JP3891363B2 - Game information media - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present inventionGame information mediaIn particular, the present invention relates to a game information medium that checks an information writing error or the like and disables the operation when the error accumulates to a predetermined value.
[0002]
[Prior art]
In general, as a playground equipment using game media, for example, a pachinko machine, an arrangement ball machine, a sparrow ball machine, and a medal are used.Slot machine(Revolving slotGame machines), using ballsSlot machine(Revolving slotGaming machines).
Conventionally, for example, when playing a pachinko game, a player puts money into a ball lending machine and converts it into a desired number of balls at a game store, and possesses the converted game ball to select a game machine and play a game . In addition, the banknotes were converted to money to some extent, and the balls were lending while throwing money into the interbank ball lending machine attached to the gaming machine.
[0003]
Recently, in order to eliminate the annoyance of ball lending as described above, there are cards that use prepaid cards (game cards). This is because the player purchases a card with the amount recorded in advance and uses it for the game, and converts it so that it can be used for the game within the range of the amount recorded on the card in the course of use. The amount recorded on the card is reduced. Specifically, a gaming machine that uses a card to play a game, such as a pachinko gaming machine, a slot machine (so-called pachislot gaming machine), or the like, uses a gaming ball that is a gaming value as a valuable value (amount) recorded on the card, The game is converted into game coins. Such prepaid cards include magnetic cards.
[0004]
In addition, a predetermined amount of game balls are encapsulated in a gaming machine (so-called encapsulated ball game machine), and a storage medium (for example, a card) in which a valuable value and a gaming value (for example, the number of possessions) are stored is inserted. Based on the above, there has also been proposed a game hall facility that allows a game to be performed within the range of its value and, as a result, stores the acquired value in a storage medium.
In the latter case, for example, there is a type in which a valuable value and a game value are stored in a card as a storage medium and a game is played based on the value. This is to record the value given in the game on the card without paying it out as a real ball or a real coin. For this reason, the player has the trouble of carrying a game ball or a game coin as before. Opened.
Recently, a technology for using an IC card as a card as a storage medium is being developed. In this case, it is important that the IC card has high security and is not easily tampered with.
[0005]
[Problems to be solved by the invention]
However, such conventional game cards have the following problems.
(A) When a conventional prepaid card is used, money amount information (valuable value information) is stored in a magnetic card with low safety, so there is a risk that the money amount information may be falsified. In card companies, there are problems associated with tampering. Therefore, it is desired to be a highly safe game card.
(B) In addition, when storing highly important information such as valuable value and game value in the game card, it is necessary to use a highly secure card, so the magnetic card used for the prepaid card as described above. When is used, problems such as falsification of valuable value and game value occur as in the case described above.
[0006]
(C) In order to solve such problems, it has been proposed to use an IC card as a game card instead of using a conventional magnetic card. There is nothing effective yet in terms of ensuring safety for a terminal device into which an IC card is inserted because it depends on safety.
For example, the applicant of the present invention has developed a technique (refer to an example described later) for mutual authentication with each terminal device of a game hall facility into which an IC card is inserted. When it is determined that the authentication of the terminal device into which the IC card is inserted is false, if the IC card can be inserted any number of times, the authentication of the terminal device is continuously challenged, which is inconvenient. Therefore, it is desired to increase the security level.
[0007]
(D) Also, if there is an error in writing information to the IC card, the terminal device has been configured so that the terminal device can simply try to write again by simply ejecting the card. There is a problem that the IC card that has a high probability of being held will continue to be possessed. Therefore, it is desirable to always provide an IC card having a certain normal function to a player.
(E) Although IC cards are generally highly secure, they still use predetermined commands and communication protocols for writing / reading information, and encrypting and transferring information during communication Some have. In that case, if a command, communication protocol or encryption process is decrypted by a third party, the information can be falsified, so a countermeasure is desired. Conventionally, even if the identification number of the terminal device is wrong, the IC card Since the IC card could not be disabled and it was possible to insert (that is, access) the IC card into the same terminal device any number of times next time, the information on the IC card could be falsified as a result. .
