JP2023037147A - Data providing device, data acquisition device, and program - Google Patents

Abstract

To provide a data providing device, a data acquisition device, and a program that allow an easy detection of data falsification.SOLUTION: In a data providing device (settlement management server), a control unit includes: a management unit that manages data; an extraction unit that extracts, from the data managed by the management unit, provision data that is to be provided to an external device; a determination information generation unit that generates falsification determination information for determining whether the provision data has been falsified, based on the provision data extracted by the extraction unit; an integrated data generation unit that makes the falsification determination information generated by the determination information generation unit invisible and generates integrated data by integrating it with the provision data; and an output unit that outputs the integrated data generated by the integrated data generation unit, to the external device.SELECTED DRAWING: Figure 4

Description

TECHNICAL FIELD Embodiments of the present invention relate to a data providing device, a data acquisition device, and a program.

Conventionally, techniques for detecting falsification of electronic data (hereinafter also simply referred to as "data") have been employed. For example, it is known to detect falsification using a hash value in order to confirm that the data has not been falsified while the data user obtains the data from the provider.

According to this prior art, the provider generates a hash value based on the data to be provided, encrypts the hash value with a secret key, and transmits the data and the hash value to the user. The user decrypts the received hash value with the public key and generates a hash value based on the received data. Then, the decrypted hash value and the generated hash value are compared, and if they match, it is determined that the data has not been tampered with. The reason why the encrypted hash value is used is to prevent the hash value from being tampered with while the user obtains the data.

However, in the conventional technology described above, since the hash value is encrypted, it is necessary to create a secret key for encryption and a public key for decryption. Also, it is necessary to provide the public key to the user in advance. For this reason, the above-described conventional technology requires time and effort, and it is desired to be able to easily detect falsification of data.

The problem to be solved by the present invention is to provide a data providing device, a data acquiring device, and a program that can easily detect falsification of data.

A data providing device according to an embodiment includes a management unit that manages data, an extraction unit that extracts provided data to be provided to an external device from the data managed by the management unit, and based on the provided data extracted by the extraction unit. a determination information generating unit that generates tampering determination information for determining whether or not the provided data has been tampered with; and the tampering determination information generated by the determination information generating unit is converted into invisible data and integrated with the provided data. and an output unit for outputting the integrated data generated by the integrated data generating unit to the external device.

Further, the data acquisition device of the embodiment acquires integrated data in which the provided data and the first tampering determination information that is made into invisible data and is information for determining whether or not the provided data has been tampered with are integrated. a determination information generation unit configured to generate second tampering determination information for determining whether or not the provided data has been tampered with, based on the provided data acquired by the acquisition unit; a determination unit that reads the first tampering determination information and determines whether or not it matches the second tampering determination information generated by the determination information generating unit.

FIG. 1 is a schematic diagram of a data falsification prevention system according to an embodiment. FIG. 2 is a diagram illustrating a data configuration of integrated data according to the embodiment; FIG. 3 is a block diagram showing the hardware configuration of the data providing device of the embodiment. FIG. 4 is a block diagram showing the functional configuration of the control unit of the data providing device according to the embodiment; FIG. 5 is a block diagram showing the hardware configuration of the data acquisition device of the embodiment. FIG. 6 is a block diagram showing the functional configuration of the control unit of the data acquisition device according to the embodiment; FIG. 7 is a flow chart showing the flow of output processing by the control unit of the data providing device according to the embodiment. FIG. 8 is a flow chart showing the flow of import processing by the control unit of the data acquisition device of the embodiment.

A data providing device, a data acquiring device, and a program according to embodiments will be described below with reference to the drawings. In addition, this invention is not limited by embodiment described below. For example, in the embodiments described below, the data provision device is a payment management server provided in a payment center, and the data acquisition device is a sales data provided by a shopping center operating company (hereinafter simply referred to as "operating company"). An example of using a management server will be described, but the present invention is not limited to this. The data providing device and data acquiring device can be widely used in other fields.

FIG. 1 is a diagram showing an outline of a falsification prevention system including a data providing device and a data acquiring device. The tampering prevention system 1 of the embodiment is applied to a management company of a shopping center with a plurality of stores and a settlement center that processes cashless settlement of transactions at each store in the shopping center.

