JP2018081352A - Meter reading system, meter reading method and meter reading program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a meter reading system capable of easily verifying the presence or absence of falsification of received meter reading data at a supplier side.SOLUTION: A reading meter 1 generates a meter reading data including a meter ID identifying the reading meter 1, a meter reading value indicating a supply amount for a consumer, and a hash value calculated based on the meter reading value and a preset meter session ID and transmits the meter reading data to a relay device 2. The relay device 2 encrypts the meter reading data and sends to a reading meter server 3. The reading meter server 3 decrypts the encrypted meter reading data, calculates a hash value as a verification value based on the obtained meter reading value by decrypting and a preset server session ID, compares the calculated hash value as the verification value and the obtained hash value by decrypting, and if both match, determines that the obtained meter reading value by decrypting is the correct meter reading value read by the reading meter 1.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a meter reading system, a meter reading method, and a meter reading program, and more particularly to a meter reading system, a meter reading method, and a meter reading program having an illegal report detection function. That is, according to the present invention, there are a supplier, a consumer, and a meter reader, and a certain service or supply that can be measured is provided from the supplier to the consumer, and the supply amount of the provided service or supply is reduced. It can be used for a system in which the meter reader reports to the supplier. Here, the present invention can also be applied when the consumer and the meter reader are the same.

  For example, the present invention can be used not only for metering electricity usage but also for metering water and gas, and can also be used for settlement of charges in parking lots and bicycle parking lots where fees are determined by the time used. It is possible.

  In Japanese Patent Application Laid-Open No. 2009-32012 “Automatic Electricity Metering Device and Automatic Metering System” of Patent Document 1, a consumer acquires meter reading data using a self-owned mobile phone terminal instead of a supplier, A technique related to an automatic meter reading system is disclosed in which the acquired meter reading data is notified to a supplier using a public network. In other words, in the automatic meter reading system described in Patent Document 1, the burden on the supplier side when calculating the electricity bill is made by letting the consumer perform the meter reading work of the electricity usage by the meter reading worker employed by the supplier. The purpose is to reduce.

  In the automatic meter reading system described in Patent Document 1, an electric meter (meter meter) for measuring the amount of electricity used and an automatic meter reading device owned by a supplier are connected via some communication devices and communication networks. doing. Here, some communication devices and communication networks include a PLC (Power Line Communication) communication network, a contactless IC communication device (or RFID (Radio Frequency Identifier) communication device), a mobile phone terminal, It refers to a mobile communication network, an IP (Internet Protocol) network, and the like. And in each communication apparatus and a communication network, in order to ensure the reliability of meter-reading data, the meter-reading data to transmit are encrypted and highly confidential communication is performed. However, in a communication device (for example, a mobile phone terminal) through which meter-reading data passes, encrypted meter-reading data is in a decrypted state. For this reason, in the case of a malicious customer, it is possible to tamper with the meter reading data and notify the supplier.

JP 2009-32012 JP

  As described above, in the automatic meter reading system described in Patent Document 1, a consumer acquires a meter reading data by using a mobile phone terminal owned by the consumer instead of a supplier. A system is adopted in which meter reading data is notified to the supplier using a public network.

  The communication reliability in the automatic meter reading system described in Patent Document 1 will be considered below. In the communication device and the communication network constituting the automatic meter reading system, as described above, encryption is applied to the meter reading data to be transmitted in each communication device and the communication network, and highly confidential communication is performed. On the other hand, in the meter reading meter for acquiring meter reading data and the communication device through which the meter reading data passes, as described above, the encrypted meter reading data is in a decrypted state. For this reason, the automatic meter reading system described in Patent Document 1 has the following problems.

  The first problem is that if there is a malicious meter reader or customer, the electricity charge is actually higher in the relaying communication device, that is, the meter meter or portable communication terminal owned by the meter reader or customer. The meter reading data and the meter reading data to be relayed can be tampered with and notified to the supplier so that they can be charged as low as possible.

  In other words, the automatic meter reading system described in Patent Document 1 is based on the premise of a meter reading operation for the amount of electricity used by a good-value meter reader, and does not assume the presence of a malicious meter reader. Here, the meter reading person means a person in charge of meter reading work. The meter reader may be the same as the consumer, or a third party other than the supplier and the consumer may undertake meter reading work. Further, the malicious meter reader refers to a meter reader who transmits illegal meter reading data to the supplier such as reducing the amount to be used less than the actual amount used.

  Further, the second problem is that when a malicious meter reader (including a customer) rewrites or forges the meter reading data and transmits it to the supplier, the supplier takes such a measure. In other words, it is impossible to verify whether or not the illegal meter reading data altered by an illegal act is received.

(Object of the present invention)
The present invention has been made in view of the reliability of communication of a meter reading system like this, and enables the supplier to verify whether or not the meter reading data has been tampered with when tampering with the meter reading data.

  In other words, the first problem to be solved in the present invention is to enable the supplier side to verify the authenticity of the received meter reading data. The second problem is to enable the supplier to perform authenticity verification as to whether the received meter reading data is meter reading data sent from an expected sender. Furthermore, the third problem is to make it possible to construct a mechanism on the supplier side for authenticity verification of received meter-reading data at a low cost.

  In order to solve the above problems, the present invention provides a meter reading system, a meter reading method, and a meter reading program that enable a supplier to easily verify the presence or absence of falsification of received meter reading data. That is the purpose.

  In order to solve the above-described problems, the meter reading system, the meter reading method, and the meter reading program according to the present invention mainly adopt the following characteristic configuration.

(1) The meter reading system according to the present invention comprises:
A meter-reading meter that performs meter-reading of the amount supplied to the consumer, a meter-reading server that manages the meter-reading value read by the meter-reading meter, and a relay device that relays data transferred between the meter-reading meter and the meter-reading server A meter reading system comprising:
The meter-reading meter includes meter-metering data that includes a meter ID that identifies the meter-reading meter, a meter-reading value that indicates a supply amount to a consumer, and a hash value that is calculated based on the meter-reading value and a preset meter session ID. And transmit to the relay device,
The relay device that has received the meter-reading data transmits the received meter-reading data to the meter-reading server,
The meter-reading server that has received the meter-reading data calculates a hash value as a verification value based on the meter-reading value in the meter-reading data and a preset server session ID, and uses the hash value calculated as the verification value as the meter reading. Compared with the hash value in the data, if both match, the meter reading value is determined to be a correct meter reading value measured by the meter meter.

(2) The meter reading method according to the present invention includes:
A meter-reading meter that performs meter-reading of the amount supplied to the consumer, a meter-reading server that manages the meter-reading value read by the meter-reading meter, and a relay device that relays data transferred between the meter-reading meter and the meter-reading server A meter reading method in a meter reading system including
Creating meter-reading data including a meter ID for identifying the meter-reading meter, a meter-reading value indicating a supply amount to a consumer, and a hash value calculated based on the meter-reading value and a preset meter session ID; And performing the step of transmitting the created meter reading data to the relay device with the meter meter,
Receiving the meter-reading data and performing the step of transmitting the received meter-reading data to the meter-reading server in the relay device;
Receiving the meter-reading data, calculating a hash value as a verification value based on a meter-reading value in the meter-reading data and a preset server session ID, and calculating the hash value calculated as the verification value as a hash in the meter-reading data When the two values coincide with each other, the step of determining that the meter reading value is a correct meter reading value measured by the meter meter is performed by the meter reading server.

(3) The meter reading program according to the present invention is:
A meter-reading meter that performs meter-reading of the amount supplied to the consumer, a meter-reading server that manages the meter-reading value read by the meter-reading meter, and a relay device that relays data transferred between the meter-reading meter and the meter-reading server A meter reading program executed as a program by a computer in the relay device in a meter reading system including at least
A process step of starting when a start instruction is received from a meter reader and transmitting a meter reading request to the meter meter;
Meter reading data including a meter ID for identifying the meter reading meter from the meter reading meter, a meter reading value indicating a supply amount to a consumer, and a hash value calculated based on the meter reading value and a preset meter session ID. Receiving processing steps;
A processing step of notifying the meter reader of the meter reading value included in the meter reading data received from the meter meter and obtaining approval;
A step of transmitting the meter-reading data received from the meter-reading meter to the meter-reading server;
In the meter reading server that has received the meter reading data, based on the hash value in the meter reading data, transmits a verification result that verifies whether or not the meter reading value in the meter reading data is a correct meter reading value measured by the meter reading meter. A processing step of receiving the meter reading result transmitted when
And a processing step of notifying the meter reading person of the meter reading result received from the meter reading server.

  According to the meter reading system, the meter reading method and the meter reading program of the present invention, the following effects can be obtained.

  In the present invention, a hash value is generated from a meter reading value and a preset meter session ID in the meter reading meter, and meter reading data transferred from the meter reading meter to the meter reading server is a meter ID for specifying the meter meter, and a meter reading value. In addition, the generated hash value is included. Therefore, according to the present invention, it is possible to verify whether or not the meter reading value received from the meter meter is correct in the meter reading server that manages the meter reading value that is the meter reading result of the supply amount to the consumer. That is, the present invention can provide a meter reading system, a meter reading method, and a meter reading program that enable the supplier to easily verify whether or not the received meter reading data has been tampered with.