[0008]
Accordingly, the present invention has been made in view of the above-described problems, and an object of the present invention is to provide a game information medium in which it is difficult to falsify information and the security level can be increased.
[0009]
[Means for Solving the Problems]
  In order to achieve the above object, the game information medium according to the first aspect of the present invention is at least information related to a game such as valuable value information, game value information, and security information.And recognition information of a plurality of terminal devicesGame-related information recording means capable of recording
  Information writing / reading means for writing and reading game related information to and from the game related information recording means based on a command from the attached terminal device;
  Information writing to game-related information recording means based on instructions of information writing / reading meansWrite information comparing means for comparing information sent from time to time with written information;
  A mounted terminal device authenticating means for comparing and comparing terminal device recognition information sent based on a command from the mounted terminal device and the terminal device recognition information stored in advance in the game related information recording unit;
  When the comparison result by the writing information comparison means is inconsistent and when the comparison determination by the attached terminal apparatus authentication means is determined to be false, the number of occurrences of trouble is counted.Defect counting means;
  When the counting result of the defect counting means reaches a predetermined value,Except for specific attached terminal devices,Operation disabling means for disabling operation of at least the information writing / reading means;With
  If the comparison result by the writing information comparison means does not match, 1 is added and counted as the number of trouble occurrences, and if the comparison judgment by the attached terminal apparatus authentication means is determined to be false, the number of trouble occurrences immediately Is set to a predetermined valueIt is characterized by.
[0010]
As a preferred embodiment, for example, as in claim 2, the disabling means is
An inoperable transition reporting means for reporting the transition to the inoperable state to the attached terminal device may be provided.
[0011]
For example, as in claim 3, the disabling means is
An inoperability notifying means for informing the player that it is inoperable may be provided.
[0015]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, an embodiment of the present invention will be described with reference to the drawings as an example applied to a card-type game system.
(I) Overall composition of amusement hall facilities
FIG. 1 is a block diagram showing the overall configuration of a game hall facility that realizes a card-type game system using an IC card. In FIG. 1, 1 is an amusement shop and 2 is a card management company (hereinafter referred to as a card company. The same applies to the drawings). The game store 1 is roughly divided into a card management device (hereinafter referred to as management device) 11, a management analysis device 12, a repeater 13, a prize POS (premium exchange device) 14, an ATM exchange 15, an island unit (so-called island equipment: game) 16), repeaters 21 and 22, a card issuing machine (information medium issuing device) 23, an updating machine (information medium updating device) 24, and a large amount money adding machine (value added device) 25. Yes.
[0016]
Further, a plurality of gaming machines (encapsulated ball type gaming machines) 31a to 31n (hereinafter simply indicated by reference numeral 31) and a replenishing device 32 are arranged on the island unit 16. In FIG. 1, only one island unit 16 and one repeater (sub repeater) 22 are shown, but a plurality of such island units 16 and repeaters (sub repeaters) 22 are arranged in units of islands. Has been.
The prize POS 14, the card issuing machine 23, the updating machine 24, the large amount adding machine 25, and the gaming machine 31 correspond to a mounted terminal device to which an IC card 200 (game information medium) described later can be mounted.
[0017]
The ATM exchange 15 is an exchange control device that controls transmission of information from the management device 11, management analysis device 12, main repeater 13, and prize POS 14 installed in the amusement store 1, and an information transmission path 41 made of an optical fiber is provided. For example, an information amount of 155 Mbps can be transmitted.
Here, ATM (Asynchronous Transfer Mode) will be described. In general, packet communication cannot be performed at high speed, and signals with a very high bit rate cannot be handled. On the other hand, in the ATM exchange, it is assumed that a high-quality transmission line such as an optical fiber transmission line with a low code error rate is used, and an error check for each cell (a digitized information block of a certain length) is performed. Instead, a hardware switch capable of direct high-speed operation is used for exchange connection. As a result, the operation speed of the semiconductor switch can be used, and even a signal of several hundred megabits / second or more can be exchanged and connected. With such an ATM exchange technology, it is possible to transfer various types of information such as data, documents, sounds, images, images, etc. on a single line.