The falsification prevention system 1 includes a payment management server 2 , a download PC (Personal Computer) 3 , an upload PC 4 and a sales management server 5 . The settlement management server 2 is installed in the settlement center of the settlement company. The download PC 3, the upload PC 4, and the sales management server 5 are installed in the operating company.

The payment management server 2 is connected to payment terminals 6 provided at each store in the shopping center via a network such as the Internet. Based on the information from each payment terminal 6, the payment management server 2 executes payment processing related to cashless payment using electronic money, a two-dimensional code, a credit card, etc., and receives information related to the executed payment processing. to manage. Note that the payment management server 2 may only manage information related to payment processing without executing payment processing.

The payment management server 2 is also connected to the download PC 3 via a network such as the Internet. In response to a request from the download PC 3, the payment management server 2 transmits (provides) payment data regarding the operating company that manages the download PC 3 to the download PC 3. In this embodiment, the payment management server 2 provides payment data to the download PC 3 via the network, but it may be provided using a storage medium. The settlement management server 2 is an example of a data providing device.

The download PC 3 transmits a payment data output request to the payment management server 2 and downloads the payment data from the payment management server 2 .

The upload PC 4 is connected to the sales management server 5 via a dedicated line, and together with the sales management server 5 constitutes a sales management system within the operating company. The upload PC 4 is a PC dedicated to the sales management system, and is installed in an environment isolated from public lines such as the Internet. The upload PC 4 acquires the payment data received by the download PC 3 from the payment management server 2 via, for example, a USB (Universal Serial Bus) memory or the like, and uploads the data to the sales management server 5 .

The sales management server 5 manages sales of each store in the shopping center. The sales management server 5 acquires payment data relating to cashless payment from the upload PC 4 and separately acquires payment data for cash payment. The sales management server 5 manages the sales data of each store in the shopping center based on the acquired payment data. The sales management server 5 is an example of a data acquisition device.

The operating company performs various processes based on the sales data managed by the sales management server 5 . For example, based on the sales data managed by the sales management server 5, the operating company checks the amount of sales separately reported from each store. Also, the operating company calculates the rent of each store opened in the shopping center based on the sales data managed by the sales management server 5 .

In the tampering prevention system 1, the settlement management server 2, upon receiving a request for settlement data from the download PC 3, extracts settlement data relating to the operating company that manages the download PC 3. In other words, the payment management server 2 extracts the payment data of each store in the shopping center operated by the operating company that requested the payment data from the payment data it manages. The extracted payment data is an example of provided data provided by the data providing device to the external device.

The payment management server 2 generates a hash value of the extracted payment data. A hash value is generated by using a hash function. The generated hash value is an example of falsification determination information. The hash value generated by the payment management server 2 constitutes first falsification determination information. In the following description, the hash value generated by the payment management server 2 may be called "first hash value". The payment management server 2 integrates the payment data and the first hash value into one file and transmits it to the download PC 3 . A file containing payment data and hash values is an example of integrated data.

Here, a file is one of data management units in a computer. Files are managed by a file system that is part of the computer's OS (Operating System).

The file transmitted to the download PC 3 has the payment data written (stored) in the visible area and the first hash value written in the invisible area. Data written to the viewable area can be displayed by normal operation of the computer. On the other hand, data written in the invisible area is not displayed during normal operation of the computer, and can be displayed by executing a special command.

The visible area of a file corresponds to the main stream in, for example, the NTFS (registered trademark) file system. The invisible area of the file corresponds to the alternate data stream, eg in the NTFS file system.

FIG. 2 is a diagram showing the data configuration of integrated data. This embodiment employs the NTFS file system. The integrated data consists of one file, the payment data is stored in the main stream which is the visible area, and the first hash value generated by the payment management server 2 is stored in the alternative data stream which is the invisible area.

The download PC 3 downloads the file in which the payment data and the first hash value are written. An employee of the operating company stores the downloaded file in the USB memory and moves the data to the upload PC 4. - 特許庁The upload PC 4 reads the file from the USB memory and uploads it to the sales management server 5 . At this time, the upload PC 4 can display the payment data, but does not display the first hash value.