It is explanatory drawing explaining the flow and process of data for verification of the meter-reading system by this invention. It is explanatory drawing for demonstrating the case where tampering of a meter-reading value is performed in the relay apparatus of the meter-reading system shown in FIG. 1, and a false meter-reading value is transmitted to the meter-reading server. It is a system configuration figure showing an example of the system configuration of the meter-reading system by the present invention. It is a flowchart which shows an example of the basic operation | movement of the meter-reading system by this invention shown as an example in FIG. It is a flowchart explaining an example of the whole operation | movement to the meter-reading of the meter-reading system by this invention shown as an example in FIG. 6 is a sequence chart illustrating an example of a flow of session ID initial value generation operation in the session ID initialization sequence illustrated in FIG. 5. It is explanatory drawing explaining an example of the update operation | movement of session ID memorize | stored in each meter-reading meter and meter-reading server. It is a sequence chart which shows an example of the flow of the key grant operation | movement in the key grant sequence shown in FIG. It is a sequence chart which shows an example of the flow of meter-reading operation | movement in the meter-reading sequence shown in FIG. 6 is a sequence chart showing a first other example different from FIG. 6 of the flow of the session ID initial value generation operation in the session ID initialization sequence shown in FIG. 5. 6 is a sequence chart showing a second other example different from FIG. 6 of the flow of the session ID initial value generation operation in the session ID initialization sequence shown in FIG. 5. FIG. 10 is a sequence chart showing a third other example different from FIG. 6 of the flow of the session ID initial value generation operation in the session ID initialization sequence shown in FIG. 5.

  Hereinafter, preferred embodiments of a meter reading system, a meter reading method, and a meter reading program according to the present invention will be described with reference to the accompanying drawings. In the following description, a meter reading system and a meter reading method according to the present invention will be described. However, the meter reading method may be implemented as a program executable by a computer, or the program can be read by a computer. Needless to say, the data may be recorded on any recording medium. In addition, it is needless to say that the drawing reference numerals attached to the following drawings are added for convenience to the respective elements as an example for facilitating understanding, and are not intended to limit the present invention to the illustrated embodiments. Yes.

(Features of the present invention)
Prior to the description of the embodiments of the present invention, an outline of the features of the present invention will be described first. The present invention
A meter-reading meter that performs meter-reading of the amount supplied to the consumer, a meter-reading server that manages the meter-reading value read by the meter-reading meter, and a relay device that relays data transferred between the meter-reading meter and the meter-reading server And comprising
The meter-reading meter includes meter-metering data that includes a meter ID that identifies the meter-reading meter, a meter-reading value that indicates a supply amount to a consumer, and a hash value that is calculated based on the meter-reading value and a preset meter session ID. And transmit to the relay device,
The relay device that has received the meter-reading data encrypts the received meter-reading data using a secret key stored in advance and transmits the encrypted data to the meter-reading server,
The meter-reading server that has received the encrypted meter-reading data decrypts the encrypted meter-reading data using a public key held in advance, and further decrypts the encrypted meter-reading data. A hash value is calculated as a verification value based on the obtained meter reading value and a preset server session ID, and the hash value calculated as the verification value is obtained by decrypting the encrypted meter reading data. Compared with the hash value, if both match, it is determined that the meter reading value obtained by decrypting the encrypted meter reading data is the correct meter reading value measured by the meter meter. It is said.

  Thus, in the meter reading server that manages the meter reading value that is the meter reading result of the supply amount to the consumer, it is possible to verify whether or not the meter reading value received from the meter reading meter is correct, and the meter reading data from the meter reading meter There is an effect that it is possible to confirm whether or not the tampering with respect to the meter reading data has occurred in the relay device or the public line network intervening in the transfer route.

  The outline of the present invention will be described in more detail with reference to the drawings. FIG. 1 is an explanatory diagram for explaining the data flow and processing for verification of the meter reading system according to the present invention. The meanings of symbols used in the description of FIG. 1 and the description of FIG. 1 will be described first.

  (1) 'Hash value (data)' means a hash value of 'data' in parentheses. For example, a hash value (meter reading value) means a hash value of the meter reading value.

  (2) The symbol “|” means the connection of the data described on the left and right. For example, when A | B is written, it means that data A and data B are connected.

  (3) The function “E (key, data)” encrypts and decrypts the second data in parentheses, ie, data, using the first encryption key, ie, key, in parentheses. Means a function to Originally, encryption and decryption are terms representing the opposite processes. However, in the present invention, since it is assumed that a symmetric encryption method is used, the same function 'E (key, data)' described above is used. Used to perform encryption or decryption processing.

  (4) The secret key is a key used for encryption in the relay device that relays the meter reading data.

  (5) The public key is a key used for decryption in the meter-reading server that collects meter-reading data.

  (6) The meter ID is identification information for the meter-reading server to identify each meter-reading meter in the meter-reading system in which one to a plurality of meter-reading meters measure each meter.

  (7) The meter reading value is a numerical value of the supply amount supplied by the supplier, in other words, the usage amount used by the consumer. For example, when the meter-reading meter is a power meter, the meter-reading value is a power usage amount. In addition, when the electricity bill changes according to the usage time zone like the electricity bill, the meter reading value is a numerical value that summarizes the usage time zone and the amount of electricity used. Further, in the case of a service that changes the usage fee according to the occupied time zone, such as a parking lot fee, the meter reading value is a numerical value that summarizes the occupied time zone and the occupied time.

  (8) The session ID is a value that the relay device does not know, and is a value known by the two devices of the meter-reading meter and the meter-reading server, and is set and stored in advance in each of the meter-reading meter and the meter-reading server. In addition, in order to make the session ID decipherable, the meter ID and the meter-reading server update the session ID based on a predetermined rule (for example, a rule that updates every predetermined time interval). In the following description, for ease of explanation, a session ID stored on the meter-reading meter side is described as a meter session ID, and a session ID stored on the meter-reading server side is described as a server session ID. In principle, the meter session ID set in the storage area on the meter-reading meter side and the server session ID set in the storage area for the meter-reading meter on the meter-reading server side are set to the same value.

  (9) In addition, the character string in the square box of the continuous line of FIG. 1 shows the apparatus name of the apparatus which comprises this meter-reading system. A character string in a broken-line square box indicates the contents of processing performed in each device. A solid line arrow indicates a data flow, and a broken line arrow indicates a processing flow.

  Next, the outline of the explanatory diagram of FIG. 1 will be described. First, as shown in FIG. 1, the meter reading system according to the present invention includes at least three devices: a meter reading meter 1, a relay device 2, and a meter reading server 3.

  The meter-reading meter 1 generates meter-reading data. As shown in FIG. 1, the meter reading data includes a meter ID, a meter reading value, and a hash value. Here, the hash value is a value obtained from the combined value of the meter reading value and the meter session ID. The hash value is obtained by calculating a hash value in the meter-reading meter 1 as shown in step S1 of FIG. The meter-reading meter 1 transmits the meter-reading data to the relay device 2.

The relay device 2 performs an encryption process. As shown in step S2 of FIG. 1, the encryption process uses a known secret key held in advance and uses an encryption function 'E (secret key, meter reading data)' The encrypted data of the meter reading data received from 1 is generated. That is, the following calculation is performed.
Encrypted data = E (secret key, meter reading data)
= E (secret key, meter ID | meter reading value | hash value (meter reading value | meter session ID)
The relay device 2 transmits the encrypted data that has been encrypted to the meter-reading server 3.

In the decryption process, the meter-reading server 3 decrypts the encrypted data received from the relay device 2 to obtain decrypted data. As shown in step S3 of FIG. 1, the decryption process is performed according to the following calculation formula using a known public key held in advance.
Decrypted data = E (public key, E (secret key, meter reading data))
= E (public key, E (secret key, meter ID) meter reading value | hash value (meter reading value | meter session ID))
= Meter ID | Meter reading value | Hash value (meter reading value | Meter session ID)

  If the decryption process is successful in the meter reading server 3, it is proved that the data is the encrypted data from the relay device 2 expected by the meter reading server 3. If it is proved that valid encrypted data is obtained, the meter-reading server 3 next verifies the meter-reading value obtained by the decryption process.

  First, a hash value (meter reading value | meter session ID) obtained by the decryption process is set as a value to be verified. Next, the meter reading server 3 reads the server session ID corresponding to the meter ID from the storage area of the meter reading server 3 using the meter ID obtained by the decoding process. Next, the meter reading server 3 performs a hash value calculation. The hash value calculation in the meter-reading server 3 calculates a hash value (meter-reading value | server session ID) using the meter-reading value and server session ID of the decoding result as shown in step S4 of FIG. Then, a hash value (meter reading value | server session ID) obtained as a calculation result is set as a verification value.

  Next, the meter reading server 3 performs a verification process using the hash value of the value to be verified (meter reading value | meter session ID) and the hash value of the verification value (meter reading value | server session ID). Here, the verification process is a process of obtaining a verification result by comparing the value to be verified with the verification value as shown in step S5 of FIG.

  In the verification process, when the value to be verified = the verification value, the verification result regarding the meter reading value of the decoding result is obtained as true. On the other hand, when the value to be verified ≠ the verification value, the verification result is obtained as false. The above is the outline of the operation of the meter reading system according to the present invention.

  Next, the case where the meter reading value has been tampered with will be further described with reference to FIG. FIG. 2 is an explanatory diagram for explaining a case where the meter reading value is falsified in the relay device 2 of the meter reading system shown in FIG. 1 and a false meter reading value is transmitted to the meter reading server 3.

