and its address related to the write request from the input unit 231 (331), and the input write command and address When it is determined that the access permission condition is satisfied based on the above, writing of data to the register 236 (336) is permitted. On the other hand, when it is determined that the access permission condition is not satisfied, data writing to the register 236 (336) is prohibited. Specifically, the data is stored in the register 236 (336) only when the instruction code string input through the input unit 231 (331) is a permitted instruction code string and the address of the instruction code string is a permitted address. Can write.
[Access control processing]
Next, an access control process executed by the access control unit 238 (338) will be described.
FIG. 7 is a flowchart showing an access control process executed by the access control unit 238 (338).
When executing the access control process, the access control unit 238 (338) first proceeds to step SS10 as shown in FIG.

  In step SS10, it is determined whether or not a read request for the registers 234 (334) and 236 (336) is input from the I / F 212 (312). When it is determined that the read request is input (Yes), step SS12 is performed. Then, the instruction code string executed by the CPU core 203 (303) and its address are input from the input unit 231 (331), and the process proceeds to Step SS14.

  In step SS14, it is determined whether or not the input instruction code string is a permitted instruction code string. If it is determined that the input instruction code string is a permitted instruction code string (Yes), the process proceeds to step SS16 and the input address is permitted. It is determined whether or not it is an address, and when it is determined that the address is a permitted address (Yes), the process proceeds to step SS18.

  In step SS18, the data held in the registers 234 (334) and 236 (336) are read, the process proceeds to step SS20, and the read data is output to the I / F 212 (312). The output data is held in the register 203c (303c) of the CPU core 203 (303) via the I / F 212 (312).

  Next, the process proceeds to step SS22 to determine whether or not a write request for the register 236 (336) is input from the I / F 212 (312). When it is determined that a write request is input (Yes), step SS24 is performed. Then, the instruction code string executed by the CPU core 203 (303) and its address are input from the input unit 231 and the process proceeds to step SS26.

  In step SS26, it is determined whether or not the input instruction code string is a permitted instruction code string. When it is determined that the input instruction code string is a permitted instruction code string (Yes), the process proceeds to step SS28 and the input address is permitted. It is determined whether or not it is an address, and when it is determined that the address is a permitted address (Yes), the process proceeds to step SS30.

  In step SS30, the data held in the register 203c (303c) of the CPU core 203 (303) is input from the I / F 212 (312), the process proceeds to step SS32, and the input data is input to the register 236 (336). The write and access control process is terminated.

  On the other hand, when it is determined in step SS28 that it is not a permitted address (No), when it is determined in step SS26 that it is not a permitted instruction code string (No), and when it is determined in step SS22 that a write request is not input (No) ) Terminates the access control process without writing data to the register 236 (336). At this time, the CPU core 203 (303) may receive a notification from the access control device 230 (330), and may notify that there is a possibility of fraud (hereinafter referred to as fraud notification). . For the fraud notification, for example, a predetermined message, mark or image is displayed on the symbol display unit 104, a predetermined message sound or sound effect is output from the speaker 380, or the CPU 202 (302) via the I / F 210 (310). ), An error message is transmitted to the manufacturer, the administrator, or another device, or a control signal for causing the other device to perform the above display or audio output is transmitted via the I / F 210 (310). It can be carried out. As a result, the user or the like can be made aware that there is a possibility that the main control unit 2a has been cheated, and measures such as investigation and repair can be taken.

On the other hand, when it is determined in step SS16 that it is not a permitted address (No), when it is determined in step SS14 that it is not a permitted instruction code string (No), and when it is determined in step SS10 that a read request is not input (No) In both cases, the data held in the registers 234 (334) and 236 (336) is not output to the I / F 212 (312), and the process proceeds to step SS22. At this time, since there is no output from the access control device 230 (330), the register 203c (303c) of the CPU core 203 (303) holds an invalid value such as “0000” or “1111”. If the non-legitimate value is set to a predetermined value and the value is held in the register 203c (303c), the CPU core 203 (303) may make an unauthorized notification. Here, the predetermined value is, for example, a plurality of types of fixed value groups or a variation value for which a variation rule has been defined in advance.
[ROM memory structure]
Next, the memory structures of the ROM 204 of the main control unit 2a and the ROM 304 of the effect control unit 300 will be described.
FIG. 8 is a diagram schematically showing the memory structure of the ROMs 204 and 304.
As shown in FIG. 8, the ROMs 204 and 304 store instruction code sequences executed by the CPU cores 203 and 303, respectively.

Addresses are assigned to the storage areas 204a and 304a of the ROMs 204 and 304 for each predetermined area (for example, for each byte). In the example of FIG. 8, addresses “0x000” to “0xNNN” are assigned to the storage areas 204a and 304a, and each address indicates an area for 1 byte. For example, an instruction code string “0xABCDEFGH” (read instruction) is stored at addresses “0x100” to “0x103”. In addition, an instruction code string “0xJKLMNOPQ” (write instruction) is stored at addresses “0x104” to “0x107”.
[Data structure of control commands, etc.]
Next, a data structure such as a control command transmitted from the main control unit 2a to the effect control unit 300 will be described.
FIG. 9 is a diagram illustrating a data structure such as a control command.

  In the case of a normal control command 500, control data 501 is added as shown in FIG. On the other hand, in the case of the control command with authentication data, as shown in FIG. 9B, the control data 501 is added, and the encrypted authentication data 502 as the first authentication data is further added. ing. In this way, by adding the first authentication data to the control command and transmitting from the main control unit 2a, compared with the case where the authentication data is transmitted alone, between the main control unit 2a and the peripheral unit 3a. An increase in communication load can be suppressed. Also, by adding the first authentication data to the control command and transmitting from the main control unit 2a, the authentication data is extracted and analyzed from the communication data as compared with the case where the authentication data is transmitted alone. Risk can be reduced. Furthermore, since the authentication process is performed only when the control command to which the first authentication data is added is transmitted, the rate at which the processing load of the main control unit 2a due to the authentication process increases due to the authentication process can be suppressed.

Note that the arrangement order of the control data 501 and the first authentication data 502 with respect to the control command 500 is not limited to the case of FIG. That is, as shown in FIG. 9C, the first authentication data 502 is added to the head of the control command 500, or the control command 500 and the control data 501 are arranged as shown in FIG. The first authentication data 502 may be inserted between them. Further, the first authentication data may be transmitted separately from the control command 500 and the control data 501. For example, after transmitting a jackpot command that is one of the control commands and its control data, the first authentication data may be added and transmitted at the time of the third control command transmission.

Here, the control commands transmitted from the main control unit 2a to the production control unit 300 and the like include a power-on command, a power-off command, a customer waiting demo start command, a customer waiting demo stop command, a variation pattern command, a jackpot start command, There are jackpot end commands and jackpot commands.
The power-on command is a control command for designating power-on, and is transmitted to the effect control unit 300 and the prize ball control unit 400 when the power is turned on. In addition, when the reset button is pressed when specifying initialization of the gaming machine, this power-on command is transmitted to the effect control unit 300 and the prize ball control unit 400. That is, the power-on command is a command for designating power-on or designating initialization.
The power-off command is a control command for designating power-off, and is transmitted to the effect control unit 300 and the prize ball control unit 400 when the power is turned off.

The customer waiting demonstration start command is a control command for designating the start of a demonstration effect (hereinafter referred to as a customer waiting demo) for attracting a player, and is transmitted to the effect control unit 300 when the game is interrupted.
The customer waiting demo stop command is a control command for designating the end of the customer waiting demo, and is transmitted to the effect control unit 300 when the game is resumed.

  The variation pattern command is a control command for designating the variation pattern of the effect symbol, and is transmitted to the effect control unit 300 when the variation of the effect symbol is started. The variation pattern command includes an outlier non-reach command, an outlier reach command, and a jackpot reach command.

  The non-reach non-reach command is a control command for designating a change pattern that does not perform reach among the change patterns that are selected when the big hit lottery results in “out” (hereinafter, simply referred to as “out”). .

  The detachment reach command is a control command for designating a variation pattern for performing a reach effect among the variation patterns selected at the time of detachment. The effect control unit 300 can determine that there is a loss based on a loss reach command or a loss non-reach command.

The jackpot reach command is a control command for designating a variation pattern for performing a reach effect among the variation patterns selected at the time of the jackpot. The effect control unit 300 can determine that the jackpot is based on the jackpot reach command.
The jackpot start command is a control command for designating the start of the jackpot effect, and is transmitted to the effect control unit 300 at the start of the jackpot effect.

The jackpot end command is a control command for designating the end of the jackpot effect, and is transmitted to the effect control unit 300 at the end of the jackpot effect (at the end of the final round).
The jackpot command is a control command for designating a jackpot, and includes a round start command and a round end command.

  The round start command is a control command for designating the start of a round, and is transmitted to the effect control unit 300 at the start of the round. The round start command is set for each round. For example, when the maximum number of rounds is 15, 15 types of round start commands are set. Accordingly, when the round continues twice or more, the round start command is transmitted a plurality of times during the jackpot.

  The round end command is a control command for designating the end of the round, and is transmitted to the effect control unit 300 at the end of the round excluding the final round. The round end command is set for each round except the final round. For example, when the maximum number of rounds is 15, 14 types of round end commands are set. Therefore, when the round continues three or more times, the round end command is transmitted a plurality of times during the jackpot.

These control commands are merely representative, and various other control commands are defined. Among these control commands, encryption authentication data is added to predetermined ones. In this embodiment, encrypted authentication data is added to the power-on command.
[Game control processing]
Next, the game control process executed by the main control unit 2a will be described.

The CPU 202 reads from the ROM 204 a control program that can execute one cycle at a predetermined operation clock (for example, 4 [ms]), and executes the game control process shown in the flowchart of FIG. 10 according to the read control program.
FIG. 10 is a flowchart showing the game control process.
When the game control process is executed by the CPU 202, as shown in FIG. 10, first, the process proceeds to step S100.

  In step S100, it is determined whether or not the power is turned on. When it is determined that the power is turned on (Yes), the process proceeds to step S102, but when it is determined that it is not (No), the power is turned on. It waits in step S100 until it turns on.

  In step S102, the contents of the RAM 206 are initialized, and an initialization process for transmitting a power-on command to the effect control unit 300 and the prize ball control unit 400 via the I / F 210 is executed. In the initialization process, a power-on command is transmitted. Since the power-on command is a predetermined command, encrypted authentication data is added through steps S204 to S208 and transmitted to the effect control unit 300, which is an example of the peripheral unit 3a.

  When the effect control unit 300 receives the power-on command, the effect display unit 104, the lamp control unit 386, and the sound control unit 382 receive a control command for the effect at the time of power-on (specifically, display of a demonstration screen). , A control command for designating lamp lighting and sound output).

  Next, the process proceeds to step S104, and a connected device authentication process for authenticating a device connected to the CPU 202 (hereinafter referred to as a connected device) is executed. The process proceeds to step S106, and a game ball is placed in the start winning opening 105. A winning determination process is performed to determine that a win has been won, and the process proceeds to step S108.

  In step S108, the jackpot determination process for determining the jackpot and determining the variation pattern of the effect symbol is executed, and the process proceeds to step S110 to open the opening / closing member of the jackpot 109 in a predetermined pattern. Is executed, and the process proceeds to step S112.

  In step S112, a prize ball payout control process for storing in the transmission buffer of the RAM 206 a control command (payout control command) for designating the payout of game balls to the prize ball control unit 400 is executed, and the process proceeds to step S114. Then, a control command transmission process for transmitting the control command stored in the transmission buffer to the effect control unit 300 or the prize ball control unit 400 via the I / F 210 is executed, and the process proceeds to step S116.

In step S116, it is determined whether or not the power is turned off. When it is determined that the power is turned off (Yes), the process proceeds to step S118, and the effect control unit 300 and the award are received via the I / F 210. A termination process for transmitting a power-off command to the ball control unit 400 is executed, and the game control process is terminated.
On the other hand, when it is determined in step S116 that the power is not turned off (No), the process proceeds to step S106. In FIG. 10, after the connected device authentication process (step S104) is executed, the process proceeds to a winning determination process (step S106). However, the present invention is not limited to this. That is, the connected device authentication process may be performed in the middle of the process after the winning determination process, and the order of the processes is not limited.