Sales management server 5 reads the first hash value from the invisible area of the uploaded file. The sales management server 5 also reads the payment data from the visible area of the uploaded file, and creates a hash value of the payment data using a hash function. The hash value generated by the sales management server 5 constitutes second falsification determination information. In the following description, the hash value generated by the sales management server 5 may be called "second hash value". The hash function used by the sales management server 5 to generate the second hash value is the same as the hash function used by the settlement management server 2 to generate the first hash value. Therefore, if the payment data are the same, the first hash value generated by the payment management server 2 and the second hash value generated by the sales management server 5 will be the same.

The sales management server 5 generates a second hash value generated by the sales management server 5 based on the first tampering determination information, that is, the first hash value written in the file, and the second tampering information, that is, the settlement data written in the file. Compare with Thus, the sales management server 5 can determine whether or not the uploaded payment data is the payment data downloaded from the payment management server 2 that has been tampered with.

If the first hash value and the second hash value match, the sales management server 5 determines that the payment data downloaded from the payment management server 2 has not been tampered with, and stores the sales data managed by itself. The payment data is loaded into the management file 512 (see FIG. 5). If the first hash value and the second hash value do not match, the sales management server 5 determines that the payment data downloaded from the payment management server 2 has been tampered with or corrupted. Do not import the payment data. Then, an error message is transmitted to the upload PC 4, for example. By preventing tampered payment data from being taken in, for example, it is possible to suppress fraud due to cooperation between some employees of the operating company and the store.

Next, the configuration and functions of the settlement management server 2 will be described in detail. FIG. 3 is a block diagram showing the main hardware configuration of the payment management server 2. As shown in FIG. The settlement management server 2 includes a control section 20 , a memory section 21 , a display section 22 , an operation input section 23 and a communication section 24 . The control unit 20, memory unit 21, display unit 22, operation input unit 23, and communication unit 24 are connected to each other via a bus 25 or the like.

The control unit 20 is configured by a computer having a CPU (Central Processing Unit) 201 , a ROM (Read Only Memory) 202 and a RAM (Random Access Memory) 203 . CPU 201 , ROM 202 and RAM 203 are connected to each other via bus 25 .

A CPU 201 controls the overall operation of the payment management server 2 . The ROM 202 stores various programs such as programs used to drive the CPU 201 and various data. A RAM 203 is used as a work area for the CPU 201 and develops various programs and data stored in the ROM 202 and the memory section 21 . The control unit 20 executes various control processes of the payment management server 2 by the CPU 201 operating according to the ROM 202 and the control program stored in the memory unit 21 and developed in the RAM 203 .

The memory unit 21 is composed of a storage medium such as an HDD (Hard Disk Drive) or flash memory, and maintains stored contents even when the power is turned off. The memory unit 21 stores a control program 211 and a payment data management file 212 .

The control program 211 includes a program for executing payment processing based on information received from the payment terminal 6 of the store, a program for managing payment data, a program for generating integrated data by generating hash values, In addition, it is a program or the like that causes the settlement management server 2 to function as a data providing device.

The payment data management file 212 is a file for managing payment data related to cashless payment processed based on information from the payment terminal 6 of each store. The payment data management file 212 stores, for each transaction, information indicating the store, the shopping center to which the store belongs, the product to be traded, the total amount, the settlement method, etc., in association with each other. Note that the memory unit 21 may be an external memory that the settlement management server 2 can access.

The display unit 22 is composed of a liquid crystal panel or the like, and displays various information. For example, the display unit 22 displays an input screen or the like for inputting various information.

The operation input unit 23 is composed of a keyboard, a touch panel provided on the surface of the display unit 22, and the like. The operation input unit 23 inputs various information to the control unit 20 based on the operation of the operator.

The communication unit 24 is an interface for communicating with external devices such as the download PC 3 and the payment terminal 6 . The control unit 20 can transmit and receive information (data) to and from an external device by being connected to the external device via the communication unit 24 .