As shown in step S2A of the explanatory diagram of FIG. 2, when the meter reading value received from the meter meter 1 is altered in the relay device 2, the meter reading value subjected to the encryption process is rewritten to a false meter reading value. It will be. That is, the encryption process shown in the following equation is performed.
E (secret key, meter ID | fake meter reading value | hash value (meter reading value | meter session ID)

  Here, since the relay apparatus 2 cannot reversely calculate the meter reading value and the meter session ID for calculating the hash value from the hash value before encryption, it is used for verification of the false meter reading value before encryption. It is impossible to verify whether or not the hash value has been altered to a fake meter reading value.

  The meter reading server 3 that has received the encrypted data including the false meter reading value from the relay device 2 in the hash value calculation process after the decryption process, as shown in step S4A of FIG. Using the session ID, a hash value (false meter reading value | server session ID) is calculated. Then, the hash value obtained as the calculation result (false meter reading value | server session ID) is set as the verification value.

  As a result, as shown in step S5A of FIG. 2, the meter-reading server 3 obtains the hash value of the value to be verified (meter-reading value | meter session ID) and the hash value of the verification value (false meter-reading value | The verification process using the server session ID) is performed. In the verification process, since the verification result is not equal to the verification value ≠ verification value, it is verified that the meter reading value received by the meter reading server 3 is false. The above is the outline of the operation of the meter reading system according to the present invention when the meter reading value is falsified.

(Configuration example of embodiment)
Next, an example of the system configuration of the meter reading system according to the present invention (configuration example of the embodiment of the present invention) will be described with reference to FIG. FIG. 3 is a system configuration diagram showing an example of a system configuration of the meter reading system according to the present invention. As shown in the system configuration diagram of FIG. 3, the meter reading system according to the present invention includes at least a meter meter 1, a relay device 2, a public network 4, and a meter reading server 3.

  The meter-reading meter 1 is a device for measuring the amount of supply to a consumer, and refers to a device for measuring the amount of supply for a certain period of time predetermined by the supplier. For example, the meter-reading meter 1 is a device that measures the supply amount of electricity, gas, water and the like. The relay device 2 is a device that relays data transferred between the meter-reading meter 1 and the meter-reading server 3, and refers to a device that relays communication between the meter-reading meter 1 and the meter-reading server 3. For example, the relay device 2 has a function of reading a meter reading value from the meter meter 1 and transmitting it to the meter reading server 3. Specific examples of the relay device 2 include a mobile phone terminal, a smartphone, etc. owned by the meter reader 6 or a setting operator (not shown in FIG. 1).

  The public line network 4 indicates a communication line used in general public communication, and is, for example, a communication line for data communication called a mobile phone line or an Internet line. The public line network 4 may be a line network that combines these communication lines.

  The meter-reading server 3 is a device that manages the meter-reading values read by the meter-reading meter 1 and refers to a device for the meter-reading person 6 to collect meter-reading values periodically at a predetermined cycle.

  As described above, the meter reading person 6 means a person who uses the relay device 2 to perform meter reading work. The meter reader 6 is, for example, a consumer who pays for the supply, a meter reading worker employed by the supplier, or the like. In the case of a condominium or a rental house, the manager may be the meter reader 6. Note that the setting operator (not shown in FIG. 3) is a person employed by the supplier, who uses the relay device 2 to perform an operation for starting the operation for setting the initial value of the session ID. Point to. The relay device 2 used when performing the operation for starting the operation for setting the initial value of the session ID includes the case where the device is owned by the supplier or the setting operator, strictly speaking, possessed by the meter reading person in FIG. It is different from the relay device.

  As a communication method between the meter-reading meter 1 and the relay apparatus 2, generally, the radio | wireless technique called near field communication is used. Short-range wireless communication is a wireless technology called RFID (Radio Frequency Identifier) or NFC (Near Field Communication), for example, and is wireless by bringing the antenna portions of each device close to a short distance of several centimeters. It refers to communications that can communicate. Alternatively, as a communication method between the meter-reading meter 1 and the relay device 2, communication capable of wireless communication up to a distance of several tens of meters called Bluetooth (registered trademark) or wireless LAN (Local Area Network) is used. Also good.

  As a means for connecting the relay device 2 to the public line network 4, for example, a cellular phone communication line can be used, and a wireless LAN can also be used.

  As a means for connecting the meter-reading server 3 to the public network 4, for example, a wired LAN is used. Although it is possible to use a wireless communication technology, a wired LAN is preferable because it is preferable that communication stability is high.

(Description of operation of embodiment)
Next, an example of the operation of the meter reading system according to the present invention (one embodiment of the present invention) shown as an example in the system configuration diagram of FIG. 3 will be described. First, the outline of the basic operation of the meter reading system will be described with reference to the flowchart of FIG. FIG. 4 is a flowchart showing an example of the basic operation of the meter reading system according to the present invention shown as an example in FIG.

  As shown in the flowchart of FIG. 4, the basic operation of the meter reading system according to the present invention is composed of three sequences: a session ID initialization sequence (sequence Seq1), a key distribution sequence (sequence Seq2), and a meter reading sequence (sequence Seq3). The Among these, the meter reading sequence (sequence Seq3) is a sequence for verifying the meter reading value, which is a feature of the present invention. The session ID initialization sequence (sequence Seq1) and the secret key issue sequence (sequence Seq2) are important sequences for performing preprocessing for realizing the characteristics of the meter reading operation according to the present invention.

  Next, an outline of the entire operation up to the meter reading in the meter reading system according to the present invention will be described with reference to the flowchart of FIG. FIG. 5 is a flowchart for explaining an example of the entire operation up to the meter reading of the meter reading system according to the present invention shown as an example in FIG.

  As shown in the flowchart of FIG. 5, the operation up to the meter reading of the meter reading system according to the present invention has the same configuration as the flowchart of FIG. 4, and includes a session ID initialization sequence (sequence Seq11), a key grant sequence ( By passing through the three steps of sequence Seq12) and meter reading sequence (sequence Seq13), the meter reading value read by meter meter 1 is transferred to meter reading server 3 to verify whether or not it is a correct meter reading value. .

  In the session ID initialization sequence of sequence Seq11, the same value called “session ID” is set in meter-reading meter 1 and meter-reading server 3 within a predetermined time. Here, 'session ID' is data for the meter reading server 3 to verify the authenticity of the meter reading value received from the meter meter 1 via the relay device 2 and the public line network 4. Therefore, since it is important to maintain the confidentiality of the “session ID”, it is necessary to reliably prevent leakage to the outside.

  In the key issue sequence of sequence Seq12, first, the meter-reading server 3 generates a secret key and a public key, and then the meter-reading server 3 delivers the generated secret key to the relay device 2. A secret key is a key used in a method called a secret key encryption method, and is a symmetric encryption method in which a secret key and a public key can be used for encryption, decryption, decryption, and encryption, respectively. It means that it is a key to be adopted.

  In the meter reading sequence of sequence Seq13, the meter reading value measured by the meter meter 1 is transmitted to the meter reading server 3. In addition, the meter reading value referred to here may be a data group of information associated with information such as the date and time of supply, day of the week, and time zone.

  Next, symbols and names used in the meter reading sequence described in detail below will be described.

  (1) 'Hash value (data)' means a hash value of 'data' in parentheses as described above. For example, a hash value (meter reading value) means a hash value of the meter reading value.

  (2) The symbol “|” means the connection of the data written on the left and right as described above. For example, when A | B is written, it means that data A and data B are connected.

  (3) As described above, the function 'E (key, data)' uses the first encryption key or key in parentheses, and uses the second data or data in parentheses. Means a function to encrypt and decrypt. Originally, encryption and decryption are terms representing the opposite processes, but in the present invention, as described above, since it is assumed that a symmetric encryption method is used, the same function 'E (key , data) ′ to perform encryption or decryption processing.

  (4) The secret key is a key used for encryption in the relay device 2 that relays data as described above.

  (5) The public key is a key used for decryption in the meter-reading server 3 that collects meter-reading data as described above.

  (6) As described above, the meter ID is identification information for the meter-reading server 3 to identify each meter-reading meter 1 in the meter-reading system in which each of the plurality of meter-reading meters 1 performs meter reading.

  (7) As described above, the meter reading value is a numerical value of the supply amount supplied by the supplier, in other words, the usage amount used by the consumer. For example, when the meter-reading meter 1 is a power meter, the meter-reading value is a power usage amount. In addition, when the electricity bill changes according to the usage time zone like the electricity bill, the meter reading value is a numerical value that summarizes the usage time zone and the amount of electricity used. Further, in the case of a service that changes the usage fee according to the occupied time zone, such as a parking lot fee, the meter reading value is a numerical value that summarizes the occupied time zone and the occupied time.

  (8) As described above, the session ID is a value that the relay device 2 does not know in order to maintain confidentiality, and is a value that the meter reading meter 1 and the meter reading server 3 know, and the meter reading meter 1 and the meter reading server. 3 is set and stored in advance. Further, in order to make it difficult to read the session ID, the meter reading meter 1 and the meter reading server 3 update the session ID based on a predetermined rule. In the following description, for ease of explanation, as described above, the session ID stored on the meter-reading meter 1 side is the meter session ID, and the session ID stored on the meter-reading server 3 side is the server session ID. Will be described. The server session ID on the meter-reading server 3 side is set and stored in each storage area of the meter-reading server 3 assigned to each corresponding meter-reading meter 1. Here, in principle, the meter session ID set in the storage area on the meter-reading meter 1 side and the server session ID set in the storage area for the meter-reading meter on the meter-reading server 3 side are set to the same value in principle. It is.