Note that the random number counter is updated using the remaining time during which each process is executed in one cycle (for example, 4 [ms]) of the operation clock. In addition, it can be updated by a random number update process executed in parallel with the game control process. For example, the random number counter counts up by “1” sequentially from “0”, and returns to “0” when the count value exceeds the maximum value (for example, “999”). Counting is performed cyclically in a range (for example, “0” to “999”).
[Device / PLC authentication processing]
Next, the connected device authentication process in step S104 of FIG. 10 will be described.

Various devices can be connected to the CPU 202, but devices that are not approved by the user or manufacturer are illegally connected, causing the CPU 202 to malfunction, or the data in the ROM 204 to be altered or stolen. There is a fear. In order to prevent this, the CPU 202 authenticates the connected device. Since the access control device 230 is also closely related to the execution of the connected device authentication process, the operations of the CPU core 203 and the access control device 230 accompanying the execution of the connected device authentication process will be described here.
FIG. 11 is a flowchart showing the operations of the CPU core 203 and the access control device 230 when the connected device authentication process is executed.

As shown in FIG. 11, the CPU core 203 first acquires authentication data from the connected device through steps S40 and S42, and uses the acquired authentication data to obtain the verification value V via the I / F 212. Output generation request. The verification value V is a value used for authenticating the connected device. Note that the authentication data acquired in step S40 may be used as the verification value V as it is.
Upon receiving the verification value V generation request, the access control device 230 generates the verification value V by the arithmetic unit 232 through step S44 and holds it in the register 234.

  Next, the CPU core 203 reads a read command for reading the verification value V from the register 234 of the access control device 230 from the ROM 204 through step S46, and executes the read command to read the register 234 via the I / F 212. A read request for is output. Further, through step S48, the read instruction and its address are output via the I / F 212.

  When the read request is input, the access control device 230 inputs the read command and its address through step S50, and reads the verification value V held in the register 234 if it is a permitted command code string and a permitted address. The read verification value V is output to the I / F 212.

  When the verification value V is input, the CPU core 203 stores the input verification value V in the register 203c through step S52. Then, the CPU core 203 reads the write command for writing the verification value V into the register 236 of the access control device 230 from the ROM 204 through step S54, and executes the read write command, thereby executing the register 236 via the I / F 212. A write request for is output. Further, through step S56, the read write instruction, its address, and the verification value V are output via the I / F 212.

  When the write request is input, the access control device 230 inputs the write command and its address through step S58. If it is a permission command code string and a permission address, the access control device 230 inputs the verification value V. Write to register 236.

Next, the CPU core 203 outputs a generation request for the expected value P via the I / F 212 through step S60. The expected value P is a value used for verifying the verification value V.
When the access control device 230 receives the generation request for the expected value P, the operation unit 232 generates the expected value P through step S 62 and holds it in the register 234.

  Next, the CPU core 203 reads a read command for reading the expected value P from the register 234 of the access control device 230 from the ROM 204 through step S64, and executes the read command to read the register 234 via the I / F 212. A read request for is output. Further, through step S66, the read instruction and its address that have been read are output via the I / F 212.

  When the read request is input, the access control device 230 inputs a read command and its address through step S68, and reads the expected value P held in the register 234 if the read command and its address are input, The read expected value P is output to the I / F 212.

  Next, the CPU core 203 reads a read command for reading the verification value V from the register 236 of the access control device 230 from the ROM 204 through step S70, and executes the read command to read the register 236 via the I / F 212. A read request for is output. Further, the read instruction and its address are output via the I / F 212 through step S72.

  When the read request is input, the access control device 230 inputs a read command and its address through step S74, and if it is a permitted command code string and a permitted address, reads the verification value V held in the register 236, The read verification value V is output to the I / F 212.

  When the verification value V and the expected value P are input, the CPU core 203 compares the verification value V with the expected value P through steps S76 and S78, and determines whether the verification result is correct. Whether or not the collation result is correct is determined based on, for example, whether or not the verification value V has a predetermined relationship with the expected value P. The predetermined relationship is, for example, that the verification value V matches the expected value P, that the calculation value obtained by calculating one of the verification value V and the expected value P by a predetermined calculation method matches the other, This means that the value V and the expected value P have a magnitude relationship and other correlations.

When it is determined that the collation result is correct (Yes), the CPU core 203 authenticates the connected device through step S80 and ends the connected device authentication process. On the other hand, when it is determined that the collation result is not correct (No), the CPU core 203 ends the connected device authentication process without authenticating the connected device through step S82. When the connected device is not authenticated, the CPU core 203 performs fraud notification or disconnects the connection with the connected device.
[Control command transmission processing]
Next, the control command transmission process in step S114 shown in FIG. 10 will be described.
FIG. 12 is a flowchart showing the control command transmission process.
When the control command transmission process is executed in step S114 shown in FIG. 10, the process first proceeds to step S200 as shown in FIG.

  In step S200, the control command is read from the transmission buffer, and the process proceeds to step S202 to determine whether or not the read control command is a predetermined command (that is, a power-on command). When it determines (Yes), it transfers to step S204.

In step S204, first authentication data is generated based on the data of the control program stored in the ROM 204. The first authentication data is data for authenticating the main control unit 2a by the production control unit 300. For example, the calculation by the hash function, the parity check, and the circulation for a part or all of the data of the control program Redundancy check (CRC (Cyclic Redundancy
Check)) or a value obtained by performing an error detection operation such as a checksum is included as a verification value. Thus, the verification value is calculated from the data of the control program actually stored in the ROM 204. Therefore, by performing authentication using the verification value, it is possible to detect fraudulent acts such as replacing a regular main control board with an unauthorized main control board or falsifying the control program in the ROM 204.
Next, the process proceeds to step S206, and an encryption process for encrypting the generated first authentication data is executed by a predetermined encryption algorithm.

In this encryption process, for example, an encryption algorithm that calculates an exclusive OR (XOR) with an encryption key (for example, “0x33”) is used. In this case, the decryption algorithm corresponding to the encryption algorithm is the same.
Then, with this encryption algorithm, the operation value obtained by the executed encryption process is used as encrypted authentication data.

  Next, the process proceeds to step S208, and the control command read in step S200 is transmitted to the effect control unit 300 with the encrypted encrypted authentication data added thereto, and the series of processes is terminated and the original process is restored. .

  On the other hand, when it is determined in step S202 that the command is not a power-on command (No), the process proceeds to step S210, and the control command read in step S200 is transmitted to the effect control unit 300 or the prize ball control unit 400 as it is. The process is terminated and the original process is restored.

Note that the transmission of the power-on command and the power-off command (steps S102 and S118) is similar to the control command transmission process shown in the flowchart of FIG.
[Winning determination process]
Next, the winning determination process in step S106 shown in FIG. 10 will be described.
FIG. 13 is a flowchart showing a winning determination process.
When the winning determination process is executed in step S106 in FIG. 10, first, the process proceeds to step S300 as shown in FIG.
In step S300, it is determined whether or not the number of reserved balls is “0”, and when it is determined that the number of reserved balls is “0” (Yes), the process proceeds to step S302.

  In step S302, a timer (not shown) is used to determine whether or not a predetermined time (for example, 10 minutes) has elapsed since the last winning to the start winning opening 105, and when it is determined that the predetermined time has elapsed ( If Yes, the process proceeds to step S304.

  In step S304, a customer waiting demo execution process for performing a customer waiting demo is executed. In the customer waiting demo execution process, the customer waiting demo is started by storing the customer waiting demo start command in the transmission buffer. Further, when the resumption of the game is detected in response to winning at the start winning opening 105, operation on the launching unit 482, etc., the customer waiting demo is terminated by storing a customer waiting demo stop command in the transmission buffer. Thereby, in the control command transmission process of step S114, a customer waiting demonstration start command or a customer waiting demonstration stop command is transmitted to the effect control unit 300.

  Next, the process proceeds to step S306, where the sensor signal from the start winning opening detection unit 280 is read via the I / F 210, and whether it is detected that the game ball has won the start winning opening 105 based on the read sensor signal. If it is determined whether or not the winning of the game ball is detected (Yes), the process proceeds to step S308.

  In step S308, it is determined whether or not the number of retained balls is “4” or more, and when it is determined that the number of retained balls is less than “4” (No), the process proceeds to step S310 and the number of retained balls is determined. “1” is added to, and the process proceeds to step S312.

  In step S312, the jackpot determined random number, stop symbol determined random number and other random numbers used for game control are acquired from the random number counter, and the process proceeds to step S314, where each acquired random number is stored in a predetermined area of the RAM 206 corresponding to the number of reserved balls. Store, end a series of processing, and return to the original processing.

  On the other hand, when it is determined in step S308 that the number of held balls is “4” or more (Yes) and when it is determined in step S306 that no winning of a game ball is detected (No), a series of processes To return to the original process.

On the other hand, when it is determined in step S302 that the predetermined time has not elapsed (No) and when it is determined in step S300 that the number of reserved balls is not “0” (No), the process proceeds to step S306. .
[Big hit judgment processing]
Next, the jackpot determination process in step S108 shown in FIG. 10 will be described.
FIG. 14 is a flowchart showing the jackpot determination process.

  In the jackpot determination process, in order to generate a jackpot with a predetermined probability, one jackpot value is set in a predetermined numerical range (for example, “0” to “400”) that can be taken by the jackpot determination random number, and the start winning hole 105 10 is a process for obtaining a jackpot determination random number at the winning timing when the game ball is won, and generating a jackpot when the acquired random number value matches the jackpot value, and is executed in step S108 shown in FIG. As shown in FIG. 13, first, the process proceeds to step S400.

  In step S400, it is determined whether or not the effect symbol is changing in the symbol display unit 104, and when it is determined that the effect symbol is not changing (No), the process proceeds to step S402 and the number of reserved balls is “1”. When it is determined whether or not the number is equal to or more than one and it is determined that the number of reserved balls is “1” or more (Yes), the process proceeds to step S404.

  In step S404, the jackpot determination random number is read from a predetermined area of the RAM 206 corresponding to the number of reserved balls, and the process proceeds to step S406 to determine whether or not the read random number value matches the jackpot value. When it is determined that it has been done (Yes), the process proceeds to step S408, the jackpot flag is set, and the process proceeds to step S410.

  In step S410, a big-hit stop symbol determination process is executed to determine the aspect of the effect symbol to be stopped at the big-hit. In the jackpot stop symbol determination process, for example, a jackpot stop symbol determination table is read from the ROM 204. Then, a stop symbol determination random number is read from a predetermined area of the RAM 206 corresponding to the number of reserved balls, a stop symbol number of the order of the read random number value is acquired from the read stop symbol determination table, and control indicating the acquired stop symbol number Store the command (designation command) in the transmission buffer.

  Next, the process proceeds to step S412, and the big hit hour fluctuation pattern determination process is executed for determining the fluctuation pattern of the effect symbol to be displayed in a variable manner at the big hit. In the jackpot variation pattern determination process, for example, a reach determination random number is acquired from a random number counter, and a variation pattern determination table for jackpot corresponding to the acquired random number value is read from the ROM 204. Since the jackpot reach command is registered only in one or a plurality of specific variation pattern determination tables, this selection based on the reach determination random number determines whether or not to perform the reach effect. Then, the fluctuation pattern determination random number is obtained from the random number counter, the fluctuation pattern number of the order of the obtained random number value is obtained from the read fluctuation pattern determination table, and the fluctuation pattern command indicating the obtained fluctuation pattern number is stored in the transmission buffer. To do. Thereby, in the control command transmission process of step S114, the variation pattern command selected at the time of jackpot reach command or other jackpot is transmitted to the effect control unit 300.

  Next, the process proceeds to step S414, and a symbol variation start process for storing in the transmission buffer a control command (variation start command) for designating the effect symbol variation start to the effect control unit 300 is executed, and the process proceeds to step S416. Then, “1” is subtracted from the number of held balls, a series of processing is terminated, and the original processing is restored.