Next, the functional configuration of the control unit 20 of the payment management server 2 will be described. FIG. 4 is a block diagram showing the main functional configuration of the control unit 20 of the settlement management server 2. As shown in FIG. The control unit 20 operates according to the control programs stored in the ROM 202 and the memory unit 21 by the CPU 201, and the control unit 20 includes a reception unit 2001, a management unit 2002, an extraction unit 2003, a first determination information generation unit 2004, and an integrated data generation unit 2005. , and an output unit 2006 . Note that each of these functions may be configured by hardware such as a dedicated circuit.

The reception unit 2001 receives a request for payment data from the download PC 3 . The payment data request includes information specifying the download PC 3, information specifying the operating company, information specifying the shopping center operated by the operating company, information indicating the period of the requested payment data, and the like. In addition, the reception unit 2001 receives a request for payment processing from the payment terminal 6 of each store. The payment processing request includes customer information such as credit information, information indicating the total amount of one transaction, information indicating the transaction store, information indicating the payment method, and the like. If the payment management server 2 does not execute payment processing, the receiving unit 2001 receives payment information from the payment device that has executed the payment processing.

A management unit 2002 manages data. Specifically, the management unit 2002 updates the payment data management file 212 based on the payment information related to the payment for which the payment processing was executed in response to the payment processing request received by the reception unit 2001 . Also, when the payment management server 2 does not execute payment processing, the management unit 2002 updates the payment data management file 212 based on the payment information received by the reception unit 2001 .

The extraction unit 2003 extracts provided data to be provided to an external device from the data managed by the management unit 2002 . Specifically, the extraction unit 2003 extracts the payment data from the payment data management file 212 based on the payment data output request received by the reception unit 2001 from the download PC 3 . The extraction unit 2003 extracts, from the payment data management file 212, payment data relating to the shopping center specified by the payment data output request and corresponding to the period specified by the output request. Note that the payment data output request may include information specifying a store instead of information specifying a shopping center. can be extracted. The payment data extracted by the extraction unit 2003 is provided to the sales management server 5, which is an external device, via the download PC 3, the upload PC 4, and the like.

Based on the provided data extracted by the extraction unit 2003, the first determination information generation unit 2004 generates tampering determination information for determining whether or not the provided data has been tampered with. Specifically, the first determination information generation unit 2004 generates a first hash value for the payment data extracted by the extraction unit 2003 using a hash function. Generating a hash value using a hash function is performed in a known manner.

The integrated data generation unit 2005 converts the tampering determination information generated by the determination information generation unit (first determination information generation unit 2004) into invisible data and integrates it with the provided data to generate integrated data. Specifically, the integrated data generation unit 2005 writes the first hash value generated by the first determination information generation unit 2004 to the alternative data stream of the file, which is the integrated data, and converts the first hash value into invisible data. . Also, the integrated data generation unit 2005 writes the payment data extracted by the extraction unit 2003 into the main stream of the file. As a result, the payment data is written in the visible area, the first hash value is written in the invisible area, and an output file that is integrated data is generated.

The output unit 2006 outputs integrated data generated by the integrated data generation unit 2005 to an external device. Specifically, the output unit 2006 transmits to the download PC 3 the file created by the integrated data generation unit 2005 and containing the payment data and the first hash value requested by the download PC 3 .

Next, the configuration and functions of the sales management server 5 will be described in detail. FIG. 5 is a block diagram showing the main hardware configuration of the sales management server 5. As shown in FIG. The sales management server 5 includes a control section 50 , a memory section 51 , a display section 52 , an operation input section 53 and a communication section 54 . The control unit 50, memory unit 51, display unit 52, operation input unit 53, and communication unit 54 are connected to each other via a bus 55 or the like.

The control unit 50 is composed of a computer having a CPU 501 , a ROM 502 and a RAM 503 . CPU 501 , ROM 502 and RAM 503 are connected to each other via bus 55 .

A CPU 501 controls the overall operation of the sales management server 5 . The ROM 502 stores various programs such as programs used to drive the CPU 501 and various data. A RAM 503 is used as a work area for the CPU 501 and expands various programs and data stored in the ROM 502 and the memory section 51 . The control unit 50 executes various control processes of the sales management server 5 by causing the CPU 501 to operate according to the ROM 502 and control programs stored in the memory unit 51 and developed in the RAM 503 .