[0018]
Based on the above principle, the ATM switch 15 of the present embodiment performs exchange control for receiving information from each terminal device installed in the store and transmitting necessary information.
The information transmission path 41 comprising the ATM switch 15 and the optical fiber constitutes a first transmission network 42 having a physically large information transmission capacity, and the management device 11, the management analysis device 12, the main repeater 13, and the prize POS 14 are the first. A network connected by a transmission network 42 is configured. A system having a physically large information transmission capacity is a system that can secure an extremely large transmission capacity using an ATM exchange technology and an optical fiber.
[0019]
The main repeater 13 relays information transmission between the upper first transmission network 42 and the lower repeaters 21 and 22. For example, an optical repeater is used to perform communication using infrared rays. The main repeater 13 can transmit information of 155 Mbps with the ATM switch 151 in the upper first transmission network 42 and can transmit information of 16 Mbps with the lower repeaters 21 and 22. It is.
The subordinate repeater 21 relays information transmission between the card issuing machine 23, the renewal machine 24, the large-sized money adding machine 25, and the main repeater 13. For example, an optical repeater is used and infrared light is used. Communicate. The repeater 21 can transmit information of 1 Mbps between the card issuing machine 23, the updating machine 24, and the large amount money adding machine 25.
[0020]
On the other hand, the lower level repeater 22 relays information transmission among the gaming machines 31a to 31n, the replenishment device 32, and the main repeater 13, and for example, an optical repeater is used to perform communication using infrared rays. . The repeater 22 can transmit information of 1 Mbps between the gaming machines 31 a to 31 n and the supply device 32.
The repeaters 21 and 22, the main repeater 13, the card issuing machine 23, the updating machine 24, the large-sized money adding machine 25, the gaming machines 31 a to 31 n, and the replenishing device 32 are wireless (here, information transmission using infrared rays). A network coupled by two transmission networks 43 is configured.
It includes a management device 11, a management analysis device 12, a main repeater 13, and a prize POS 14 connected to a first transmission network 42 having a large transmission capacity, which is configured through an ATM exchange 15 and an information transmission path 41 made of an optical fiber. A network including the repeaters 21 and 22, the main repeater 13, the card issuing machine 23, the updating machine 24, the large-sized money adding machine 25, the gaming machines 31 a to 31 n and the replenishing device 32 that are coupled to the network through the second transmission network 43. Constitutes a local area network (LAN) as a whole, and is a system capable of mutually transferring information at high speed.
[0021]
The management device 11 is connected to the card company 2 via a telephone line 45 (for example, a digital line such as ISDN) via an ATM switch 15 installed in the store. The management apparatus 11 and the ATM switch 15 are connected by an information transmission path 41 made of an optical fiber.
The card company 2 issues an IC card common throughout the country as a game card, or performs payment for the game card at the game store 1. Moreover, various information of the management apparatus 11 in the game store 1 is received as needed (for example, reception of payment information of a card). The amusement store 1 is connected to the card company 2 via a telephone line in order to obtain card issuance information or necessary information from the card company 2 or to make an inquiry.
In the following description, an IC card 200 (game information medium) described later is simply abbreviated as a game card or a card as appropriate.
[0022]
More specifically, when the card company 2 issues a card, the temporary issue machine number, serial number (for example, issue number), security information, and encryption key are stored for each game store. To issue. In addition to the card information, the card company 2 identifies the card issuing machine 23, the gaming machine 31, the renewing machine 24, the large amount money adding machine 25, the identification number of the prize POS 14 (individual identification necessary for mutual authentication of each terminal device Information), card restriction information (for example, maximum value of additional amount: 20000 yen), and the like are transferred to the management device 11 of each game store. The individual identification information will be transmitted to the card issuing machine 23 later as an initial value by the management apparatus 11.
In this way, the game store 1 is connected to the card company 2 via the ATM switch 15 in order to obtain card issuance information or necessary information from the card company 2 or to make an inquiry.