  On the other hand, when it is determined in step S406 that it does not coincide with the jackpot value (No), the process proceeds to step S418, and the off-time stop symbol determining process is executed to determine the mode of the effect symbol to be stopped at the time of loss. The off-time stop symbol determination process is configured in the same manner as in step S410. The difference from step S410 is that a stop symbol determination table for detachment is used.

Next, the process proceeds to step S420, and a variation pattern determination process at the time of detachment is performed to determine a variation pattern of the effect symbol that is variably displayed at the time of the detachment. The deviation variation pattern determination process is configured in the same manner as in step S412. The difference from step S412 is that a deviation variation pattern determination table is used. Thereby, in the control command transmission process of step S114, the fluctuation pattern command selected at the time of the deviation non-reach command, the deviation reach command or the like is transmitted to the effect control unit 300.
When the process of step S420 ends, the process proceeds to step S414.
On the other hand, when it is determined in step S400 that the effect symbol is changing in the symbol display unit 104 (Yes), the process proceeds to step S422.

  In step S422, it is determined whether or not a predetermined time (for example, 30 seconds) has elapsed since the start of the change in the effect design. If it is determined that the predetermined time has elapsed (Yes), the process proceeds to step S424. The symbol stop process for storing in the transmission buffer a control command (design stop command) for designating the stop of the effect symbol to the effect control unit 300 is executed, and the series of processes is terminated and the original process is restored. Let

On the other hand, when it is determined at step S422 that the predetermined time has not elapsed (No) and when it is determined at step S402 that the number of reserved balls is “0” (No), a series of processing is performed. End and return to the original process.
[Electric character control processing]
Next, the electric accessory control process in step S110 shown in FIG. 10 will be described.
FIG. 15 is a flowchart showing the electric accessory control process.
When the electric accessory control process is executed in step S110 shown in FIG. 10, the process first proceeds to step S500 as shown in FIG.

  In step S500, it is determined whether or not the jackpot is based on the jackpot flag, and if it is determined that the jackpot is set by setting the jackpot flag (Yes), the process proceeds to step S502.

  In step S502, it is determined whether or not it is time to start the jackpot effect. If it is determined that it is time to start the jackpot effect (Yes), the process proceeds to step S504.

  In step S504, a jackpot presentation start process for storing the jackpot start command in the transmission buffer is executed, and a series of processes is terminated and the process returns to the original process. Thereby, in the control command transmission process of step S114, the big hit start command is transmitted to the effect control unit 300.

  On the other hand, when it is determined in step S502 that it is not the timing to start the jackpot effect (No), the process proceeds to step S506, where it is determined whether it is the timing to start the round, and the timing to start the round. (Yes), the process proceeds to step S508.

  In step S508, a round start process for storing the round start command in the transmission buffer is executed, a series of processes are terminated, and the original process is restored. Thereby, in the control command transmission process of step S114, a round start command is transmitted to the effect control unit 300.

  On the other hand, when it is determined in step S506 that it is not the timing to start the round (No), the process proceeds to step S510, where it is determined whether the round is continuing, and it is determined that the round is continuing. If (Yes), the process proceeds to step S512.

  In step S512, a special prize opening / closing control process for controlling the opening / closing of the special prize opening 109 is executed by the special prize opening / closing part 288, and a series of processes is terminated and the process returns to the original process.

  On the other hand, when it is determined in step S510 that the round is not continuing (No), the process proceeds to step S514, where it is determined whether it is time to end the round, and it is determined that it is time to end the round. If yes (Yes), the process proceeds to step S516.

  In step S516, “1” is added to the number of rounds, and the process proceeds to step S518 to determine whether or not the number of rounds exceeds the maximum number of rounds (for example, 15 times). When it determines (No), it transfers to step S520.

In step S520, a round end process for storing the round end command in the transmission buffer is executed, and a series of processes are ended to return to the original process. Thereby, in the control command transmission process of step S114, the round end command is transmitted to the effect control unit 300.
On the other hand, when it is determined in step S518 that the number of rounds exceeds the maximum number of rounds (Yes), the process proceeds to step S522.

In step S522, a jackpot presentation end process for storing the jackpot end command in the transmission buffer is executed. Thereby, in the control command transmission process of step S114, the big hit end command is transmitted to the effect control unit 300.
Next, the process proceeds to step S524, where the jackpot flag is reset, a series of processes are terminated, and the original process is restored.

On the other hand, when it is determined at step S514 that it is not the timing to end the round (No), and when it is determined at step S500 that the big hit flag is not reset because the big hit flag is reset (No), a series of processing To return to the original process.
[Production control processing]
Next, the effect control process executed by the effect control unit 300 will be described.
The CPU 302 of the effect control unit 300 reads the control program from the ROM 304, and executes the effect control process shown in the flowchart of FIG. 16 according to the read control program.
FIG. 16 is a flowchart showing the effect control process.
When the effect control process is executed by the CPU 302, as shown in FIG. 16, first, the process proceeds to a connected device authentication process in step S600a.

[Device / PLC authentication processing]
In step S600a, a connected device authentication process is executed. That is, various devices such as the symbol display unit 104, the audio control unit 382, and the lamp control unit 386 can be connected to the CPU 302 of the effect control unit 300 in the same manner as the CPU 202 of the main control unit 2a described above. For this reason, there is a possibility that a device that is not approved by the user or manufacturer is illegally connected, causing the CPU 302 to malfunction, or the data in the ROM 304 to be altered or stolen. For example, the CPU 302 performs authentication of the connected device in order to prevent fraud such that an effect that can be easily selected at the time of a big hit appears more or less than the frequency preset by the manufacturer.
Here, the access control device 330 is closely related to the execution of the connected device authentication process in the effect control unit 30, but the operation is almost the same as the access control device 230 in the main control unit 2a as shown in FIG. It is.
That is, as shown in FIG. 11, the CPU core 303 of the effect control unit 300 first acquires authentication data from the connected device through steps S40 and S42, and acquires the authentication data acquired via the I / F 312. Is used to output a verification value V generation request used for authenticating the connected device. Note that the authentication data acquired in step S40 may be used as the verification value V as it is.
Upon receiving the verification value V generation request, the access control device 330 generates the verification value V by the arithmetic unit 332 through step S44 and holds it in the register 334.

  Next, the CPU core 303 of the effect control unit 300 reads the read command for reading the verification value V from the register 334 of the access control device 330 from the ROM 304 through step S46, and executes the read command to read the I / F 312. A read request to the register 334 is output via Further, through step S48, the read instruction and its address are output via the I / F 312.

  When the read request is input, the access control device 330 inputs the read command and its address through step S50, and reads the verification value V held in the register 334 if it is a permitted command code string and a permitted address. The read verification value V is output to the I / F 312.

  When the verification value V is input, the CPU core 303 of the effect control unit 300 stores the input verification value V in the register 303c through step S52. Then, through step S54, the CPU core 303 reads a write command for writing the verification value V into the register 336 of the access control device 330 from the ROM 304, and executes the read write command to thereby register the register 336 via the I / F 312. A write request for is output. In addition, through step S56, the read write instruction, its address, and the verification value V are output via the I / F 312.

  When the write request is input, the access control device 330 inputs the write command and its address through step S58. If it is a permission command code string and a permission address, the access control device 330 inputs the verification value V. Write to register 336.

Next, the CPU core 303 outputs a generation request for the expected value P via the I / F 312 via step S60. The expected value P is a value used for verifying the verification value V.
When the access control device 330 receives the generation request for the expected value P, the operation unit 332 generates the expected value P through step S 62 and holds it in the register 334.

  Next, the CPU core 303 reads a read command for reading the expected value P from the register 334 of the access control device 330 from the ROM 304 through step S64, and executes the read command to read the register 334 via the I / F 312. A read request for is output. Further, through step S66, the read instruction and its address that have been read are output via the I / F 312.

  When the read request is input, the access control device 330 inputs a read command and its address through step S68, and reads the expected value P held in the register 334 if the read command and its address are received, The read expected value P is output to the I / F 312.

  Next, the CPU core 303 of the effect control unit 300 reads the read command for reading the verification value V from the register 336 of the access control device 330 from the ROM 304 through step S70, and executes the read command to read the I / F 312. The read request to the register 336 is output via Further, the read instruction and its address are output via the I / F 312 through step S72.

  When the read request is input, the access control device 330 inputs a read command and its address through step S74, and if it is a permitted command code string and a permitted address, reads the verification value V held in the register 336, The read verification value V is output to the I / F 312.

  When the verification value V and the expected value P are input, the CPU core 303 of the effect control unit 300 verifies the verification value V and the expected value P through steps S76 and S78, and determines whether the verification result is correct. . Whether or not the collation result is correct is determined based on, for example, whether or not the verification value V has a predetermined relationship with the expected value P. The predetermined relationship is, for example, that the verification value V matches the expected value P, that the calculation value obtained by calculating one of the verification value V and the expected value P by a predetermined calculation method matches the other, This means that the value V and the expected value P have a magnitude relationship and other correlations.

  When it is determined that the collation result is correct (Yes), the CPU core 303 authenticates the connected device through step S80 and ends the connected device authentication process. On the other hand, when it is determined that the collation result is not correct (No), the CPU core 303 ends the connected device authentication process without authenticating the connected device through step S82. When the connected device is not authenticated, the CPU core 303 performs an unauthorized notification or disconnects the connection with the connected device.

If the connected device authentication process for the effect control unit 300 is completed, the process proceeds to step S600.

  In step S600, a control command reception process for receiving a control command from the main control unit 2a is executed, and the process proceeds to step S602 to execute a fluctuation pattern command process for processing a fluctuation pattern command among the received control commands. The process proceeds to S604.

In step S604, a jackpot command process for processing the jackpot command among the received control commands is executed, and the process proceeds to step S606, and other command processes for processing the received control command other than the variation pattern command and the jackpot command. And the process proceeds to step S600.
[Control command reception processing]
Next, the control command reception process in step S600 will be described.
FIG. 17 is a flowchart showing control command reception processing.
When the control command receiving process is executed in step S600, the process first proceeds to step S700 as shown in FIG.

  In step S700, it is determined whether or not a control command has been received from the main control unit 2a via the I / F 310. When it is determined that a control command has been received (Yes), the process proceeds to step S702. (No), the process waits in step S700 until a control command is received.

  In step S702, it is determined whether or not the received control command is a power-on command. When it is determined that the received control command is a power-on command (Yes), the process proceeds to step S704 and is added to the received control command. The encrypted authentication data is acquired, and the process proceeds to step S706.

  In step S706, a decryption process for decrypting the obtained encrypted authentication data is executed by a decryption algorithm corresponding to a predetermined encryption algorithm used by the main control unit 2a.

  As the decryption algorithm, for example, a decryption algorithm that calculates an exclusive OR with a decryption key (for example, “0x33”) is used. Here, the decryption algorithm is capable of decrypting the encrypted result encrypted by the encryption algorithm.

  Therefore, in the decryption process, the verification value is obtained by decrypting the encrypted authentication data by the decryption algorithm. This verification value matches the verification value (that is, the expected value) generated by the main control unit 2a.

Next, the process proceeds to step S708, the expected value is read from the ROM 304, and the process proceeds to step S710, where it is determined whether the verification value obtained by decoding matches the read expected value, When it is determined that they match (Yes), the process proceeds to step S712.
In step S712, the control command received in step S700 is stored in the reception buffer of the RAM 306, and a series of processing is terminated and the original processing is restored.
On the other hand, when it is determined in step S710 that the verification value does not match the expected value (No), the process proceeds to step S716.
In step S716, the control command received in step S700 is discarded, and the process proceeds to step S718.

In step S718, a fraud notification process for transmitting a control command (fault notification effect command) for designating a fraud notification effect for performing a fraud notification to the symbol display unit 104, the sound control unit 382, and the lamp control unit 386, respectively. Execute. When the symbol display unit 104, the voice control unit 382, and the lamp control unit 386 receive the fraud notification effect command, the fraud notification effect is performed. In the fraud notification effect, for example, a character that does not normally appear in the symbol display unit 104 appears, or a character appears in a method different from normal. Further, notification may be performed by changing the brightness or color of the symbol display unit 104 or blinking the lamp 384 with a predetermined blinking pattern. This makes it easier for employees of pachinko halls to recognize the condition. Further, the fraud notification effect may be performed in a mode in which the player is difficult to recognize the state, or conversely, may be performed in a mode in which the player is easy to recognize. If it is performed in a manner that is easy for the player to recognize, it can be expected that fraud will be stopped.
When the process of step S718 ends, the series of processes ends and the original process is restored.