The memory unit 51 is composed of a storage medium such as an HDD or a flash memory, and maintains stored contents even when the power is turned off. The memory section 51 stores a control program 511 and a sales data management file 512 .

The control program 511 is a program for reading a hash value and payment data from a file transmitted from the upload PC 4, a program for generating a hash value of the read payment data, and other functions of the sales management server 5 as a data acquisition device. programs and so on.

The sales data management file 512 is a file for managing the sales of each store in the shopping center operated by the operating company. The sales data management file 512 is updated based on the payment data relating to cashless payment acquired from the payment management server 2 and the payment data relating to cash payment separately acquired. The sales data management file 512 stores, for example, stores, dates, daily sales amounts, etc. in association with each other. Note that the memory unit 51 may be an external memory that the sales management server 5 can access.

The display unit 52 is composed of a liquid crystal panel or the like, and displays various information. For example, the display unit 52 displays payment data read from a file received from the upload PC 4 . Also, the display unit 52 displays an input screen or the like for inputting various kinds of information.

The operation input unit 53 is composed of a keyboard, a touch panel provided on the surface of the display unit 52, and the like. The operation input unit 23 inputs various information to the control unit 50 based on the operation of the operator.

A communication unit 54 is an interface for communicating with an external device such as the upload PC 4 . The control unit 50 can transmit and receive information (data) to and from an external device by being connected to the external device via the communication unit 54 .

Next, the functional configuration of the control unit 50 of the sales management server 5 will be explained. FIG. 6 is a block diagram showing the main functional configuration of the control section 50 of the sales management server 5. As shown in FIG. The control unit 50 functions as an acquisition unit 5001, a second determination information generation unit 5002, a determination unit 5003, and a data acquisition unit 5004 by the CPU 501 operating according to control programs stored in the ROM 502 and the memory unit 51. . Note that each of these functions may be configured by hardware such as a dedicated circuit.

Acquisition unit 5001 acquires integrated data in which provided data is integrated with first tampering determination information that is information for determining whether or not the provided data has been tampered with and is made into invisible data. Specifically, the acquisition unit 5001 acquires a file that is output from the payment management server 2 and in which the payment data and the first hash value, which is the hash value of the payment data, are integrated. The file acquired by the acquisition unit 5001 is a file configured in the NTFS format in which the payment data is stored in the main stream, which is the visible area, and the first hash value is stored in the alternative data stream, which is the invisible area.

Based on the provided data acquired by the acquisition unit 5001, the second determination information generating unit 5002 generates second tampering determination information for determining whether or not the provided data has been tampered with. Specifically, the second determination information generation unit 5002 reads the payment data from the file that the acquisition unit 5001 has acquired from the upload PC 4, and generates a second hash value. The second determination information generation unit 5002 generates a second hash value using a hash function for payment data read from a file.

The determination unit 5003 reads the first tampering determination information converted into invisible data and determines whether or not it matches the second tampering determination information generated by the determination information generation unit. Specifically, the determination unit 5003 reads the first hash value generated by the payment management server 2 from the alternative data stream of the file acquired by the acquisition unit 5001 . Then, the determination unit 5003 compares the first hash value read from the file and the second hash value generated by the second determination information generation unit 5002, and determines whether or not they match.

The data fetching unit 5004 fetches the provided data when the first tampering determination information and the second tampering determination information match as a result of determination by the determination unit 5003 . Specifically, when the first hash value read from the file matches the second hash value generated by the second determination information generating unit 5002, the data capturing unit 5004 outputs the Determine that the payment data has not been tampered with. Then, the data fetching unit 5004 updates the sales data management file 512 based on the settlement data included in the file. Further, the data acquisition unit 5004 updates the sales data management file 512 based on the payment data related to the cash payment separately acquired by the acquisition unit 5001 .

Next, processing of the control unit 20 of the settlement management server 2 will be described. FIG. 7 is a flow chart showing the flow of output processing by the control unit 20 of the settlement management server 2. As shown in FIG.

First, the reception unit 2001 receives a payment data request from the download PC 3 (step S1). The extraction unit 2003 extracts payment data corresponding to the shopping center and period specified in the payment data request from the payment data management file 212 (step S2).