Next, in the following description, symbols used for displaying various data will be described.
(A) MID represents a meter ID that specifies the meter-reading meter 1.
(B) MID ′ represents the received meter ID (data corresponding to the meter ID (MID)) received from the meter-reading meter 1 by the meter-reading server 3 via the relay device 2.
(C) SIDM represents the session ID managed by the meter-reading meter 1, that is, the value of the meter session ID.
(D) SIDS represents the session ID managed by the meter-reading server 3, that is, the value of the server session ID.
(E) Hm represents a hash value for verification calculated by the meter-reading meter 1 (that is, a hash value corresponding to the value to be verified at the time of verification processing in the meter-reading server 3 as described in FIG. 1).
(F) Hm ′ represents a received hash value for verification (data corresponding to the hash value for verification (Hm)) received by the meter-reading server 3 from the meter-reading meter 1 via the relay device 2.
(G) Hs represents a verification hash value calculated by the meter-reading server 3 (that is, a hash value corresponding to a verification value at the time of verification processing in the meter-reading server 3 as described in FIG. 1).
(H) MV represents a meter value measured by the meter-reading meter 1, that is, a meter-reading value.
(I) MV ′ represents a received meter value received by the meter-reading server 3 from the meter-reading meter 1, that is, a received meter-reading value (data corresponding to the meter value (MV)).
(J) Erep represents encrypted data obtained by encrypting the meter reading data received from the meter meter 1 in the relay device 2.
(K) E′rep represents received encrypted data (data corresponding to the encrypted data (Erep)) received from the relay device 2 by the meter-reading server 3.
(L) KeyS means a secret key generated by the meter-reading server 3.
(M) KeyP means a public key generated by the meter-reading server 3.

  Next, an example of the flow of the session ID initial value generation operation in the session ID initialization sequence shown in the sequence Seq11 of the flowchart of FIG. 5 will be described using the sequence chart of FIG. FIG. 6 is a sequence chart showing an example of the flow of session ID initial value generation operation in the session ID initialization sequence, and shows an example of the case where the initial value of the session ID is generated in the meter-reading meter 1. In FIG. 6, the description of the public line network 4 constituting the meter reading system is omitted, and an example of operations and operations in the meter meter 1, the relay device 2, the meter reading server 3, and the setting operator 5 are shown. Here, as described above, the setting operator 5 is a person employed by the supplier, and refers to a person who uses the relay device 2 to perform an operation for starting the setting operation of the initial value of the session ID. Further, as described above, the relay device 2 used when performing the operation for starting the setting operation of the initial value of the session ID includes a case where the device is owned by the supplier or the setting operator, and strictly speaking, the meter reading is performed. It is different from the relay device owned by the person.

  As described above, the purpose of the session ID initialization sequence is to set the same value for a variable called “session ID” managed in each of the meter-reading meter 1 and the meter-reading server 3 within a predetermined time period, Thus, it is possible to verify the meter reading value. In addition, since the “session ID” is a value that should not be known except by the two devices of the meter-reading meter 1 and the meter-reading server 3, the operation for setting the initial value of the session ID is performed as described above. The setting operator 5 managed by Further, the relay device used by the setting operator 5 in the session ID initialization sequence refers to a device having a function equivalent to that of the relay device 2 used for meter reading.

  In the sequence chart of FIG. 6, when the setting operator 5 instructs the relay apparatus 2 to start session ID initialization (sequence Seq21), the relay apparatus 2 starts the session ID initialization program. The session ID initialization program refers to a program that controls the following operation flow of FIG. The activation means giving an opportunity for the operation of the session ID initialization program. The session ID initialization program is executed by, for example, an application that operates on the CPU (Central Processing Unit) of the relay device 2. The

  Relay device 2 first transmits a session ID initialization request to meter-reading meter 1 in accordance with the operation of the session ID initialization program (sequence Seq22). The session ID initialization request is information that triggers a session ID initial value generation process, a meter session ID initialization process, and a meter session ID initialization response that are the next operations in the meter-reading meter 1.

  The meter-reading meter 1 that has received the session ID initialization request from the relay device 2 generates an initial value of the session ID in the session ID initial value generation (sequence Seq23). As a method for generating the initial value of the session ID, for example, there is a method in which a random number value is generated in a calculation unit such as a CPU provided in the meter-reading meter 1 and the generated random value is used as the initial value of the session ID. .

  Thereafter, in the meter session ID initialization, the meter-reading meter 1 sets the initial value of the session ID generated in the session ID initial value generation as a session ID variable (sequence Seq24). As a result, the initial value of the session ID is stored as the initial value of the meter session ID.

  When the meter session ID initialization operation is completed, the meter-reading meter 1 sends the initial value of the session ID generated from the meter-reading meter 1 to the relay device 2 by the operation of the session ID initial value in the meter session ID initialization response. Is transmitted (sequence Seq25).

  When the relay device 2 receives the session ID initial value from the meter-reading meter 1 as the meter session ID initialization response, the session ID received as the meter session ID initialization response from the meter-reading server 3 in the server session ID initialization request. Is transmitted (sequence Seq26). Here, the relay device 2 performs an operation of setting the initial value of the session ID included in the meter session ID initialization response in the server session ID initialization request, but relays the initial value of the session ID. The operation of storing and holding in the device 2 is not performed.

  When the meter-reading server 3 receives the initial value of the session ID as a server session ID initialization request from the relay device 2, it starts server session ID initialization. In the server session ID initialization, the meter-reading server 3 sets the initial value of the session ID received by the server session ID initialization request as a session ID variable (sequence Seq27). As a result, the initial value of the session ID is stored as the initial value of the server session ID. That is, the meter reading server 3 holds the same value as the initial value of the meter session ID stored in the meter reading meter 1 as the initial value of the server session ID. The initial value of the session ID is a value known by two devices, the meter-reading meter 1 and the meter-reading server 3, but is a value that is not understood by other devices such as the relay device 2. .

  Thereafter, the meter-reading server 3 notifies the relay device 2 of the completion of the server session ID initialization operation in a server session ID initialization response (sequence Seq28). The server session ID initialization response includes information for the relay device 2 to determine whether or not the operation of initializing the server session ID on the meter-reading server 3 side has been correctly executed.

  Here, as shown in FIG. 6, the relay device 2 starts a session ID timer when a session ID initialization request is transmitted to the meter-reading meter 1 in sequence Seq22 (sequence Seq29). The session ID timer is a timer managed by the relay device 2 for determining whether both the meter session ID initialization process and the server session ID initialization process are completed within a predetermined time. It is a timer.

  When the relay device 2 receives a server session ID initialization response from the meter-reading server 3 within the predetermined time, the relay device 2 stops the timing operation of the session ID timer (sequence Seq30). When the relay device 2 confirms that the meter session ID initialization process and the server session ID initialization process are correctly completed within the predetermined time by the meter session ID initialization response and the server session ID initialization response, The operator 5 is notified of a session ID initialization completion notification (sequence Seq31). As a method of performing the notification, for example, a method of visually confirming using an output to a display mounted on the relay device 2 or an LED (Light Emitting Diode) or the like, or an auditory recognition using an audio output to a speaker A method, a method of recognizing by vibration sense using a vibration function, and the like are possible.

  Next, an example of the operation of updating the session ID (meter session ID and server session ID) stored in the meter-reading meter 1 and the meter-reading server 3 will be described with reference to the explanatory diagram of FIG.

  FIG. 7 is an explanatory diagram for explaining an example of the update operation of the session ID stored in each of the meter-reading meter 1 and the meter-reading server 3. Here, as described above, the session ID is a variable stored in an updatable state as a meter session ID on the meter-reading meter 1 side and as a server session ID on the meter-reading server 3 side.

  As shown in FIG. 7, the meter-reading meter 1 uses a timepiece built in the meter-reading meter 1 to determine a meter session ID stored in advance every time (T) set in advance as an update period elapses. (Seq42, Seq43). On the other hand, the meter reading server 3 uses a clock built in the meter reading server 3 to store the meter session ID stored every time when a preset time (T: same time as the meter reading meter 1 side) elapses. Is updated by a predetermined value (sequence Seq52, Seq53). Here, the update period is set as the same time in the meter-reading meter 1 and the meter-reading server 3. For example, the update period may be set as the update period for both the meter-reading meter 1 and the meter-reading server 3 as the update period, such as midnight or 0 minutes per hour. Alternatively, the same time interval may be set as the update period, for example, every hour or every 12 hours. Further, the same value is used for both the meter-reading meter 1 and the meter-reading server 3 as the value (predetermined value) to be updated every update period.

  Next, an example of the flow of the key issuing operation in the key issuing sequence shown in the sequence Seq12 of the flowchart of FIG. 5 will be described using the sequence chart of FIG. FIG. 8 is a sequence chart showing an example of the flow of a key delivery operation in the key delivery sequence, and is activated based on a key delivery instruction to the relay device 2 from a meter reader who performs meter reading work. The flowchart of FIG. 8 shows an example of a case where a key (secret key, public key) is generated in the meter-reading server 3 and the generated secret key is issued to the relay device 2. FIG. 8 omits the description of the meter-reading meter 1 and the public line network 4 constituting the meter-reading system, and shows an example of operations and operations in the relay device 2, the meter-reading server 3, and the meter-reading person 6 who controls meter-reading work. ing.