On the other hand, when it is determined in step S702 that the received control command is not a power-on command (No), the process proceeds to step S720, the control command received in step S700 is stored in the reception buffer, and the series of processing ends. To return to the original process.
[Variation pattern command processing]
Next, the variation pattern command process in step S602 will be described.
FIG. 18 is a flowchart showing the variation pattern command processing.
When the variation pattern command process is executed in step S602, the process first proceeds to step S800 as shown in FIG.

  In step S800, it is determined whether or not a variation pattern command has been received based on the control command of the reception buffer. When it is determined that the variation pattern command has been received (Yes), the process proceeds to step S802. When it is determined (No), the process waits in step S800 until a variation pattern command is received.

  In step S802, a random number is acquired from a random number counter, the process proceeds to step S804, and one of a plurality of variation effects corresponding to the received variation pattern command is selected based on the acquired random number, and the process proceeds to step S806. Transition.

  In step S806, a variation effect start process for transmitting a control command (variation effect start command) for designating the start of the selected variation effect to the symbol display unit 104, the sound control unit 382, and the lamp control unit 386 is performed. Execute.

  Next, the process proceeds to step S808, where it is determined whether or not a predetermined time (for example, 30 seconds) has elapsed since the transmission of the change effect start command, and when it is determined that the predetermined time has not elapsed (No). Shifts to step S810 to determine whether or not a symbol stop command has been received based on the control command of the reception buffer, and when it is determined that a symbol stop command has been received (Yes), shifts to step S812. .

In step S812, a variation effect end process is performed in which a control command (variation effect end command) for designating the end of the variation effect is transmitted to the symbol display unit 104, the sound control unit 382, and the lamp control unit 386, respectively. .
When the process of step S812 ends, the series of processes ends and the original process is restored.
On the other hand, when it determines with not receiving a symbol stop command by step S810 (No), it transfers to step S808.
On the other hand, when it is determined in step S808 that the predetermined time has elapsed (Yes), the process proceeds to step S812.

The random number counter can be updated by the above method employed by the main control unit 2a. However, the update method is not necessarily the same as that of the main control unit 2a.
[Big hit command processing]
Next, the jackpot command processing in step S604 will be described.
FIG. 19 is a flowchart showing the jackpot command processing.
When the jackpot command process is executed in step S604, the process first proceeds to step S900 as shown in FIG.

  In step S900, it is determined whether or not a jackpot start command has been received based on the control command of the reception buffer. If it is determined that a jackpot start command has been received (Yes), the process proceeds to step S902.

  In step S902, a jackpot effect start process for transmitting a control command (a jackpot effect start command) for designating the start of a jackpot effect to the symbol display unit 104, the sound control unit 382, and the lamp control unit 386 is executed. .

  Next, the process proceeds to step S904, where it is determined whether a round start command is received based on the control command of the reception buffer. When it is determined that the round start command is received (Yes), the process proceeds to step S906. .

  In step S906, a round effect start process for transmitting a control command (round effect start command) for designating the start of the round effect to the symbol display unit 104, the sound control unit 382, and the lamp control unit 386 is executed. .

  Next, the process proceeds to step S908, where it is determined whether a round end command has been received based on the control command of the reception buffer. When it is determined that a round end command has been received (Yes), the process proceeds to step S910. .

  In step S910, a round effect end process for transmitting a control command (round effect end command) for designating the end of the round effect to the symbol display unit 104, the sound control unit 382, and the lamp control unit 386 is executed. The process proceeds to step S904.

  On the other hand, when it is determined in step S908 that the round end command is not received (No), the process proceeds to step S912, where it is determined whether or not the jackpot end command is received based on the control command of the reception buffer. When it is determined that the end command has been received (Yes), the process proceeds to step S914.

In step S914, a big hit effect ending process is executed for transmitting a control command (big hit effect end command) for designating the end of the big win effect to the symbol display unit 104, the sound control unit 382, and the lamp control unit 386, respectively. Then, the series of processes is terminated and the original process is restored.
On the other hand, when it is determined in step S912 that the jackpot end command is not received (No), the process proceeds to step S908.

  On the other hand, when it is determined in step S904 that the round start command is not received (No), the process waits in step S904 until the round start command is received.

On the other hand, when it is determined in step S900 that the jackpot start command is not received (No), the process waits in step S900 until the jackpot start command is received.
[Operation of the present embodiment]
Next, the operation of the present embodiment will be described.

  As shown in FIG. 10, first, when power is turned on to the pachinko machine, the main control unit 2a executes an initialization process through step S102. In the initialization process, a power-on command is transmitted. Since the power-on command is a predetermined command, encrypted authentication data is added through steps S204 to S208 and transmitted to the effect control unit 300, which is an example of the peripheral unit 3a.

When the effect control unit 300 receives the power-on command, the process proceeds to step S600a as shown in FIG. 16, and the connected device authentication process is performed. In the connected device authentication process, the access control device 230 authenticates the connected device through steps S40 to S82 shown in FIG. When it is determined in this authentication process that an unauthorized device is not connected, a control command (specifically, an effect control at power-on) is sent to the symbol display unit 104, the voice control unit 382, and the lamp control unit 386. , Display of demonstration screen, lighting of lamp 384, control command for designating audio output). On the other hand, when it is determined that an unauthorized device is connected in this authentication process, a control command (specifically, a notification of fraud is sent to the symbol display unit 104, the voice control unit 382, and the lamp control unit 386. , A display of a demonstration screen, lighting of a lamp 384, and a control command for designating audio output) are transmitted. Accordingly, it is possible to authenticate the validity of the connected device with respect to the effect control unit 300 when the power is turned on, and to immediately notify when an unauthorized device is connected.
However, for example, a connected device authentication process may be falsified by a malicious third party so that an unauthorized device is authenticated.

  For example, in step S <b> 58 shown in FIG. 11, the verification value V is written in the register 336 of the access control device 330. At this time, what is originally written in the register 336 is the verification value V held in the register 303 c of the CPU core 303 of the effect control unit 300. However, the value written to the register 336 can be set to a value stored in a place other than the register 303c (or an area other than the area where the verification value V is held in the register 303c) by an illegal instruction code sequence. It becomes.

  For example, in step S50 shown in FIG. 11, the verification value V is read from the register 334 of the access control device 330. At this time, the value to be read can be a value stored in a place other than the register 334 (or an area other than the area in the register 334 where the verification value V is held).

  These frauds can be made, for example, by branching the processing of the CPU core 303 by an illegal patch or the like.

  If such an illegal act is performed, a correct connection device authentication process cannot be performed, and an unauthorized device can be connected. Therefore, the effect control unit 300 is also provided with an access control device 330 to control access to the registers 334 and 336 by the CPU 302 of the effect control unit 300. As a result, it is possible to reduce the possibility that an unauthorized device is authenticated by executing an unauthorized instruction code string.

  FIG. 20 is an explanatory diagram showing an outline of access control performed by the access control unit 338. In FIG. 20, a part of the configuration is omitted for convenience of explanation.

  As illustrated in FIG. 20, for example, it is assumed that the permitted instruction code sequence and the permitted address are an instruction code sequence “0xJKLMNOPQ” (write command) and an address “0x104”. At this time, the normal ROM 304 stores an instruction code string “0xJKLMNOPQ” (write instruction) at addresses “0x104” to “0x107”.

  When the CPU core 303 of the effect control unit 300 reads and executes the instruction code string “0xJKLMNOPQ” from the addresses “0x104” to “0x107” (arrow α), the access control unit 338 writes the data to the register 336. Allow.

  However, suppose that an illegal instruction code string “0xPOIYUTRE” (write instruction) has been written to addresses “0x200” to “0x203” as in unauthorized example 1, for example. In this case, even if the CPU core 203 reads and executes the instruction code string “0xPOIYUTRE” from the addresses “0x200” to “0x203” (arrow β), the address of the instruction code string is not a permitted address, so the access control unit 338 prohibits writing of data to the register 336 (deny write command).

  Further, for example, it is assumed that an illegal instruction code string “0xLKJHGFDS” is inserted into addresses “0x080” to “0x083” as in the illegal example 2. This illegal instruction code string is, for example, an instruction code string that changes a value written to the register 336. However, due to the insertion of this illegal instruction code string, the addresses of the instruction code string “0xJKLMNOPQ” (write instruction) that is originally permitted to be executed are “0x108” to “0x10B”.

  Therefore, even if the CPU core 303 of the effect control unit 300 reads and executes the instruction code string “0xJKLMNOPQ” from the addresses “0x108” to “0x10B” (arrow γ), the address of the instruction code string is not a permitted address. The access control unit 338 prohibits writing of data to the register 336 (denies the write command). At this time, the CPU core 303 may receive a notification from the access control device 330 and perform an unauthorized notification. As a result, even if the write value is changed by executing the illegal instruction code string “0xLKJHGFDS”, the value is not written to the register 336, so that the possibility of an illegal act can be reduced.

  On the other hand, the access control unit 338 can reduce the possibility that the CPU 302 malfunctions due to a bit error in addition to the above-mentioned fraudulent acts.

  FIG. 21 is an explanatory diagram showing an outline of access control performed by the access control unit 338.

  As illustrated in FIG. 21, for example, the permitted instruction code string and the permitted address include an instruction code string “0xABCDEFGH” (read instruction) and an address “0x100”, and an instruction code string “0xABCDEFGI” (write instruction) and an address “0x104”. ”. At this time, the normal ROM 304 stores an instruction code string “0xABCDEFGH” (read instruction) at addresses “0x100” to “0x103”.

  When the CPU core 303 reads the instruction code string, a bit error (for example, “1” becomes “0”) may occur in the instruction code string. As a result, the instruction code string “0xABCDEFGH” (read instruction) read from the addresses “0x100” to “0x103” by the CPU core 203 may be replaced with, for example, the instruction code string “0xABCDEFGI” (write instruction) ( Arrow δ). In this case, if the CPU core 303 executes the instruction code string “0xABCDEFGI” (write instruction), the data in the access control device 330 may be rewritten unexpectedly.

However, even if such a write instruction is executed (arrow ε), the address of the instruction code string is not a permission address, so that the access control unit 338 prohibits writing of data to the register 336 (write instruction). Rejected).
When these initialization processes are completed, the main control unit 2a performs a connected device authentication process for the main control unit 2a itself through step S104.

In the connected device authentication process for the main control unit 2a, the access control device 230 authenticates the connected device through steps S40 to S82 shown in FIG. As a result, the validity of the connected device can be authenticated.
In the main control unit 2a as well as in the production control unit 300, when trying to falsify the connected device authentication process so that an unauthorized device is authenticated by a malicious third party, Similar to the access control device 330, the access control device 230 of the main control unit 2a can detect and avoid the fraud.
Next, a case where a game is played with a pachinko machine will be described.

  When the connected device is also authenticated on the main control unit 2a side, as shown in FIG. 10, the main control unit 2a goes through steps S106 to S114 to receive a winning determination process, a jackpot determination process, an electric accessory control process, and a control. The command transmission process is repeatedly executed at a predetermined cycle. As a result, the pachinko machine is in a playable state. A player can play a game by loading a rented game ball into a pachinko machine and operating the launch unit 482 to fire the game ball onto the game board 101.

  When the game ball launched by the player wins the start winning opening 105, the main control unit 2a reads the jackpot determined random number from the access control device 230 at the winning timing through steps S306 and S312 shown in FIG. The jackpot determination random number may also be read out only when access is permitted by the access control device 230, as in the case of the connected device authentication process. That is, it may be read only when the instruction code string relating to the reading of the jackpot determination random number is a permitted instruction code string and the address of the instruction code string is a permitted address. The same applies to other random numbers used for game control. Then, after Steps S404 and S406 shown in FIG. 14, if the acquired random number value matches the jackpot value, it is a jackpot.