The first determination information generation unit 2004 generates a first hash value based on the extracted payment data (step S3). Subsequently, the integrated data generation unit 2005 writes the payment data extracted by the extraction unit 2003 to the main stream, which is the visible area of the output file (step S4).

Also, the integrated data generation unit 2005 writes the first hash value generated by the first determination information generation unit 2004 to the alternative data stream, which is the invisible area of the output file (step S5). By the processing in steps S4 and S5, an output file in which the payment data and the first hash value are integrated is generated.

Next, the output unit 2006 transmits the output file generated by the integrated data generation unit 2005 to the download PC 3 that transmitted the payment data output request (step S6). Then, the control unit 20 terminates the output process.

By the output process of the payment management server 2, the download PC 3 can acquire the file in which the payment data and the first hash value are stored. At this time, since the first hash value is written in the invisible area, it is not normally displayed on the download PC 3 . Therefore, it is possible to prevent the operator of the download PC 3 (such as an employee of the operating company) from noticing the first hash value and rewriting the first hash value.

Therefore, it is possible to suppress the falsification of the first hash value along with the falsification of the payment data. In other words, even if the payment data is tampered with, it is possible to prevent the first hash value from being rewritten to the hash value corresponding to the rewritten payment data, thereby detecting the tampering of the payment data. . Moreover, by utilizing the invisible region of the file, it is not necessary to use encryption technology, so it is possible to easily detect falsification of data.

Next, processing of the control unit 50 of the sales management server 5 will be described. FIG. 8 is a flowchart showing the flow of import processing by the control unit 50 of the sales management server 5. As shown in FIG.

First, the acquisition unit 5001 acquires a file from the upload PC 4 (step S11). Acquisition unit 5001 receives from the upload PC 4 the file output by payment management server 2, that is, the file in which the payment data and the first hash value are stored.

The second determination information generation unit 5002 reads payment data from the main stream, which is the visible area of the file acquired by the acquisition unit 5001 (step S12), and generates a second hash value based on the read payment data (step S13). ). The second hash value is generated using the same hash function as the hash function used when the settlement management server 2 generates the first hash value.

Subsequently, the determination unit 5003 reads the first hash value from the alternative data stream, which is the invisible area of the file acquired by the acquisition unit 5001 (step S14). Then, the determination unit 5003 compares the first hash value and the second hash value (step S15), and determines whether or not both hash values match (step S16).

If the first hash value and the second hash value match (Y in step S16), the data fetching unit 5004 fetches the payment data read from the file (step S17). That is, the sales data management file 512 is updated based on the settlement data read from the file. Then, the control unit 50 terminates the capturing process.

If the first hash value and the second hash value do not match (N of step S16), the control unit 50 transmits error information to the upload PC 4 (step S18). The error information sent to the upload PC 4 is information indicating that the uploaded payment data is falsified or corrupted data and is not appropriate. When the error transmission is completed, the control unit 50 ends the capturing process.

By the above-described fetching process, the sales management server 5 can fetch the payment data output by the payment management server 2 and not fetch tampered or damaged payment data.

As described above, the data providing apparatus of the above embodiment includes a management unit 2002 that manages data, an extraction unit 2003 that extracts provided data to be provided to an external device from the data managed by the management unit 2002, and an extraction unit 2003. A determination information generation unit (first determination information generation unit 2004) that generates tampering determination information for determining whether or not the provided data has been tampered based on the provided data extracted in 2004; An integrated data generation unit 2005 that converts the obtained falsification determination information into invisible data and integrates it with the provided data to generate integrated data; and an output unit 2006 for outputting.

This prevents the data recipient from rewriting the falsification determination information. Therefore, by using the data providing apparatus of the above-described embodiment, falsification of the provided data can be easily detected without using encryption technology or the like.

Further, the integrated data generating unit 2005 of the data providing apparatus of the above embodiment generates a file in which the provided data is saved in the visible area and the falsification determination information is saved in the invisible area.

As a result, it is possible to detect falsification of the provided data by utilizing the invisible area provided in the file. Therefore, falsification of the provided data can be detected more easily.