  In the sequence chart of FIG. 8, when the meter reader 6 instructs the relay apparatus 2 to start key issuance (sequence Seq61), the relay apparatus 2 activates the key issuance program. The key distribution program refers to a program that controls the following operation flow of FIG. 8 (that is, the flow from key request to key storage and key distribution completion notification). The activation means giving an opportunity for the operation of the key distribution program, and the key distribution program is executed by, for example, an application operating on the CPU of the relay device 2.

  Relay device 2 first transmits a key delivery request to meter-reading server 3 in accordance with the operation of the key delivery program (sequence Seq62). The key delivery request is information that triggers key generation and key delivery response, which are the next operations in the meter-reading server 3.

  The meter-reading server 3 that has received the key delivery request from the relay device 2 performs key generation processing (sequence Seq63). The key generation process is a process for generating a public key (KeyP) and a secret key (KeyS) corresponding to the relay apparatus 2 that has transmitted the key grant request.

  Meter-reading server 3 stores and holds the generated public key (KeyP), and transmits a key delivery response to relay device 2 (sequence Seq64). The key delivery response is information including the generated secret key (KeyS). The relay device 2 that has received the key delivery response from the meter-reading server 3 stores and holds the secret key (KeyS) included in the key-delivery response received from the meter-reading server 3 in the key storage process (sequence Seq65). .

  Thereafter, the relay device 2 notifies the meter reader 6 of a key delivery completion notification (sequence Seq66). As a method of performing the notification, for example, a method of visually confirming using an output to a display or LED mounted on the relay device 2, a method of recognizing by hearing using an audio output to a speaker, or a vibration function A method of recognizing by vibration sense can be used.

  Next, an example of the flow of the meter reading operation in the meter reading sequence shown in the sequence Seq13 of the flowchart of FIG. 5 will be described using the sequence chart of FIG. FIG. 9 is a sequence chart showing an example of the flow of the meter reading operation in the meter reading sequence. FIG. 9 omits the description of the public line network 4 constituting the meter reading system, and shows an example of operations and operations in the meter meter 1, the relay device 2, the meter reading server 3, and the meter reader 6 who performs meter reading work. ing. In FIG. 9, the solid line arrows indicate the signal flow between the apparatuses, and the broken line arrows indicate the information flow between the relay apparatus 2 and the meter reader 6.

  In the sequence chart of FIG. 9, when the meter reader 6 instructs the relay device 2 to start the meter reading program (sequence Seq71), the relay device 2 starts the meter reading program. The meter reading program refers to a program for controlling the following operation flow of FIG. 9 (that is, the flow from a meter reading request to meter reading verification to meter reading completion notification). The activation means giving an opportunity for the operation of the meter reading program, and the meter reading program is executed by, for example, an application that operates on the CPU of the relay device 2.

  According to the operation of the meter reading program, relay device 2 first transmits a meter reading request to meter meter 1 (sequence Seq72). The meter reading request is information that triggers server verification data generation processing that is the next operation in the meter reading meter 1.

The meter-reading meter 1 that has received the verification request from the relay device 2 measures the target information (that is, the meter-reading value) in the server verification data generation process, and uses the hash to be verified as the value to be verified for server verification. A value (Hm) is generated (sequence Seq73). Information (that is, the meter reading value) measured by the meter meter 1 is acquired as a meter value (MV). The hash value for verification (Hm) generated as the value to be verified for server verification is a hash calculation (Hash) of the meter value (MV) and the session ID managed by the meter-reading meter 1, that is, the meter session ID (SIDM). It is generated by hashing using a (Calculation) function (H). That is, the calculation formula of the hash value for verification (Hm) is given by the following formula (1).
Hm = H (SIDM | MV) (1)

  The hash value for verification (Hm) is used when the meter-reading server 3 verifies that the meter-reading data received from the meter-reading meter 1 via the relay device 2 and the public line network 4 does not contain illegal data. Value (that is, a value used as a value to be verified). For hash calculation, a hash function algorithm called MD5 (Message Digest 5) or SHA (Secure Hash Algorithm) series is used.

When the meter-reading meter 1 generates the hash value for verification (Hm), the meter-reading response including the meter value (MV) as the meter-reading result and the generated hash value for verification (Hm) 2 (sequence Seq74). That is, as the data structure of the meter reading data included in the meter reading response, as shown in the following formula (2), a meter ID (MID) for specifying the meter meter 1 and a verified value that is a value to be verified for server verification And at least a meter value (MV) that is a meter reading value of the meter reading result.
Meter reading data = MID | Hm | MV (2)

  When the relay device 2 receives the meter reading response from the meter reading meter 1, the relay device 2 notifies the meter reading person 6 of a meter reading value approval request for requesting the approval of the meter reading value as the meter reading result (sequence Seq75). In other words, the meter reading value approval request notifies the meter value (MV) which is the meter reading value. As a method of performing the notification, for example, a method of visually confirming using an output to a display or LED mounted on the relay device 2, a method of recognizing by hearing using an audio output to a speaker, or a vibration function A method of recognizing by vibration sense can be used.

  Upon receiving the meter reading value approval request from the relay device 2, the meter reader 6 confirms the meter value (MV) notified by the meter reading value approval request, and uses the input interface provided in the relay device 2. Then, the meter value (MV) is approved by inputting a meter reading value approval response to the relay device 2 (sequence Seq76).

Receiving the meter reading value approval response from the meter reader 6, the relay device 2 that has obtained the approval of the meter reading value performs the process of encrypting the meter reading data included in the meter reading response transmitted from the meter meter 1 (sequence Seq77). ). In the encryption process, the meter reading data to be encrypted is data obtained by combining the meter ID (MID), the hash value for verification (Hm), and the meter value (MV), and the key issuing sequence of the sequence Seq12 in FIG. It is encrypted using the secret key (KeyS) stored in. That is, the calculation formula of the encrypted data (Erep) obtained by the encryption processing is given by the following formula (3).
Erep = E (KeyS, MID | Hm | MV) (3)
The meter ID (MID) is data for specifying the meter-reading meter 1, and the hash value for verification (Hm) is hashed data of the combined data of the meter-reading value and the meter session ID as described above. The meter value (MV) is a meter reading value.

  Thereafter, the relay device 2 transmits a meter reading notification including encrypted data (Erep) generated by performing the encryption process to the meter reading server 3 (sequence Seq78). That is, the data included in the meter reading notification is encrypted data (Erep) obtained by encrypting the meter ID (MID), the hash value for verification (Hm), and the meter value (MV).

  When the meter-reading server 3 receives the meter-reading notification including the encrypted data (Erep) from the relay device 2 as the received meter-reading notification including the received encrypted data (E'rep), the received meter-reading received in the decryption process. The received encrypted data (E′rep) included in the notification is decrypted (sequence Seq79). Here, in the decryption process, the received encrypted data (E′rep) is decrypted using the public key (KeyP) created and stored in advance in the meter-reading server 3. As a result, a reception meter ID (MID ′), a reception-provided hash value (Hm ′), and a reception meter value (MV ′) are obtained as reception meter-reading data in the meter-reading server 3. Each decrypted data corresponds to data constituting meter-reading data before the relay device 2 encrypts the data as encrypted data. In other words, each decrypted data is data corresponding to a meter ID (MID), a hash value for verification (Hm), and a meter value (MV).

That is, the decoding process of the meter reading server 3 as described above can be expressed by using the following equation (4).
E (KeyP, E′rep) = MID ′ | Hm ′ | MV ′ (4)

After completing the decryption process of the received encrypted data (E′rep), the meter-reading server 3 next performs a server session ID (MID ′) corresponding to the received meter ID (MID ′) obtained by the decryption process in the verification precalculation process SIDS) is read from the storage area in the meter-reading server 3. Further, the meter-reading server 3 combines the read server session ID (SIDS) and the received meter value (MV ′) obtained by the decryption process and performs hashing of the combined value in the verification pre-calculation process. Then, a verification hash value (Hs) is obtained as a verification value for server verification (sequence Seq80). A calculation formula for obtaining the verification hash value (Hs) is given by the following formula (5).
Hs = H (SIDS | MV ′) (5)

  Thereafter, the meter-reading server 3 performs normality verification processing of the reception meter value (MV ′) that is the received meter-reading value in the meter-reading value verification processing (sequence Seq81). The verification process is performed by comparing the received hash value for verification (Hm ′) obtained by the decryption process with the verification hash value (Hs) obtained by the verification pre-calculation process.

Based on the comparison result obtained by the comparison, the following determination is performed.
(1) When Hs = Hm ′ It is determined that the received meter value (MV ′), that is, the received meter reading value is a correct meter reading value.
(2) When Hs ≠ Hm ′ It is determined that the received meter value (MV ′), that is, the received meter reading value is an illegal meter reading value.

  Here, the correct meter reading value means the meter reading value transmitted from the expected meter reading meter 1, that is, the meter value (MV). When it is verified that the received meter value (MV ′), that is, the received meter reading value is the correct meter value, the meter reading server 3 accepts the received meter value, that is, the received meter value (MV ′). On the other hand, if it is verified that the received meter value (MV ′), that is, the received meter reading value is an illegal meter value, the meter reading server 3 does not accept the received meter value, ie, the received meter value (MV ′). . Here, accepting means, for example, that the supplier uses a received meter reading value, that is, a received meter value (MV ′) as a meter reading value for collecting charges for a consumer.