  When the jackpot is reached, the stop symbol mode and the variation pattern at the jackpot are determined through steps S410 and S412. At this time, when it is determined to perform the reach effect, in the control command transmission process, a symbol designation command for designating a jackpot symbol and a jackpot reach command are transmitted. Since the jackpot reach command is not a predetermined command (that is, a power-on command), it passes through step S210 shown in FIG. 12 and is transmitted as it is to the effect control unit 300 without adding the encrypted authentication data.

  When receiving the jackpot reach command, the effect control unit 300 performs steps S802 to S812 shown in FIG. 18 and executes processing when the jackpot reach changes based on the received jackpot reach command.

  In the main control unit 2a, through steps S414 and S424 shown in FIG. 14, the effect symbol is displayed in a variable manner with a predetermined variation pattern, and after a part of the effect symbol is stopped with the reach symbol, the effect symbol is stopped with the jackpot symbol. . When the effect symbol stops, a jackpot start command is transmitted in the control command transmission process. Since the jackpot start command is not a predetermined command (that is, a power-on command), it passes through step S210 shown in FIG. 12 and is transmitted as it is to the effect control unit 300 without adding the encrypted authentication data.

  In the effect control unit 300, when the jackpot start command is received, the process at the time of starting the jackpot effect is executed based on the received jackpot start command through step S902 shown in FIG.

  During the big hit, the round continues until the predetermined condition is satisfied with the maximum number of rounds as the upper limit. In the control command transmission process, a jackpot command is transmitted at the start and end of a round. Since the jackpot command is not a predetermined command (that is, a power-on command), the encrypted authentication data is not added to the effect control unit 300 via step S210 shown in FIG.

  In addition, during the big hit, the big winning opening 109 is opened with a predetermined opening / closing pattern, and when a gaming ball wins the big winning opening 109, a predetermined number of gaming balls are paid out as one winning ball.

  When the final round ends, a jackpot end command is transmitted in the control command transmission process. Since the jackpot end command is not a predetermined command (that is, a power-on command), it passes through step S210 shown in FIG. 12 and is transmitted as it is to the effect control unit 300 without adding the encrypted authentication data.

In the effect control unit 300, when the jackpot end command is received, the process at the end of the jackpot effect is executed based on the received jackpot end command through step S914 shown in FIG.
On the other hand, if the acquired random number value does not match the jackpot value through steps S404 and S406 shown in FIG.

  When it comes off, through steps S418 and S420 shown in FIG. 14, the mode and variation pattern of the stop symbol at the time of loss are determined. At this time, when it is determined to perform the reach effect, in the control command transmission process, a symbol designating command and a missed reach command for designating a missed symbol (or an effect of becoming a missed symbol) are transmitted. On the other hand, when it is determined not to perform the reach effect, the symbol designation command and the off-reach non-reach command are transmitted in the control command transmission process. Since the loss reach command and the loss non-reach command are not predetermined commands (that is, a power-on command), the encrypted authentication data is not added to the effect control unit 300 via step S210 shown in FIG. Is done.

  When the production control unit 300 receives the outlier reach command or the outlier nonreach command, the processing at the time of deviation fluctuation is executed based on the received outlier reach command or outlier nonreach command through steps S802 to S812 shown in FIG. The

  On the other hand, when the game is interrupted, the main control unit 2a executes a customer waiting demonstration execution process. In the control command transmission process, a customer waiting demonstration start command is transmitted. Since the customer waiting demonstration start command is not a predetermined command (that is, a power-on command), it passes through step S210 shown in FIG. 12 and is transmitted as it is to the effect control unit 300 without adding the encrypted authentication data.

  When the production control unit 300 receives the customer waiting demonstration start command, as a process at the time of the customer waiting demonstration start, control commands for the customer waiting demonstration are sent to the symbol display unit 104, the voice control unit 382, and the lamp control unit 386, respectively. Sent.

  Thereafter, when the game is resumed, a customer waiting demonstration stop command is transmitted in the control command transmission process. Since the customer waiting demonstration stop command is not a predetermined command (that is, a power-on command), it passes through step S210 shown in FIG. 12 and is transmitted as it is to the effect control unit 300 without adding the encrypted authentication data.

  When the production control unit 300 receives the customer waiting demonstration stop command, a control command for the customer waiting demonstration is sent to the symbol display unit 104, the voice control unit 382, and the lamp control unit 386 as processing at the time of the customer waiting demonstration end. Sent.

In the above description, when the command is not a predetermined command, the case where the encrypted authentication data is transmitted without being added has been described. However, instead of the encrypted authentication data, dummy value data is added and transmitted. Also good. In this case, the intermediate unit receives the control command to which the dummy value data is added via the peripheral unit. The intermediate unit that has received it may transmit the dummy value data as it is to the peripheral unit, or may generate another dummy value data and transmit it to the peripheral unit.
[Effects of providing an access control device]

  In this way, in the present embodiment, the access control device 330 of the effect control unit 300 uses the registers 334 and 336, the instruction code string executed by the CPU core 303 of the effect control unit 300, and its address from the I / F 312. An input unit 331 for input and an access control unit 338 for controlling access to the registers 334 and 336 by the CPU 302 based on the instruction code string and address input by the input unit 331 are provided.

  As a result, the possibility that the data in the registers 334 and 336 is illegally rewritten or read out can be reduced, so that it is possible to perform an illegal operation due to an illegal act or error related to the production by the production control unit 300. Can be reduced. In addition, since the access control device 330 separate from the CPU 302 of the effect control unit 300 realizes the access control function, the CPU core 303 itself does not need to perform unauthorized operation detection processing, and development and design compared to the conventional case. It is possible to suppress the difficulty level of becoming higher. Furthermore, since access is controlled based on the instruction code string and its address, it is not necessary to prepare a table having the same capacity as the ROM 304, and an increase in data capacity can be suppressed as compared with the conventional case.

  Further, in the case where the CPU 302 of the presentation control unit 300 that is a one-chip type microprocessor made of DIP or the like is employed, in the configuration in which the CPU core 303 performs the illegal operation detection process, an illegal act in which the entire CPU 302 is exchanged may occur. If it is performed, the CPU core 303 itself is exchanged, so that the validity of the CPU 302 cannot be authenticated. On the other hand, in this embodiment, since the access control device 330 is provided separately from the CPU 302, the validity of the CPU 302 can be authenticated even if such an illegal act is performed.

  Further, in the case where the CPU 302 of the effect control unit 300 that is a one-chip type microprocessor made of DIP or the like is employed, a circuit that implements an access restriction function of the access control device 330 is incorporated in the CPU 302 of the effect control unit 300. Then, the CPU 302 must be newly developed and designed, and cannot be applied to an existing CPU. On the other hand, in the present embodiment, it is only necessary to connect the access control device 330 to the CPU 302 of the effect control unit 300, so that the present invention can also be applied to an existing CPU.

  Furthermore, in the present embodiment, the access control unit 338 registers the register 334 only when the instruction code string input from the input unit 331 is a permitted instruction code string and the address of the instruction code string is a permitted address. 336 is permitted.

As a result, an illegally rewritten instruction code string, an instruction code string whose contents have been changed due to a bit error, or an instruction code string stored at an illegal address is executed, whereby the data in the registers 334 and 336 is illegally stored. Since the possibility of being rewritten or read can be reduced, the possibility of an unauthorized operation can be further reduced.
Further, in the present embodiment, fraud notification is performed according to the status of access control by the access control device 330.
As a result, it is possible to grasp that there is a possibility that an illegal operation has been performed on the production control unit 300. In the present embodiment, since the access control device 230 is provided in the main control unit 2a together with the production control unit 300, the possibility that not only the production control unit 300 but also the CPU 202 of the main control unit 2a operates illegally is reduced. However, the access control device 230 on the side of the main control unit 2a may be omitted as long as an illegal operation of the main control unit 2a can be avoided by another configuration.
[Second Embodiment]

  Next, a second embodiment of the present invention will be described with reference to the drawings. 22 to 25 are diagrams showing a gaming machine, an access control program, and a game control method according to a second embodiment of the present invention.

This embodiment is different from the first embodiment in that the access control units 238 and 338 of the access control devices 230 and 330 of the main control unit 2a and the effect control unit 300 are the same as the CPU cores 203 and 303, respectively. The difference is that access is controlled based on a check value calculated from the instruction code string in addition to the instruction code string to be executed and its address. Hereinafter, only the parts different from the first embodiment will be described, and the same parts as those in the first embodiment will be denoted by the same reference numerals and the description thereof will be omitted.
[Configuration of main controller]
First, the configuration of the main control unit 2a will be described.
FIG. 22 is a block diagram showing a configuration of the main control unit 2a.

  As shown in FIG. 22, the CPU 202 of the main control unit 2a includes a CPU core 203, a ROM 204, a RAM 206, a security inspection circuit 208, I / Fs 210 and 212, a timer 214, and a check value for calculating a check value from an instruction code string. A calculation unit 218 is included. These are connected to each other via a bus 216.

  The check value calculation unit 218 acquires an instruction code string from the ROM 204. Then, a check value for checking the validity of the instruction code string is calculated from the acquired instruction code string. The check value is used for access control by the access control unit 238. Here, the check value is a value calculated from a part or all of the instruction code or instruction code string stored in the ROM 204, a part of one instruction code, or a combination thereof. The check value calculation unit 218 performs, for example, an error detection operation such as a calculation by a hash function, a parity check, a cyclic redundancy check (CRC (Cyclic Redundancy Check)) or a checksum for all instruction code strings stored in the ROM 204. Go to calculate the check value. As described above, the check value is calculated from the instruction code string actually stored in the ROM 204. Therefore, by performing verification using the check value, it is possible to detect unauthorized rewriting of the instruction code sequence stored in the ROM 204, unauthorized replacement of the ROM 204, and the like.

  The input unit 231 inputs the instruction code string executed by the CPU core 203 and its address, and the check value calculated by the check value calculation unit 218 from the I / F 212. At this time, the check value may be divided and input. In this case, the check values are combined by combining the divided data.

  In the access control unit 238, the instruction code string input from the input unit 231 is a permitted instruction code string, the address of the instruction code string is a permitted address, and the check value input from the input unit 231 is a check value. Access to the registers 234 and 236 is permitted only when there is a predetermined relationship with the expected value. The predetermined relationship is, for example, that the check value matches the expected value, that the calculated value obtained by calculating one of the check value and the expected value by the predetermined calculation method matches the other, the check value and the expected value Means that there is a magnitude relationship or other correlation. In this way, by combining the collation of the instruction code string and address with the collation of the check value, the possibility of an illegal operation can be further reduced.

  The expected value used by the access control unit 238 for verification is stored in the access control unit 238 in advance (for example, at the time of manufacture). In addition, an expected value used for collation by the access control unit 238 may be transmitted to the access control unit 238 from another component unit. The other components are, for example, a CPU core 203 and a dedicated processing unit (hereinafter referred to as an expected value calculation unit) for generating an expected value of a check value. The CPU core 203 and the expected value calculation unit may transmit an expected value stored in advance to the access control unit 238, or may generate an expected value for each matching process. Further, a coefficient or the like necessary for calculating an expected value may be received from an external device via the I / F 210 to the CPU core 203 or the expected value calculation unit. As described above, if the expected value is not stored in advance in the access control unit 238 and is input from another component unit, the check value of the ROM 204 can be changed later.

  On the other hand, FIG. 23 is a block diagram showing a configuration of the effect control unit 300.

  As shown in FIG. 23, the CPU 302 of the effect control unit 300 calculates a check value from the instruction code string in the same manner as the main control unit 2a in addition to the CPU core 303, ROM 304, RAM 306, I / F 310, 312. A portion 318 is included. These are connected to each other via a bus 316.