Further, the data acquisition device of the above embodiment generates integrated data in which the provided data and the first tampering determination information that is made into invisible data and is information for determining whether the provided data has been tampered with. an acquisition unit 5001 that acquires; and a determination information generation unit (second determination information generation and a determination unit 5003 that reads the first tampering determination information converted into invisible data and determines whether or not it matches the second tampering determination information generated by the determination information generation unit.

As a result, the data acquisition device can easily detect falsification of the provided data without using an encryption technique or the like.

In addition, the data acquisition device of the above embodiment further includes a data acquisition unit 5004 that acquires provided data when the determination result of the determination unit 5003 is that the first tampering determination information and the second tampering determination information match.

As a result, the data acquisition device can acquire the provided data provided that the provided data has not been tampered with. Therefore, it is possible to prevent the tampered provided data from being imported.

In the above embodiment, the control programs executed by the payment management server 2, which is the data providing device, and the sales management server 5, which is the data acquisition device, are recorded in a computer-readable recording medium such as a CD-ROM. may be configured to provide Also, the control programs executed by the server 2 of the settlement management server 2 and the sales management server 5 of the above embodiment are stored on a computer connected to a network such as the Internet, and are provided by being downloaded via the network. Alternatively, it may be configured to be provided via a network such as the Internet.

Although the embodiment of the present invention has been described above, this embodiment is presented as an example and is not intended to limit the scope of the invention. This embodiment can be implemented in various other forms, and various omissions, replacements, and modifications can be made without departing from the scope of the invention.

2 Settlement management server (data providing device)
5 Sales management server (data acquisition device)
2002 Management unit 2003 Extraction unit 2004 First determination information generation unit (determination information generation unit)
2005 integrated data generation unit 2006 output unit 5001 acquisition unit 5002 second determination information generation unit (determination information generation unit)
5003 determination unit 5004 data acquisition unit

JP-A-2008-269544

Claims (6)

a management department that manages data;
an extraction unit for extracting provided data to be provided to an external device from the data managed by the management unit;
a determination information generation unit that generates, based on the provided data extracted by the extraction unit, tampering determination information for determining whether or not the provided data has been tampered with;
an integrated data generation unit that converts the tampering determination information generated by the determination information generation unit into invisible data and integrates it with the provided data to generate integrated data;
an output unit that outputs the integrated data generated by the integrated data generation unit to the external device;
A data providing device comprising: The integrated data generation unit stores the provided data in a visible area and generates a file in which the tampering determination information is stored in an invisible area.
The data providing device according to claim 1. an acquisition unit that acquires integrated data in which provided data and first tampering determination information that is information for determining whether or not the provided data has been tampered and that is made into invisible data are integrated;
a determination information generating unit configured to generate second tampering determination information for determining whether or not the provided data has been tampered with, based on the provided data acquired by the acquiring unit;
a determination unit that reads the first tampering determination information converted into invisible data and determines whether or not it matches the second tampering determination information generated by the determination information generation unit;
A data acquisition device comprising: further comprising a data fetching unit that fetches the provided data when the first tampering determination information and the second tampering determination information match as a result of determination by the determination unit;
The data acquisition device according to claim 3. A program for controlling a data providing device by a computer,
said computer,
a management department that manages data;
an extraction unit for extracting provided data to be provided to an external device from the data managed by the management unit;
a determination information generation unit that generates, based on the provided data extracted by the extraction unit, tampering determination information for determining whether or not the provided data has been tampered with;
an integrated data generation unit that converts the tampering determination information generated by the determination information generation unit into invisible data and integrates it with the provided data to generate integrated data;
an output unit that outputs the integrated data generated by the integrated data generation unit to the external device;
program to function as A program for controlling a data acquisition device with a computer,
said computer,
an acquisition unit that acquires integrated data in which provided data and first tampering determination information that is information for determining whether or not the provided data has been tampered and that is made into invisible data are integrated;
a determination information generating unit configured to generate second tampering determination information for determining whether or not the provided data has been tampered with, based on the provided data acquired by the acquiring unit;
a determination unit that reads the first tampering determination information converted into invisible data and determines whether or not it matches the second tampering determination information generated by the determination information generation unit;
program to function as

Images