  Next, a supplementary explanation will be given regarding the operation in advance of the verification pre-calculation process and the meter reading value verification process of the sequence Seq80 and the sequence Seq81. As described above, the meter session ID in the meter-reading meter 1 and the server session ID in the meter-reading server 3 are originally assumed to change with the same value, but there are cases where the values do not coincide with each other by chance. .

  In the first case where the values do not match, the meter session ID and the server session ID are updated due to the timing difference between the meter session ID in the meter-reading meter 1 and the server session ID in the meter-reading server 3. This is a case where the meter reading sequence is operated in a time zone in which the timing is shifted and the both are accidentally shifted.

  In the second case where the values do not match, a small error accumulates in the time that the internal clocks of the meter reading meter 1 and the meter reading server 3 respectively divide, and the error in the update interval between the meter session ID and the server session ID However, this is a case where the difference between the meter session ID and the server session ID is affected.

  For this reason, it is necessary for the meter-reading server 3 to deal with it on the assumption that the two values may not match. First, in the verification pre-calculation process of the sequence Seq80, in addition to the server session ID stored in the storage area, a server session ID that takes time lag into consideration is separately generated based on a predetermined generation algorithm, and a plurality of servers Using each session ID, a plurality of verification hash values (Hs) are obtained as verification values for server verification.

  Next, in the meter reading value verification process of sequence Seq81, the received verification hash value (Hm ′) is compared with each of the plurality of verification hash values (Hs) obtained in the verification pre-calculation process of sequence Seq80. Process. If there is a verification hash value (Hs) that satisfies the relationship of Hs = Hm ′ among the plurality of comparison results, the received meter value (MV ′), that is, the received metering value is the correct metering value. Judge that there is. By performing such processing, it is possible to verify the meter reading value even during a period in which the values of the meter session ID and the server session ID do not match.

  Further, the server session ID used for generating the verification hash value (Hs) when the relationship of Hs = Hm ′ is established is re-stored in the storage area of the corresponding server session ID as the server session ID corrected for the time lag. Set it.

  When the meter reading server 3 completes the meter reading value verification process of the sequence Seq 81, the meter reading server 3 transmits a meter reading notification response to the relay device 2 (sequence Seq 82). The meter reading notification response notifies a result of verification of meter reading data in the meter reading server 3. When relay device 2 receives the meter reading notification response from meter reading server 3, relay device 2 notifies meter reading person 6 of the verification result received from meter reading server 3 in the meter reading completion notification (sequence Seq83).

(Explanation of effect of embodiment)
As described in detail above, the following effects can be obtained in the meter reading system according to the present embodiment.

  First, in the meter reading system according to the present embodiment, an effect that the meter reading server 3 can verify whether or not the meter reading value is correct is obtained. This is because, as shown in the hash value calculation in the meter reading meter 1 in step S1 of FIG. 1, the meter reading meter 1 generates a hash value from the meter reading value and a preset meter session ID. And as shown in the meter-reading data which the meter-reading meter 1 of FIG. 1 transmits, the meter-reading data delivered from the meter-reading meter 1 to the meter-reading server 3 other than meter ID and meter-reading value which specify the meter-reading meter 1 were produced | generated. This is because the hash value is included. In addition, when the meter reading server 3 receives the meter reading data, the meter reading server 3 uses the hash value sent from the meter reading meter 1 as the search value sent from the meter reading meter 1 and a preset server session ID. This is because it is verified whether or not they match with the hash value generated based on the above.

  Next, with regard to the device that performs the meter reading data encryption process, the cost for the initial construction of the meter reading system is examined. In order to execute the encryption algorithm without impairing the responsiveness to the meter reader, a high-speed arithmetic device is necessary, but in general, a high-speed arithmetic device is expensive. The responsiveness to the meter reader means the response performance of the device with respect to the operation of the meter reader.

  For example, unlike the case of the present embodiment, when the encryption algorithm is executed on the meter-reading meter 1 side, it is necessary to use expensive arithmetic processing parts for the meter-reading meter 1, so that the price of the meter-reading meter 1 is low. It becomes expensive.

  On the other hand, when the encryption algorithm is executed in the relay device 2 as in the case of the present embodiment, the relay device 2 composed of a device such as a mobile phone or a smartphone already has a high-speed arithmetic device. It is possible to use the high-speed computing device for the execution of the above, and there is no extra cost associated with the construction of the meter reading system. In addition, the said arithmetic unit means the apparatus which can perform the numerical calculation process for encryption, such as CPU (Central Processing Unit) and FPGA (Field Programmable Gate Array).

  As described above, at the time of initial construction of the meter reading system, it is possible to construct the meter reading system at a lower cost if the relay device 2 takes charge of the encryption algorithm as in the case of the present embodiment.

  Next, the cost for updating the encryption algorithm is examined. In the future, vulnerabilities may be found in the encryption algorithm and it may be necessary to update the encryption algorithm.

  For example, unlike the case of the present embodiment, when a program of an encryption algorithm is installed in the meter-reading meter 1, there are the following problems. That is, a supplier of the meter reading system or an operator managed by the supplier visits the installation location of each meter meter 1 and rewrites firmware related to the encryption algorithm of the meter meter 1 at the installation location. I need it.

  On the other hand, when encryption algorithm processing is performed in the relay device 2 as in the present embodiment, if the relay device 2 downloads and installs a new encryption algorithm program via the public network 4, the encryption algorithm Updates can be made.

  As described above, it is possible to increase the ease of updating the cryptographic algorithm by performing the cryptographic algorithm processing in the relay device 2 as compared with the meter-reading meter 1.

  From the above examination results regarding the apparatus for performing the meter reading data encryption process, the meter reading system according to the present embodiment can obtain the following two effects simultaneously. That is, having the relay device 2 in charge of the encryption process has two effects that the initial construction cost of the meter reading system is lower and the encryption process is more easily updated than in the meter reading meter 1. can get.

  Furthermore, in general, even if reliability measures are applied as an optimal mechanism in the present situation, there is a possibility that vulnerabilities will increase in the future, and there is a need to update devices and programs. Sometimes. Costs for renewal such as this are borne by the supplier and the consumer. Accordingly, in the present embodiment, the relay device 2 and the programs in the meter reading server 3 including the meter reading program applied to the meter reading system are also downloaded and replaced via the public line network 4. Making it easy to update.

[Other Embodiments of the Present Invention]
Next, another embodiment of the meter reading system according to the present invention will be described. In other embodiments described below, the system configuration of the meter reading system is exactly the same as the system configuration diagram of FIG. 3 described above, and relates to the session ID initial value generation operation in the session ID initialization sequence shown in FIG. Another operation example is described.

(First other embodiment)
First, a first other operation example related to the session ID initial value generation operation in the session ID initialization sequence will be described with reference to the sequence chart of FIG. FIG. 10 is a sequence chart showing a first other example different from FIG. 6 of the flow of the session ID initial value generation operation in the session ID initialization sequence. Unlike the case of FIG. 6, the operation example illustrated in FIG. 10 illustrates a specific example in the case where the session ID initial value generation is performed in the relay device 2. As in the case of FIG. 6, FIG. 10 omits the description of the public line network 4 that constitutes the meter reading system, and performs setting work for initializing the meter meter 1, the relay device 2, the meter reading server 3, and the session ID. The work and operation | movement in each person 5 are shown.

  In the sequence chart of FIG. 10, when the setting operator 5 instructs the relay apparatus 2 to start session ID initialization (sequence Seq21A), the relay apparatus 2 starts the session ID initialization program as in FIG. . The session ID initialization program refers to a program that controls the following operation flow of FIG. As in the case of FIG. 6, activation means giving an opportunity for the operation of the session ID initialization program. The session ID initialization program is executed by, for example, an application operating on the CPU of the relay device 2 or the like. Executed.

  In accordance with the operation of the session ID initialization program, relay device 2 first generates an initial value of a session ID in generating a session ID initial value (sequence Seq22A). As a method for generating the initial value of the session ID, for example, there is a method in which a random number value is generated in a calculation unit such as a CPU provided in the relay apparatus 2 and the generated random value is used as the initial value of the session ID. .

  Thereafter, relay device 2 transmits a meter session ID initialization request to meter-reading meter 1 (sequence Seq23A). The meter session ID initialization request notifies the initial value of the session ID generated in the session ID initial value generation process as the initial value of the meter session ID. Here, the relay device 2 performs an operation of setting an initial value of the session ID generated in the session ID initialization generation process in the meter session ID initialization request and a server session ID initialization request described later. Thereafter, the session ID is discarded, and an operation for storing and holding the initial value of the session ID in the relay apparatus 2 is not performed.

  The meter-reading meter 1 that has received the meter session ID initialization request from the relay device 2 sets the initial value of the session ID received from the relay device 2 as a session ID variable in the initial meter session ID value (sequence Seq24A). As a result, the initial value of the session ID is stored as the initial value of the meter session ID.

  When the operation of initializing the meter session ID ends, the meter-reading meter 1 transmits a meter session ID initialization response to the relay device 2 (sequence Seq25A). The meter session ID initialization response includes information for determining whether or not the meter session ID initialization operation on the meter-reading meter 1 side is correctly executed in the relay device 2.