The check value calculation unit 318 acquires an instruction code string from the ROM 304. Then, a check value for checking the validity of the instruction code string is calculated from the acquired instruction code string. The check value is used for access control by the access control unit 338. Here, the check value is a value calculated from a part or all of the instruction code or instruction code string, a part of one instruction code, or a combination thereof, stored in the ROM 304, similar to that of the main control unit 2a. It is. The check value calculation unit 318, for example, performs an operation using a hash function, parity check, and cyclic redundancy check (CRC (Cyclic Redundancy) on all instruction code strings stored in the ROM 304.
Check)) or error detection calculation such as checksum is performed to calculate a check value. In this way, the check value is calculated from the instruction code string actually stored in the ROM 304. Therefore, by performing verification using the check value, it is possible to detect illegal rewriting of the instruction code string stored in the ROM 304, illegal replacement of the ROM 304, or the like.

  The input unit 331 inputs from the I / F 312 the instruction code string executed by the CPU core 303 and its address, and the check value calculated by the check value calculation unit 318. At this time, the check value may be divided and input. In this case, the check values are combined by combining the divided data.

  In the access control unit 338, the instruction code string input by the input unit 331 is a permitted instruction code string, the address of the instruction code string is a permitted address, and the check value input by the input unit 331 is a check value. Access to the registers 334 and 336 is permitted only when there is a predetermined relationship with the expected value. The predetermined relationship is, for example, that the check value matches the expected value, that the calculated value obtained by calculating one of the check value and the expected value by the predetermined calculation method matches the other, the check value and the expected value Means that there is a magnitude relationship or other correlation. In this way, by combining the collation of the instruction code string and address with the collation of the check value, the possibility that an illegal operation on the effect control unit 300 is performed can be further reduced.

  The expected value that the access control unit 338 uses for collation is stored in the access control unit 238 in advance (for example, at the time of manufacture). In addition, an expected value used for collation by the access control unit 338 may be transmitted from another component unit to the access control unit 238. The other components are, for example, a CPU core 303 and a dedicated processing unit (hereinafter referred to as an expected value calculation unit) for generating an expected value of a check value. The CPU core 303 and the expected value calculation unit may transmit an expected value stored in advance to the access control unit 338, or may generate an expected value for each matching process. In addition, a coefficient necessary for calculating an expected value may be received from an external device via the I / F 310 to the CPU core 303 or the expected value calculation unit. As described above, if the access control unit 338 inputs an expected value without storing the expected value in advance, the check value of the ROM 304 can be changed later.

[Check value calculation processing]
Next, a check value calculation process executed by each of these check value calculation units 218 and 318 will be described.
FIG. 24 is a flowchart showing the check value calculation process.
When the check value calculation units 218 and 318 respectively execute the check value calculation processing, as shown in FIG. 24, first, the process proceeds to step SS600.

  In step SS600, it is determined whether or not a check value acquisition request has been received from each of the access control units 238 and 338. If it is determined that a check value acquisition request has been received (Yes), the process proceeds to step SS602. If it is determined that this is not the case (No), the process waits at step SS600 until a check value acquisition request is received.

In step SS602, instruction code strings are read from the ROMs 204 and 304, respectively, the process proceeds to step SS604, the error detection calculation is performed on the read instruction code string, the check value is calculated, and the process proceeds to step SS606. The calculated check value is transmitted to the access control units 238 and 338, and the check value calculation process is terminated.
[Access control processing]
Next, access control processing executed by the access control units 238 and 338 will be described.
FIG. 25 is a flowchart showing the access control process.
When executing the access control process, the access control unit 238 first proceeds to step SS700 as shown in FIG.

  In step SS700, it is determined whether a read request for the registers 234, 334, 236, 336 is input from the I / F 212, 312. If it is determined that a read request is input (Yes), the process proceeds to step SS702. Then, the instruction code string executed by the CPU cores 203 and 303 and the address thereof are input from the input units 231 and 331, and the process proceeds to step SS704.

  In step SS704, it is determined whether or not the input instruction code string is a permitted instruction code string. When it is determined that the input instruction code string is a permitted instruction code string (Yes), the process proceeds to step SS706 and the input address is permitted. It is determined whether the address is an address, and when it is determined that the address is a permitted address (Yes), the process proceeds to step SS708.

  In step SS708, a check value acquisition request is transmitted to the check value calculation units 218 and 318, the process proceeds to step SS710, the check value is input from the input units 231 and 331 as a response, and the process proceeds to step SS712.

  In step SS712, the expected values stored in the access control units 238 and 338 are read out, and the expected values of the check values are obtained by receiving the expected values generated by the CPU cores 203 and 303 and the expected value calculating unit. Acquire and move to step SS714.

  In step SS714, it is determined whether or not the input check value matches the input expected value. If it is determined that the check value matches the expected value (Yes), the process proceeds to step SS716.

  In step SS716, the data held in the registers 234, 334, 236, and 336 are read out, the process proceeds to step SS718, and the read data is output to the I / Fs 212 and 312. The output data is held in the registers 203c of the CPU cores 203 and 303 via the I / Fs 212 and 312.

  Next, the process proceeds to step SS720, where it is determined whether a write request for the registers 236, 336 is input from the I / F 212, 312. When it is determined that the write request is input (Yes), the process proceeds to step SS722. Then, the instruction code string executed by the CPU cores 203 and 303 and the address thereof are input from the input units 231 and 331, and the process proceeds to step SS724.

In step SS724, it is determined whether or not the input instruction code string is a permitted instruction code string. When it is determined that the input instruction code string is a permitted instruction code string (Yes), the process proceeds to step SS726 and the input address is permitted. It is determined whether or not it is an address, and when it is determined that the address is a permitted address (Yes), the process proceeds to step SS728.
In steps SS728 to SS732, processing similar to that in steps SS708 to SS712 is executed, and the process proceeds to step SS734.

  In step SS734, it is determined whether or not the check value matches the expected value. If it is determined that the check value matches the expected value (Yes), the process proceeds to step SS736.

  In step SS736, the data held in the registers 203c and 303c of the CPU cores 203 and 303 are input from the I / Fs 212 and 312. The process proceeds to step SS738, and the input data is written in the registers 236 and 336 for access control. The process ends.

  On the other hand, when it is determined at step SS734 that the check value does not match the expected value (No), when it is determined at step SS726 that it is not a permitted address (No), it is determined at step SS724 that it is not a permitted instruction code string. When it is determined (No) and when it is determined in step SS720 that the write request is not input (No), the access control process is terminated without writing data to the registers 236 and 336. At this time, the CPU cores 203 and 303 may receive a notification from the access control devices 230 and 330 and perform an unauthorized notification.

On the other hand, when it is determined at step SS714 that the check value does not match the expected value (No), when it is determined at step SS706 that it is not a permitted address (No), it is determined at step SS704 that it is not a permitted instruction code string. The data held in the registers 234, 334, 236, and 336 is output to the I / Fs 212 and 312 in both cases (No) and when it is determined not to input a read request in Step SS700 (No). Without proceeding to step SS720. At this time, the illegal values are held in the registers 203c and 303c of the CPU cores 203 and 303. However, if the values are predetermined values, the CPU cores 203 and 303 may perform fraud notification.
[Effect of this embodiment]

  In this way, in the present embodiment, the CPU 302 of the effect control unit 300 includes the check value calculation unit 318 that calculates the check value from the instruction code string stored in the ROM 304, and the access control unit 338 includes the input unit 231. The instruction code string input in step 1 is a permitted instruction code string, the address of the instruction code string is a permitted address, and the check value input by the input unit 331 is in a predetermined relationship with the expected value of the check value. Only access to the registers 334 and 336 is permitted.

Thereby, it is possible to detect that the instruction code string stored in the ROM 304 has been illegally rewritten. Further, by combining the collation of the instruction code string and address with the collation of the check value, the possibility of an illegal operation can be further reduced. Note that check value verification is performed in combination with instruction code string and address verification, so that even if an error detection operation (for example, parity check) with a relatively low processing load is used for calculation of the check value, a certain degree of accuracy can be obtained. Obtainable.
In the present embodiment, the access control device 230 is provided in the main control unit 2a as well as the production control unit 300, and the check value calculation units 218 and 318 are provided in the main control unit 2a. When the access control device 230 on the side is not provided, the check value calculation unit 218 of the main control unit 2a may be omitted.
[Other Embodiments]

In the second embodiment, the access control device 330 is configured to calculate the check value from the instruction code string. However, the present invention is not limited to this, and the following three configurations can be employed.
(1) First configuration

In the first configuration, a check value is calculated from data stored in the ROM 304 (hereinafter referred to as first calculation basic data) instead of the instruction code string. The first calculation basic data is, for example, a predetermined fixed value stored in the ROM 304. The first calculation basic data is not limited to a fixed value, and may be fluctuation data that can accurately predict data values before and after the fluctuation. To be able to accurately predict the data values before and after the fluctuation specifically refers to, for example, a case where the fluctuation range is fixed or a fluctuation rule is fixed.
The check value calculation unit 318 reads the first calculation basic data from the ROM 304, and calculates the check value from the read first calculation basic data.

The access control unit 338 stores the expected value of the first calculation basic data in advance. The access control unit 338 calculates a check value from the expected value, and determines whether the check value input by the input unit 331 has a predetermined relationship with the calculated check value. In addition, it may be determined whether the check value input by the input unit 331 has a predetermined relationship with the expected value. Note that access control may be performed based on both the check value calculated from the instruction code string and the check value calculated from the first calculation basic data.
As a result, it is possible to detect that the ROM 304 has been replaced with an illegal one.
(2) Second configuration

In the second configuration, instead of the instruction code string, a check value is calculated from the execution result of the instruction code string executed by the CPU core 303 (hereinafter referred to as second calculation basic data). The second calculation basic data is, for example, the value of the flag register of the CPU core 303. Note that the second calculation basic data is not limited to the value of the flag register, and is a return value of a function that returns the first value when the instruction code string is correctly executed, and otherwise returns the second value. Also good.
The check value calculation unit 318 acquires second calculation basic data from a flag register or the like, and calculates a check value from the acquired second calculation basic data.

  The access control unit 338 can be configured in the same manner as in the first configuration. Note that access control may be performed based on the check value calculated from the first calculation basic data.

  Further, the second calculation basic data may be used as it is without calculating the check value from the second calculation basic data. That is, the access control unit 338 has the instruction code string input from the input unit 331 as a permitted instruction code string, the address of the instruction code string is a permitted address, and the second calculation basic data is a predetermined value. Allow access only at certain times.

As a result, an illegally rewritten instruction code string or an instruction code string whose contents have changed due to a bit error is executed, whereby the data in the registers 234, 334, 236, and 336 are illegally rewritten or read out. Therefore, the possibility of unauthorized operation can be further reduced.
(3) Third Configuration In the third configuration, a check value is calculated from the address of the instruction code string (hereinafter referred to as third calculation basic data) instead of the instruction code string.
The check value calculation units 218 and 318 acquire the third calculation basic data from the buses 216 and 316 and calculate the check value from the acquired third calculation basic data.

  The access control units 238 and 338 can be configured in the same manner as in the first configuration. Note that access control may be performed based on a check value calculated from one or both of the first calculation basic data and the second calculation basic data.

  In the second embodiment, the access permission condition is that the instruction code string input by the input units 231 and 331 is a permitted instruction code string, and the address of the instruction code string is a permitted address; The check values input at the input units 231 and 331 have a predetermined relationship with the expected value of the check value. However, the present invention is not limited to this. (1) The instruction code string input at the input units 231 and 331 is the permitted instruction code. One of the following: (2) the address of the instruction code string is a permitted address, and (3) the check value input by the input units 231 and 331 has a predetermined relationship with the expected value of the check value. It can also be one or any combination of the two. Even when the first calculation basic data or the second calculation basic data is used, the access permission condition can be set in any combination with (1) to (3). Also in the first embodiment, the access permission condition can be set in (1) or (2).

  In the first and second embodiments, the access control units 238 and 338 are configured to control access to the registers 234, 334, 236, and 336. 334, 236, and 336 can be configured to control access to a specific address space.

  As a result, by controlling access to the address space in which important information such as confidential information is stored in the registers 234, 334, 236, and 336, the important information is illegally rewritten or read out. Since the possibility can be reduced, the possibility that an illegal operation is performed can be further reduced.