[0023]
The management device 11 is arranged in the hall management room, and as a management related to the card system, the card issuer 23, the gaming machine 31, the renewal machine 24, and the large-sized machine via the telephone line, the ATM switch 15, and the information transmission path 41 from the card company 2. Necessary for management control of each terminal device of the amusement store 1 in addition to receiving information such as the money adding machine 25, the identification number of the prize POS 14 and card restriction information and transmitting it to the card issuing machine 23 as an initial value Perform proper processing. In addition, processing for transmitting information relating to card settlement to the card company 2 is also performed. Further, the management device 11 manages various card information of issued cards, and stores and manages the verification history with the card inserted from each terminal device (for example, gaming machine 31, update machine 24, etc.). . In addition, the verification history with the card is cleared only on the day of the shop.
[0024]
Similarly, the management analysis device 12 is arranged in the hall management room and performs calculations, display, simulation processing, etc. relating to the hall management, and is connected to each terminal device via the ATM switch 15 and the information transmission path 41. Receive the necessary information. For example, necessary data is collected from a large number of encapsulated ball-type gaming machines 31 installed in the island unit 16 of the hall, and data corresponding to various gaming states is organized for calculation, display, and simulation processing necessary for management. Then, business analysis is performed, and the result is displayed on a display or printed on a printer.
[0025]
(II) Terminal device communication system
FIG. 2 is a diagram illustrating a communication system of the terminal device. In FIG. 2, the prize POS 14 is connected to an ATM switch 15 installed in the store via an information transmission path 41 made of an optical fiber, and the main repeater 13 is also connected to the ATM switch 15 via an information transmission path 41 made of an optical fiber. ing. That is, they are connected to a first transmission network 42 having a large transmission capacity, which is configured via an ATM switch 15 and an information transmission path 41 made of an optical fiber.
On the other hand, the main repeater 13 has a function of relaying information between the first transmission network 42 and the second transmission network 43, and each terminal device (the card issuing machine 23, the updating machine 24, a large amount of money addition) An information network is configured via the repeaters 21 and 22 of the second transmission network 43 for the machine 25, the gaming machines 31a to 31n, and the replenishment device 32).
[0026]
The repeaters 21 and 22 are connected to the optical transmitter / receiver 101 of the card issuing machine 23, the optical transmitter / receiver 102 of the renewing machine 24, the optical transmitter / receiver 103 of the large-scale money adding machine 25, and the display units 104a and 104b of the gaming machines 31a to 31n by infrared communication. The optical transmission / reception units 105a and 105b and the optical transmission / reception unit (not shown) of the replenishing device 32 mutually transmit information. The display units 104a and 104b are hereinafter simply represented by reference numeral 104 as appropriate, and the optical transceivers 105a and 105b are hereinafter simply represented by reference numeral 105 as appropriate.
In the island unit 16, gaming machines 31 a and 31 b are arranged, and an inter-unit money amount adding machine 71 is arranged.
[0027]
The card issuing machine 23 issues an IC card 200 (game information medium) purchased from the card company 2 to a player as a game card (for example, when a player who does not have an IC card purchases) For example, a game card is issued for 1000 yen. The issued card can be used continuously for a predetermined period (for example, one year). The card issuing machine 23 transfers game card sales information and the like to and from the management device 11 and the management analysis device 12 via the optical transmission / reception unit 101. Further, the card issuing machine 23 performs mutual authentication processing with the IC card at the time of issuing the card, and if it is determined to be valid, the card issuing machine 23, the gaming machine 31, the renewing machine 24, the large amount money adding machine 25. Processing for recording the identification number of the prize POS 14 and the initial value of each information (for example, the number of possessed balls = 0) is performed.
[0028]
The large amount adding machine 25 inserts an IC card purchased by a player and inserts coins and banknotes to add a desired amount to the IC card. First, mutual authentication processing of the IC card is performed. The amount (value) is added to the IC card based on the above. As the additional amount, for example, any of 3000 yen, 5000 yen, and 10000 yen can be selected. The addition of the amount can also be performed by the inter-unit amount addition machine 71 arranged between adjacent gaming machines. In this case, the amount is added in units of 1000 yen.
The gaming machine 31 performs mutual authentication of the IC card, and based on the result, the amount (valuable value information) recorded on the IC card is converted into the number of possessions (game value information) that can be used in the game and can be played. In addition, the game is made possible by the number of possessions (game value) already recorded as a result of the game, and the result of the game is recorded on the IC card.