  When the relay device 2 receives the meter session ID initialization response from the meter-reading meter 1, after confirming that the meter session initialization operation has been correctly executed, the relay device 2 responds to the meter-reading server 3 in the server session ID initialization request. The initial value of the session ID generated in the session ID initial value generation is transmitted (sequence Seq26A).

  When the meter-reading server 3 receives the initial value of the session ID as a server session ID initialization request from the relay device 2, it starts server session ID initialization as in the case of FIG. In the server session ID initialization, the meter-reading server 3 sets the initial value of the session ID received by the server session ID initialization request as a session ID variable (sequence Seq27A) as in the case of FIG. As a result, the initial value of the session ID is stored as the initial value of the server session ID. That is, the meter reading server 3 holds the same value as the initial value of the meter session ID stored in the meter reading meter 1 as the initial value of the server session ID. Further, the initial value of the session ID is a value known by the three devices of the meter-reading meter 1, the relay device 2, and the meter-reading server 3, but the relay device 2 used outside the session ID initialization sequence. And for other devices, the value is completely unknown.

  Thereafter, as in the case of FIG. 6, the meter-reading server 3 notifies the relay device 2 of the completion of the server session ID initialization operation in a server session ID initialization response (sequence Seq28A). The server session ID initialization response includes information for the relay device 2 to determine whether or not the operation of initializing the server session ID on the meter-reading server 3 side has been correctly executed.

  Here, as shown in FIG. 10, the relay device 2 starts the session ID timer when the operation of generating the session ID initial value is completed in the sequence Seq22A (sequence Seq29A). As in the case of FIG. 6, the session ID timer is a timer managed by the relay device 2. Whether the meter session ID initialization process and the server session ID initialization process are completed within a predetermined time. It is a timer for determining whether or not.

  When the relay device 2 receives a server session ID initialization response from the meter-reading server 3 within the predetermined time, the relay device 2 stops the time counting operation of the session ID timer as in the case of FIG. 6 (sequence Seq30A). The relay device 2 can confirm that the meter session ID initialization process and the server session ID initialization process are correctly completed within the predetermined time by the meter session ID initialization response and the server session ID initialization response. In the same manner as in FIG. 6, the setting operator 5 is notified of a session ID initialization completion notification (sequence Seq31A). As a method of performing the notification, for example, a method of visually confirming using an output to a display or LED mounted on the relay device 2, a method of recognizing by hearing using an audio output to a speaker, or a vibration function A method of recognizing by vibration sense can be used.

(Second other embodiment)
Next, a second other operation example regarding the session ID initial value generation operation in the session ID initialization sequence will be described with reference to the sequence chart of FIG. FIG. 11 is a sequence chart showing a second other example different from FIG. 6 of the flow of the session ID initial value generation operation in the session ID initialization sequence. The operation example shown in FIG. 11 is a specific example in which the session ID initial value generation is performed in the meter-reading server 3 unlike the case of FIG. Similar to the case of FIG. 6, FIG. 11 omits the description of the public line network 4 constituting the meter-reading system, and the setting work for initializing the meter-reading meter 1, the relay device 2, the meter-reading server 3, and the session ID. The work and operation | movement in each person 5 are shown.

  In the sequence chart of FIG. 11, when the setting operator 5 instructs the relay apparatus 2 to start session ID initialization (sequence Seq21B), the relay apparatus 2 starts the session ID initialization program as in the case of FIG. . The session ID initialization program refers to a program that controls the following operation flow in FIG. As in the case of FIG. 6, activation means giving an opportunity for the operation of the session ID initialization program. The session ID initialization program is executed by, for example, an application operating on the CPU of the relay device 2 or the like. Executed.

  Relay device 2 first transmits a server session ID initialization request to meter-reading server 3 according to the operation of the session ID initialization program (sequence Seq22B). The session ID initialization request is information that triggers a server session ID initial value generation process, a server session ID initialization process, and a server session ID initialization response that are the next operations in the meter-reading server 3.

  Upon receipt of the session ID initialization request from relay device 2, meter-reading server 3 generates an initial value of the session ID in the server session ID initial value generation (sequence Seq23B). As a method for generating the initial value of the session ID, for example, there is a method in which a random number value is generated in a calculation unit such as a CPU provided in the meter-reading server 3 and the generated random value is used as the initial value of the session ID. .

  Thereafter, in the server session ID initialization, the meter-reading server 3 sets the initial value of the session ID generated in the server session ID initial value generation as the initial value of the session ID variable (sequence Seq24B). As a result, the initial value of the session ID is stored as the initial value of the server session ID.

  Upon completion of the server session ID initialization operation, meter-reading server 3 transmits a server session ID initialization response to relay device 2 (sequence Seq25B). The server session ID initialization response is information including the initial value of the session ID generated in the server session ID initial value generation (that is, the initial value of the server session ID).

  The relay device 2 that has received the server session ID initialization response from the meter-reading server 3 transmits a meter session ID initialization request to the meter-reading meter 1 (sequence Seq26B). The meter session ID initialization request is information including the initial value of the session ID notified by the server session ID initialization response received from the meter-reading server 3. Here, the relay device 2 performs the operation of setting the initial value of the session ID included in the server session ID initialization response in the meter session ID initialization request, but relays the initial value of the session ID. The operation of storing in the device 2 is not performed.

  The meter-reading meter 1 that has received the meter session ID initialization request from the relay device 2 uses the initial value of the session ID received from the relay device 2 as the session ID variable in the meter session ID initialization as in the case of FIG. Set (sequence Seq27B). As a result, the initial value of the session ID is stored as the initial value of the meter session ID. That is, the meter-reading meter 1 holds the same value as the initial value of the server session ID stored in the meter-reading server 3 as the initial value of the meter session ID. In addition, the initial value of the session ID is a value known by two devices, the meter reading server 3 and the meter reading meter 1, but is not understood by other devices such as the relay device 2 at all. .

  When the meter session ID initialization operation is completed, the meter-reading meter 1 transmits a meter session ID initialization response to the relay device 2 as in the case of FIG. 10 (sequence Seq28B). The meter session ID initialization response includes information for determining whether or not the meter session ID initialization operation on the meter-reading meter 1 side is correctly executed in the relay device 2.

  When relay device 2 receives a meter session ID initialization response from meter-reading meter 1, relay device 2 transmits a meter session ID initial value completion notification to meter-reading server 3 (sequence Seq29B). The meter session ID initial value completion notification determines whether the meter session ID initialization operation on the meter meter 1 side included in the meter session ID initialization response received from the meter meter 1 has been executed correctly. Contains information to do.

  Here, as shown in FIG. 11, the meter-reading server 3 starts the session ID timer when the operation of generating the server session ID initial value is completed in the sequence Seq23B (sequence Seq30B). Unlike the case of FIG. 6, the session ID timer is a timer managed by the meter-reading server 3, and both the server session ID initialization process and the meter session ID initialization process are completed within a predetermined time. It is a timer for determining whether or not.

  When the meter-reading server 3 receives the meter session ID initialization completion notification from the relay device 2 within the predetermined time, the meter-reading server 3 stops the timing operation of the session ID timer (sequence Seq31B).

  Furthermore, when the meter reading server 3 can confirm that both the server session ID initialization process and the meter session ID initialization process are completed within a predetermined time, the meter reading server 3 Session ID initialization completion notification response is transmitted (sequence Seq32B).

  When the relay device 2 receives the meter session ID initialization completion notification response from the meter-reading server 3, the relay device 2 notifies the setting operator 5 of a session ID initialization completion notification (sequence Seq33B). As a method of performing the notification, for example, a method of visually confirming using an output to a display or LED mounted on the relay device 2, a method of recognizing by hearing using an audio output to a speaker, or a vibration function A method of recognizing by vibration sense can be used.

(Third other embodiment)
Next, a third other operation example regarding the session ID initial value generation operation in the session ID initialization sequence will be described with reference to the sequence chart of FIG. FIG. 12 is a sequence chart showing a third other example different from FIG. 6 of the flow of the session ID initial value generation operation in the session ID initialization sequence. The operation example shown in FIG. 12 is different from the case of FIG. 6 in the case where the meter session ID initialization process and the server session initialization process are performed using predetermined values determined in advance in the meter-reading meter 1 and the meter-reading server 3, respectively. A specific example is shown. Similar to the case of FIG. 6, FIG. 12 omits the description of the public line network 4 constituting the meter-reading system, and the setting work for initializing the meter-reading meter 1, the relay device 2, the meter-reading server 3, and the session ID. The work and operation | movement in each person 5 are shown.

  In the sequence chart of FIG. 12, when the setting operator 5 instructs the relay apparatus 2 to start session ID initialization (sequence Seq21C), the relay apparatus 2 starts the session ID initialization program as in the case of FIG. . The session ID initialization program refers to a program that controls the following operation flow of FIG. As in the case of FIG. 6, activation means giving an opportunity for the operation of the session ID initialization program. The session ID initialization program is executed by, for example, an application operating on the CPU of the relay device 2 or the like. Executed.

  In accordance with the operation of the session ID initialization program, relay device 2 first transmits a server session ID initialization request to meter-reading server 3 (sequence Seq22C). The server session ID initialization request is information that triggers a server session ID initialization process and a server session ID initialization response, which are the next operations in the meter-reading server 3.

  Upon receipt of the server session ID initialization request from the relay device 2, the meter-reading server 3 sets, as the initial value of the session ID variable, a known value predetermined as the initial value of the session ID in the server session ID initialization. (Sequence Seq23C). As a result, the initial value of the session ID is stored as the initial value of the server session ID.