  In the first and second embodiments, the read, execute, determination and other processes are performed in units of instruction code strings. However, the present invention is not limited to this, and read and execute in units of instruction codes. Further, it can be configured to perform determination and other processing. The same applies to the other embodiments described above. As a representative example, access is permitted only when the input instruction code is a previously permitted code and the address of the instruction code is a permitted address. For the combination of access permission conditions, the same combination as in the case of the instruction code string can be adopted.

  In the second embodiment, the check value calculation units 218 and 318 are configured to calculate a check value in response to a check value acquisition request. However, the present invention is not limited to this, and a predetermined condition is satisfied. It is also possible to calculate the check value and transmit the calculated check value to the access control units 238 and 338.

  In the first and second embodiments, the CPUs 202 and 302 are configured by providing two I / Fs 210, 310, 212, and 312. However, the present invention is not limited to this, and only one I / F is provided. It may be provided and configured, or may be configured by providing a larger number of I / Fs.

  In the first and second embodiments, the CPUs 202 and 302 are configured to output the instruction code string and its address independently of the control command. However, the present invention is not limited to this. The address may be added to the control command and output. In this case, the input units 231 and 331 input a control command, and input an instruction code string and its address added to the input control command. The instruction code string and its address can be added to arbitrary or specific control commands.

  When a random number is read from the registers 234 and 334 of the access control devices 230 and 330 in the configuration added to the control command, depending on the type of the control command, the output timing of the instruction code string and its address matches the read timing of the random number. There are things that do not. For example, when adding to a jackpot command transmitted during the jackpot, the instruction code string and its address are output during the jackpot, whereas the jackpot decision random number must be read before the jackpot occurs. Therefore, for example, the following two configurations can be adopted as the configuration of the access control devices 230 and 330.

  In the first configuration, when authentication is obtained at the time of transmission of the control command, authentication is not performed only for the access of a predetermined permitted number of times. The predetermined permission count may start counting from the first access after the authentication is obtained, or may start counting after a predetermined number of accesses after the authentication is obtained. In the latter case, access before the start of counting is prohibited. Therefore, a predetermined number of dummy accesses are required after authentication, and if this number is not known, access to the registers 234, 334, 236, and 336 cannot be performed even if authentication is obtained, thereby reducing the possibility of unauthorized operation. can do.

  In the second configuration, when authentication is obtained when the control command is transmitted, authentication is not performed only within a predetermined permission period. The predetermined permission period may be started immediately after the authentication is obtained, or may be started after a predetermined time elapses after the authentication is obtained. In the latter case, access before starting is prohibited. Further, when there is an access before the start, subsequent access may be prohibited. Therefore, it is necessary to wait for a predetermined time after the authentication. If this time is not known, the registers 234, 334, 236, and 336 cannot be accessed even if the authentication is obtained, thereby reducing the possibility of an unauthorized operation. be able to.

  In the first and second embodiments, at least one of the instruction code and the instruction code string may be encrypted and used.

  In the first and second embodiments, the case where the control program stored in advance in the ROM 204 is executed when the game control process shown in the flowcharts of FIGS. 10 to 15 is executed has been described. However, the present invention is not limited to this, and the program may be read from the storage medium storing the program showing these procedures into the RAM 206 and executed. The same applies to the processing shown in the flowcharts of FIGS.

  Here, the storage medium is a semiconductor storage medium such as RAM or ROM, a magnetic storage type storage medium such as FD or HD, an optical reading type storage medium such as CD, CDV, LD, or DVD, or a magnetic storage type such as MO. / Optical reading type storage media, including any storage media that can be read by a computer regardless of electronic, magnetic, optical, or other reading methods.

  FIG. 26 is a diagram showing an authentication operation sequence of the main control unit 2a of the pachinko machine based on the power-on command. When the control command is a predetermined command (that is, a power-on command), the encrypted authentication data is added and then transmitted from the main control unit 2a.

  When a control command is stored (S1) and the control command is a power-on command, first authentication data including a verification value is generated (S2). The generated first authentication data is encrypted by a predetermined encryption algorithm (S3). Then, the power-on command to which the first authentication data is added is transmitted from the main control unit 2a to the peripheral unit 3a (S4, S5).

The power-on command to which the first authentication data is added is received by the peripheral part (S6). Then, the power-on command to which the first authentication data is added is transmitted from the peripheral unit 3a to the intermediate unit 3b via the bus 3c (S7, S8).
Further, processing based on the power-on command is performed in the peripheral portion 3a (S9).

The power-on command to which the first authentication data is added is received by the intermediate unit 3b (S10). The intermediate unit 3b generates second authentication data based on the first authentication data (S11). The generated second authentication data is transmitted from the intermediate unit 3b to the peripheral unit 3a (S12, S13). The second authentication data is received by the peripheral part 3a (S14). In the peripheral part 3a, after the decryption process is performed (S15), the authentication process using the second authentication data is performed (S16). In the case of authentication OK, the processing is continued as it is.
If the authentication is not OK (No in S17), it is notified that the main control unit 2a is not valid (S18).

Here, the authentication process in the peripheral part 3a will be described in more detail. For example, when the verification value is “0x12”, encrypted authentication data “0x21” is obtained by the predetermined encryption algorithm as shown in the following formula (1).
0x21 = 0x12 xor 0x33 (1)

When the production control unit 300 receives the power-on command, the encrypted authentication data added to the received command is acquired through steps S704 and S706 shown in FIG. 17, and the acquired encrypted authentication data is stored in a predetermined state. Decrypted by a decryption algorithm.
When the encrypted authentication data “0x21” obtained by the above equation (1) is decrypted by a predetermined decryption algorithm, the verification value “0x12” is obtained by the following equation (2).
0x12 = 0x21 xor 0x33 (2)

  When the verification value is obtained, an expected value “0x12” that is the same value as the verification value generated by the main control unit 2a is read through step S708. Then, through step S710 shown in FIG. 17, the verification value obtained by decoding is collated with the expected value. At this time, since the verification value “0x12” obtained by the above equation (2) matches the expected value “0x12”, authentication is obtained, and the control command is stored in the reception buffer through step S712. Then, processing is executed based on the received control command.

  On the other hand, if an unauthorized act such as an unauthorized control board is connected between the main control board and the production control board, even if the unauthorized control board sends a control command to the production control board, In the effect control unit 300, since the encrypted authentication data is not added to the received command, the verification value does not match the expected value, and there is a high possibility that the authentication cannot be obtained. As a result, the received control command is discarded through steps S716 and S718 shown in FIG. 17, and the fraud notification process is executed (that is, it is notified that the main control unit is not valid).

  Even if an unauthorized control board adds some authentication data and transmits a control command to the production control board, the production control unit 300 cannot obtain an appropriate verification value, so that the verification value matches the expected value. Therefore, there is a high possibility that authentication will not be obtained.

  It should be noted that the order in which the processing is performed is not limited for the transmission of the control command to the intermediate portion in the peripheral portion and the processing based on the control command in the peripheral portion. That is, as shown in FIG. 26, the order in which the control command is transmitted to the intermediate part first and then the process based on the control command may be performed, and conversely, based on the control command. The order may be such that the processing is performed first and then the control command is transmitted to the intermediate portion.

  Similarly, the order in which processing is performed does not matter for the processing based on the control command in the peripheral portion and the authentication processing using the second authentication data in the peripheral portion. In other words, the processing based on the control command may be performed first, and then the authentication processing using the second authentication data may be performed, or vice versa.

FIG. 27 is a sequence diagram illustrating an operation based on a control command other than the power-on command. As shown in FIG. 27, when a control command other than the power-on command is stored (S151), a normal control command to which no authentication data is added is transmitted from the main control unit 2a to the peripheral unit 3a (S152, S153). The control command is received by the peripheral part (S154), and processing based on the control command is performed (S155). Control commands other than the power-on command are not transmitted from the peripheral unit 3a to the authentication unit 3b.
[Timing of authentication operation]

  Incidentally, the main control unit 2a normally outputs a plurality of control commands at intervals. In the following, taking as an example the case where the main control unit 2a outputs the second power-on command after outputting the first power-on command, the main control unit 2a outputs a plurality of control commands at intervals. The timing of the authentication operation when outputting will be described with reference to FIGS. 28 and 29. FIG.

  In FIG. 28, when the main control unit 2a outputs the power-on command A and then outputs the power-on command B, the timing when the presentation or pre-processing or post-processing is executed, and the peripheral unit 3a performs the authentication process. It is a 1st figure which shows a timing. In FIG. 29, when the main control unit 2a outputs the power-on command A and then the power-on command B, the timing when the presentation or pre-processing or post-processing is executed, and the peripheral unit 3a performs the authentication process. It is a 2nd figure which shows a timing.

  When the main controller 2a outputs the power-on command A, it outputs first authentication data associated with the power-on command A together with it. Further, when outputting the power-on command B, the main control unit 2a outputs first authentication data associated with the power-on command B along with it.

  At this time, after the authentication operation is performed on the second authentication data generated based on the first authentication data associated with the power-on command A, the power-on command B is output from the main control unit 2a. There is a case. For example, as shown in FIG. 28, after the production based on the power-on command A or the execution period t41 of the pre-processing or post-processing, the main control unit 2a authenticates based on the second authentication data corresponding to the power-on command A. Is determined in period t42. Thereafter, after the performance based on the power-on command B or the execution period t43 of the pre-processing or post-processing, a period regarding whether or not the main control unit 2a is valid based on the second authentication data corresponding to the power-on command B Determination is made at t44.

  On the other hand, the main control unit 2a may output the power-on command B from the main control unit 2a before the authentication operation for the second authentication data associated with the power-on command A is performed. . In this case, as shown in FIG. 29, after the production based on the power-on command B or the execution period t42 ′ of the pre-processing or post-processing, the main control unit 2a is based on the second authentication data corresponding to the power-on command A. Is determined in the period t43 ′ as to whether or not is valid. Thereafter, based on the second authentication data corresponding to the power-on command B, it is determined in the period t44 'whether or not the main control unit 2a is valid.

  In any case, as is clear from FIGS. 28 and 29, the peripheral unit 3a is based on the second authentication data corresponding to the power-on command after the period in which the process based on the power-on command is executed. It is determined whether or not the main control unit 2a is valid.

  As described above, the pachinko machine according to the present embodiment includes the intermediate unit 3b that generates the second authentication data used to determine whether or not the main control unit 2a is valid, separately from the peripheral unit 3a. Therefore, the burden on the peripheral portion 3a is reduced, the authentication data capacity is increased, or complicated arithmetic processing is performed to increase the security strength compared to the prior art, and whether or not the main control portion 2a is legitimate. Can be determined.

  In addition, the peripheral unit 3a generates the second authentication data generated based on the first authentication data output from the main control unit 2a together with the power-on command after the period when the process based on the power-on command is executed. Thus, it is determined whether or not the main control unit 2a is valid. Therefore, even if the capacity of the authentication data is increased or a complicated calculation process is performed, the intermediate unit 3b can generate the second authentication data independently of the operation of the peripheral unit 3a. Therefore, the pachinko machine according to the present embodiment can determine whether or not the main control unit 2a is legitimate by increasing the strength of security compared to the conventional one.

  In the above-described embodiment, the peripheral board 3 has the bus 3c which is the only communication path used for signal exchange between the peripheral part 3a and the intermediate part 3b. However, as shown in FIG. 30, the peripheral board 3 does not have the bus 3c, but the bus 3d and the bus 3e, which are two communication paths used for signal exchange between the peripheral portion 3a and the intermediate portion 3b. You may have. In that case, the peripheral unit 3a outputs the first authentication data to the intermediate unit 3b via one of the communication paths (for example, the bus 3d), and the intermediate unit 3b determines whether the main control unit 2a is valid. The second authentication data used for the determination is output to the peripheral portion 3a via the other communication path (for example, the bus 3e).

  Further, a memory having a program for causing a computer to realize the functions of the main control unit 2a and a computer for executing the program may be provided on the main control board 2. In this case, the function of the main control unit 2a is realized by the computer executing the program.

  A memory having a program for causing the computer to realize the functions of the peripheral unit 3a and a computer for executing the program may be provided on the peripheral board 3. In this case, the function of the peripheral portion 3a is realized by the computer executing the program.