  When the operation of server session ID initialization is completed, meter-reading server 3 transmits a server session ID initialization response to relay device 2 (sequence Seq24C). The server session ID initialization response includes information for notifying the relay apparatus 2 whether or not the server session initialization operation has been normally performed in the meter-reading server 3.

  When the relay device 2 receives a server session ID initialization response indicating that the server session initialization operation has been normally performed from the meter-reading server 3, the relay device 2 then initializes the meter session ID to the meter-reading meter 1. A request is transmitted (sequence Seq25C). The meter session ID initialization request is information that triggers a meter session ID initialization process and a meter session ID initialization response that are the next operations in the meter-reading meter 1.

  Upon receipt of the meter session ID initialization request from the relay device 2, the meter-reading meter 1 sets a known value that is predetermined as the initial value of the session ID as the initial value of the session ID variable in the meter session ID initialization. (Sequence Seq26C). As a result, the initial value of the session ID is stored as the initial value of the meter session ID.

  When the meter session ID initialization operation is completed, meter-reading server 3 transmits a meter session ID initialization response to relay device 2 (sequence Seq27C). The meter session ID initialization response includes information for notifying the relay device 2 whether or not the meter session initialization operation has been normally performed in the meter-reading meter 1. Here, the known value in the meter-reading meter 1 is the same value as the known value in the meter-reading server 3, and the initial value of the meter session ID and the initial value of the server session ID are the same. Value. The known values, that is, the initial value of the meter session ID and the initial value of the server session ID are values known by the respective devices of the meter reading server 3 and the meter meter 1. This value is completely unknown to other devices such as the relay device 2.

  Here, as shown in FIG. 12, the relay apparatus 2 starts the session ID timer when the operation of the server session ID initial value request is completed in the sequence Seq22C (sequence Seq28C). As in the case of FIG. 6, the session ID timer is a timer managed by the relay device 2, and whether both the server session ID initialization process and the meter session ID initialization process are completed within a predetermined time. It is a timer for determining whether or not.

  When the relay device 2 receives a meter session ID initialization response from the meter-reading meter 1 within the predetermined time, the relay device 2 stops the session ID timer timing operation as in the case of FIG. 6 (sequence Seq29C). The relay device 2 can confirm that the server session ID initialization process and the meter session ID initialization process are correctly completed within the predetermined time by the server session ID initialization response and the meter session ID initialization response. In the same manner as in the case of FIG. 6, the setting operator 5 is notified of a session ID initialization completion notification (sequence Seq30C). As a method of performing the notification, for example, a method of visually confirming using an output to a display or LED mounted on the relay device 2, a method of recognizing by hearing using an audio output to a speaker, or a vibration function A method of recognizing by vibration sense can be used.

  The configuration of the preferred embodiment of the present invention has been described above. However, it should be noted that such embodiments are merely examples of the present invention and do not limit the present invention in any way. Those skilled in the art will readily understand that various modifications and changes can be made according to a specific application without departing from the gist of the present invention.

DESCRIPTION OF SYMBOLS 1 Meter-reading meter 2 Relay device 3 Meter-reading server 4 Public network 5 Setting operator 6 Meter-reading person

Claims (10)

A meter-reading meter that performs meter-reading of the amount supplied to the consumer, a meter-reading server that manages the meter-reading value read by the meter-reading meter, and a relay device that relays data transferred between the meter-reading meter and the meter-reading server A meter reading system comprising:
The meter-reading meter includes meter-metering data that includes a meter ID that identifies the meter-reading meter, a meter-reading value that indicates a supply amount to a consumer, and a hash value that is calculated based on the meter-reading value and a preset meter session ID. And transmit to the relay device,
The relay device that has received the meter-reading data transmits the received meter-reading data to the meter-reading server,
The meter-reading server that has received the meter-reading data calculates a hash value as a verification value based on the meter-reading value in the meter-reading data and a preset server session ID, and uses the hash value calculated as the verification value as the meter reading. Compared with a hash value in data, if both match, the meter reading value is determined to be a correct meter reading value measured by the meter meter. The meter-reading meter updates and resets the meter session ID at predetermined time intervals, regularly at predetermined values,
The meter-reading system according to claim 1, wherein the meter-reading server periodically updates and sets the server session ID at the predetermined time interval by the predetermined value.   The meter reading system according to claim 1 or 2, wherein the meter session ID set in advance in the meter reading meter and the server session ID set in advance in the meter reading server are set to the same value. The relay device transmits an initialization request to the meter-reading meter when there is a session ID initialization start instruction from a setting operator,
The meter-reading meter that has received the initialization request generates an initial value of a session ID, sets the generated initial value of the session ID as an initial value of the meter session ID, and transmits the initial value of the session ID via the relay device. Sent to the meter reading server,
The meter-reading server that has received the initial value of the session ID sets the received initial value of the session ID as the initial value of the server session ID,
Or
The relay device transmits an initialization request to the meter-reading server when there is a start instruction for session ID initialization from a setting operator,
The meter-reading server that has received the initialization request generates an initial value of a session ID, sets the generated initial value of the session ID as an initial value of the server session ID, and transmits the initial value of the session ID via the relay device. Sent to the meter meter,
The meter-reading meter which received the initial value of the session ID sets the received initial value of the session ID as an initial value of the meter session ID. system. The relay device generates an initial value of a session ID when a setting operator gives an instruction to start session ID initialization, and transmits the generated initial value of the session ID to the meter-reading meter and the meter-reading server. And
The meter-reading meter sets the received initial value of the session ID as an initial value of the meter session ID,
The meter-reading system according to any one of claims 1 to 3, wherein the meter-reading server sets the received initial value of the session ID as an initial value of the server session ID. The relay device transmits an initialization request to the meter-reading meter and the meter-reading server when there is a start instruction for session ID initialization from a setting operator,
The meter-reading meter that has received the initialization request sets a known value predetermined as an initial value as an initial value of the meter session ID,
The meter-reading server that has received the initialization request sets the known value set in advance as an initial value as an initial value of the server session ID. Meter reading system. The relay device encrypts the received meter reading data using a secret key stored in advance and transmits it to the meter reading server,
The meter-reading server that has received the encrypted meter-reading data decrypts the encrypted meter-reading data using a public key held in advance, and further decrypts the encrypted meter-reading data. A hash value is calculated as a verification value based on the obtained meter reading value and a preset server session ID, and the hash value calculated as the verification value is obtained by decrypting the encrypted meter reading data. Compared with the hash value, if both match, it is determined that the meter reading value obtained by decrypting the encrypted meter reading data is the correct meter reading value read by the meter meter,
The relay device transmits a key delivery request to the meter reading server when there is a key delivery start instruction from a meter reader.
The meter-reading server that has received the key grant request generates a public key and a secret key corresponding to the requesting relay device, holds the generated public key, and generates the secret key as a request source. Transmitted to the relay device,
The meter reading system according to claim 1, wherein the relay device that has received the secret key holds the received secret key. A meter-reading meter that performs meter-reading of the amount supplied to the consumer, a meter-reading server that manages the meter-reading value read by the meter-reading meter, and a relay device that relays data transferred between the meter-reading meter and the meter-reading server A meter reading method in a meter reading system including
Creating meter-reading data including a meter ID for identifying the meter-reading meter, a meter-reading value indicating a supply amount to a consumer, and a hash value calculated based on the meter-reading value and a preset meter session ID; And performing the step of transmitting the created meter reading data to the relay device with the meter meter,
Receiving the meter-reading data and performing the step of transmitting the received meter-reading data to the meter-reading server in the relay device;
Receiving the meter-reading data, calculating a hash value as a verification value based on a meter-reading value in the meter-reading data and a preset server session ID, and calculating the hash value calculated as the verification value as a hash in the meter-reading data A meter reading method, wherein the meter reading server performs the step of determining that the meter reading value is a correct meter reading value obtained by the meter reading meter when the two values coincide with each other. The meter session ID is further updated with a predetermined value periodically at predetermined time intervals, and a step of resetting the meter session ID is further performed with the meter reading meter,
The said meter-reading server further performs the process which updates and resets the said server session ID by the said predetermined value regularly for every said predetermined time interval. Meter reading method. A meter-reading meter that performs meter-reading of the amount supplied to the consumer, a meter-reading server that manages the meter-reading value read by the meter-reading meter, and a relay device that relays data transferred between the meter-reading meter and the meter-reading server A meter reading program executed as a program by a computer in the relay device in a meter reading system including at least
A process step of starting when a start instruction is received from a meter reader and transmitting a meter reading request to the meter meter;
Meter reading data including a meter ID for identifying the meter reading meter from the meter reading meter, a meter reading value indicating a supply amount to a consumer, and a hash value calculated based on the meter reading value and a preset meter session ID. Receiving processing steps;
A processing step of notifying the meter reader of the meter reading value included in the meter reading data received from the meter meter and obtaining approval;
A step of transmitting the meter-reading data received from the meter-reading meter to the meter-reading server;
In the meter reading server that has received the meter reading data, based on the hash value in the meter reading data, transmits a verification result that verifies whether or not the meter reading value in the meter reading data is a correct meter reading value measured by the meter reading meter. A processing step of receiving the meter reading result transmitted when
And a processing step of notifying the meter reader of the meter reading result received from the meter reading server.

Images