A memory having a program for causing the computer to realize the function of the intermediate unit 3b and a computer for executing the program may be provided on the peripheral board 3. In this case, the function of the intermediate unit 3b is realized by the computer executing the program.
[Authentication method]

  In the gaming machine described above, the following authentication method is employed. That is, a main control unit that is applied to the gaming machine and outputs a power-on command for designating power-on or designating initialization, and first authentication data for authenticating itself. And a peripheral device for controlling execution of processing based on the power-on command, and a connected device authentication step for authenticating a device connected to the data processing means (for example, FIG. 10). S104), an output step for outputting information relating to an instruction executed by the data processing means to the outside, an input step for inputting information relating to the instruction from the output means, and information relating to the instruction input in the input step And an access control step for controlling access to the storage means by the data processing device, and the first authentication data. Whether or not the main control unit is valid based on the acquisition step (for example, corresponding to S8 and S10 in FIG. 26) and the first authentication data acquired in the acquisition step. Generating the second authentication data for judging whether or not and outputting the second authentication data to the peripheral part (for example, corresponding to S11 to S13 in FIG. 26), and the main control part is valid An authentication method including a step of determining whether or not there is based on the second authentication data (for example, corresponding to S16 in FIG. 26) is employed.

When this authentication method is employed, intermediate data for determining whether or not the main control unit is legitimate, in addition to performing connected device authentication by the CPU as the data processing means and the access control device. By providing an intermediate part that generates authentication, the burden on the peripheral part is reduced compared to the case where all the authentication processing is performed in the peripheral part, and the capacity of authentication data is increased or complicated arithmetic processing is performed. It is possible to determine whether or not the main control unit is valid by increasing the strength compared to the conventional one. In addition, when the peripheral part is determined not to be valid, the peripheral part further includes a step of notifying that effect (for example, corresponding to S18 in FIG. 26), so that employees or players of the pachinko hall It becomes easy to recognize the state.

Then, it may be determined whether or not the main control unit is valid after a period during which the process based on the power-on command is executed. Even after the period when the process based on the power-on command is executed, it is possible to determine whether the main control unit is legitimate, thereby increasing the capacity of the authentication data or performing complicated arithmetic processing. The second authentication data can be generated independently of the operation of the peripheral part. Therefore, it is possible to determine whether or not the main control unit is legitimate by increasing the strength of security compared to the conventional case. Further, among the many control commands, since the authentication data is added to the power-on command and output, the possibility that the authentication data is wiretapped can be reduced.
〔program〕

Moreover, in order to implement | achieve the said authentication method, you may make a computer run the program containing each step of the said authentication method. When this program is executed by a computer, connected device authentication is performed by the CPU that is the data processing means and the access control device, and second authentication that is intermediate data for determining whether or not the main control unit is valid. Since the data is generated in the intermediate part, the burden on the peripheral part is reduced compared to the case where all authentication processing is performed in the peripheral part, the capacity of the authentication data is increased, and complicated calculation processing is performed to enhance the security strength. It is possible to determine whether or not the main control unit is legitimate by making the value larger than the conventional one. When it is determined in the authentication step that the main control unit is not valid, it may further include a notification signal output step of outputting a signal for notifying the authentication result. This makes it easier for employees and players of pachinko halls to recognize the state.
[Modification]

  Further, in the embodiment described above, the case where the peripheral unit 3a performs notification that the main control unit 2a is not valid has been described. Notification may be performed instead of. For example, as shown in FIGS. 31 and 32, a notification unit 4 that notifies that the main control unit 2a is not valid may be provided separately from the peripheral unit 3a. When the notification unit 4 receives a signal indicating that the main control unit 2a is not valid from the peripheral unit 3a, the notification unit 4 notifies the outside of the pachinko machine to that effect.

FIG. 31 is a diagram showing a configuration in which a notification unit 4 is added to the configuration shown in FIG. FIG. 32 is a diagram illustrating a configuration in which a notification unit 4 is added to the configuration illustrated in FIG. 30. In either case of FIG. 31 or FIG. 32, the notification unit 4 performs notification by displaying on a liquid crystal (not shown), or notification by turning on a lamp or the like. Not only visual notification by turning on or blinking a liquid crystal display or a lamp, but also auditory notification by outputting sound from a speaker (not shown) and tactile notification by vibrating a vibrator (not shown). You may go. Moreover, you may perform combining these alerting | reporting.
Further, the peripheral unit 3a may simply pass the first authentication data from the main control unit 2a without receiving it and allow the intermediate unit 3b to receive it.

  In addition, the first authentication data transmitted from the main control unit to the intermediate unit via the peripheral unit is subjected to a complicated encryption process. After the encryption process is canceled in the intermediate unit, the first authentication data is transferred from the intermediate unit to the peripheral unit. The second authentication data to be transmitted to may be subjected to a non-complex encryption process (encryption process simpler than the first authentication data). In this way, even when a complicated encryption process is employed for the first authentication data transmitted from the main control unit to the intermediate part via the peripheral part, the peripheral part employs an uncomplicated encryption process. Since the authentication is performed using the second authentication data, the load on the peripheral portion can be reduced.

  Further, in the above-described embodiment, the gaming machine of the present invention has been described by taking a pachinko machine as an example. However, the gaming machine of the present invention is not limited to a pachinko machine. Examples of the gaming machine of the present invention include a pachislot machine, an amusement game machine, and the like having an execution unit that executes an effect relating to a game. In that case, a gaming machine such as a pachislot machine or an amusement game machine has a main control part 2a, a peripheral part 3a, and an intermediate part 3b.

DESCRIPTION OF SYMBOLS 1 Game board 2 Main control board 2a Main control part 3 Peripheral board 3a Peripheral part 3b Intermediate | middle part 3c-3e Bus | bath 4 Information part 100 Game control apparatus 101 Game area 102a, 102b Rail 104 Symbol display part 105 Start winning opening 106 Winning gate 107 Normal winning port 108 Collection port 109 Large winning port 201 Main control unit 202 CPU
202a Production control unit 203 CPU core 203a Control unit 203b Calculation unit 203c Register 203d Prize ball control unit 204 ROM
206 RAM
210 I / F
216 Bus 218 Check value calculation unit 230 Access control device 231 Input unit 232 Calculation unit 234, 236 Register 238 Access control unit 280 Start winning port detection unit 282 Gate detection unit 284 Normal winning port detection unit 286 Large winning port detection unit 288 Large winning a prize Mouth opening / closing unit 300 Production control unit 302 CPU
304 ROM
306 RAM
308 VRAM
310 I / F
311 Control command storage unit 312 Addition unit 313 Recording unit 314 Production related device group 314a Transmission unit 318 Check value calculation unit 321 Reception unit 322 Intermediate unit 323 Notification signal output unit 330 Access control unit 331 Input unit 332 Calculation unit 334, 336 Register 338 Access control unit 380 Speaker 382 Audio control unit 384 Lamp 386 Lamp control unit 400 Prize ball control unit 402 CPU
404 ROM
406 RAM
410 I / F
414 Prize ball-related device group 480 Dispensing unit 482 Launching unit 500 Control command 501 Control data 502 Authentication data

Claims (17)

A lottery means for performing a lottery upon establishment of a predetermined condition, a symbol changing means for variably displaying a symbol by a symbol display means, and a special prize after the symbol is stopped in a predetermined manner based on a lottery result of the lottery means A gaming machine comprising a main control unit having a special prize state generating means for generating a state,
The main control unit
Outputting a power-on command for designating power-on or designating initialization, and first authentication data for authenticating that it is valid,
further,
With the output of the main control unit as an input, the execution of processing based on the power-on command is controlled, and a peripheral unit that outputs the first authentication data;
Generating second authentication data for determining whether or not the main control unit is valid based on the first authentication data output from the peripheral unit; An intermediate part that outputs to the part,
The peripheral portion is
A data processing device that determines whether or not the main control unit is legitimate based on the second authentication data, and that performs data processing relating to effects, and an access control device that controls access by the data processing device Prepared,
The data processing device includes:
Data processing means, and output means for outputting information relating to instructions executed by the data processing means to the outside,
The access control device
Storage means for storing data for performing the data processing; input means for inputting information related to the command from the output means; and the storage by the data processing device based on information related to the command input by the input means An access control means for controlling access to the means. In claim 1,
When the access control means determines that the access permission condition is satisfied based on the information related to the command input by the input means, the access control means permits access to the storage means and determines that the access permission condition is not satisfied Is a game machine that restricts access to the storage means. In claim 2,
The output means outputs an instruction code or an instruction code string executed by the data processing means,
The gaming machine characterized in that the access permission condition includes that the instruction code or instruction code string input by the input means is a predetermined code or code string. In any one of Claim 2 and 3,
The data processing device includes:
Further comprising instruction code storage means for storing an instruction code executed by the data processing means;
The output means outputs storage position information indicating a storage position in the instruction code storage means of an instruction code or an instruction code sequence executed by the data processing means;
The gaming machine characterized in that the access permission condition includes that the storage position of the storage position information input by the input means is a predetermined storage position. In any one of Claim 2 and 3,
The data processing device includes:
Instruction code storage means for storing an instruction code executed by the data processing means;
An arithmetic means for performing a predetermined operation using at least a part of the instruction code or the instruction code string stored in the instruction code storage means;
The output means outputs a calculation result of the calculation means;
The gaming machine according to claim 1, wherein the access permission condition includes that the calculation result input by the input means is a predetermined result. In any one of Claim 2 and 3,
The data processing device includes:
Instruction code storage means for storing an instruction code executed by the data processing means;
A calculation unit that performs a predetermined calculation using a predetermined fixed value stored in the instruction code storage unit;
The output means outputs a calculation result of the calculation means;
The gaming machine according to claim 1, wherein the access permission condition includes that the calculation result input by the input means is a predetermined result. In any one of Claims 2 thru | or 6,
The output means outputs execution result information indicating an execution result of an instruction code or an instruction code sequence executed by the data processing means;
The gaming machine characterized in that the access permission condition includes that the execution result of the execution result information input by the input means is a predetermined result. In any one of Claims 1 thru | or 7,
The access control means controls access to a specific address space in the storage means. In any one of Claims 1 thru | or 8,
A gaming machine, further comprising a control status notification means for notifying a status of access control by the access control means. The gaming machine according to any one of claims 1 to 9, wherein when the main control unit determines that the peripheral unit is not valid, the peripheral unit notifies the fact. 11. The peripheral device according to claim 1, wherein the peripheral unit determines whether or not the main control unit is valid after a period during which processing based on the power-on command is executed. Game machines. The gaming machine according to any one of claims 1 to 11, further comprising a single path used for signal exchange between the peripheral portion and the intermediate portion. Two paths used for signal exchange between the peripheral part and the intermediate part,
The peripheral portion outputs the first authentication data to the intermediate portion through one of the paths,
The gaming machine according to any one of claims 1 to 12, wherein the intermediate unit outputs the second authentication data to the peripheral unit through the other of the paths. A main that is applied to the gaming machine according to claim 1 and outputs a power-on command for designating power-on or designating initialization, and first authentication data for authenticating itself. An authentication method for authenticating the main control unit in a gaming machine comprising a control unit and a peripheral unit that controls execution of processing based on the power-on command,
A connected device authentication step for authenticating a device connected to the data processing means, and an output step for outputting information relating to a command executed by the data processing means to the outside;
An input step of inputting information relating to the command from the output means;
An access control step for controlling access to the storage means by the data processing device based on information relating to the instruction input in the input step;
Obtaining the first authentication data via the peripheral part; and
Based on the first authentication data acquired in the acquisition step, second authentication data for determining whether or not the main control unit is valid is generated, and the second authentication data is transmitted to the peripheral unit. Output step;
And determining whether or not the main control unit is valid based on the second authentication data.   The authentication method according to claim 14, further comprising a notification signal output step of outputting a signal for notifying the authentication result when the main control unit is determined not to be valid. The authentication method according to any one of claims 14 and 15, wherein it is determined whether or not the main control unit is valid after a period during which processing based on the power-on command is executed.   A program causing a computer to execute each step of the authentication method according to any one of claims 14 to 16.

Images