[0029]
Specifically, when an IC card is inserted, the IC card information (amount data, number of possession data, etc.) is read to lend a ball, or the number of balls acquired by the player is stored in the IC card. The ball lending (that is, sales) information using an IC card is transferred between the management device 11 and the management analysis device 12 via the optical transmission / reception unit 105 of the display unit 104 over the network.
The display unit 104 is provided with a communication control device, and the communication control device converts the data (message packet) corresponding to the game information into a format capable of polling communication using infrared rays via the optical transmission / reception unit 105. Then transfer over the network.
[0030]
The renewal machine 24 is for replacing a card that has passed a predetermined expiration date (for example, one year) with a new card in order to use the IC card without any trouble, and the expiration date (for example, one year) has been exceeded. When an IC card is inserted, the IC card is made unusable under predetermined conditions (in this case, the update permission is inquired of the card company 2 via the management device 11 and updated when permission is given). A process of collecting and issuing a new IC card and recording information recorded on the IC card before the collection onto the new IC card is performed.
[0031]
The prize POS14 performs mutual authentication of the IC card, and based on the result, exchanges the prize according to the information on the IC card, and can be settled based on the number of possessions (game value) recorded on the IC card. And If the number of possession data recorded on the IC card does not match the data recorded on the management device 11, the exchange of prizes is decided by discussion between the player and the staff in the hall. This is because the prize exchange is not permitted in all cases.
The prize POS 14 is arranged at the counter of the hall, and is a place where the attendant can always be monitored. In the prize exchange at the prize POS14, cash, prizes (exchanged according to the number of balls selected by the player and the number of balls) based on the number of possession information stored in the IC card, and the amount of money stored (as money information at the exchange rate of the hall) Can be exchanged).
The replenishing device 32 encloses or replenishes encapsulated balls with respect to the plurality of gaming machines 31a to 31n arranged in the island unit 16 (see FIG. 1).
[0032]
(III) Configuration of IC card
(A) Internal block configuration of IC card
Next, the IC card 200 will be described in detail.
FIG. 3 is a block diagram showing the configuration of the IC card 200. In FIG. 3, an IC card 200 is used as a game card, and includes a transmission / reception planar coil 201, a clock extraction circuit 202, a DC circuit 203, a transmission circuit 204, a demodulation circuit 205, a clock circuit 206, a clock switching circuit 207, and a power switching circuit 208. A solar cell 209, a booster circuit 210, a driver circuit 211, an LCD 212, a CPU 213, a ROM 214, a RAM 215, an EEPROM 216, and a key switch 217.
[0033]
Here, when the IC card 200 used as a game card is defined, the IC card normally has an 8-bit (or 4-bit) CPU, a data memory, and a program memory storing a predetermined program, and is contactless. This is a high-security memory medium that uses an electromagnetic coupling type and can perform advanced judgment, computation, data protection, etc. by utilizing the functions of the CPU. The data memory used is non-volatile, and for example, a rewritable EEPROM is the mainstream.
An IC is normally embedded in a thin plastic card (which may be a vinyl chloride card), so that sufficient protection can be achieved while ensuring portability. Also, unlike magnetic cards, safety and security protection are sufficient. In addition, you may make it use not the IC card but the optical card in which safety | security and security protection are fully implemented similarly. In such a case, necessary parts such as a card reader / writer corresponding to the optical card are used.
[0034]
When the IC card 200 is inserted into the card reader / writer of each device described above, the transmission / reception planar coil 201 captures electromagnetic waves emitted from the card reader / writer and detects power, information (for example, information on commands, data, signals, etc.). (That is, capturing electromagnetic waves emitted from the attached terminal device) and transmitting information to the card reader / writer by wireless electromagnetic coupling. , A contactless card).
[0035]
When the electromagnetic wave emitted from the card reader / writer is captured, the electromagnetic energy is captured, and the power to be supplied to the IC card 200 is received. At this time, the electromagnetic wave emitted from the card reader / writer operates the IC card 200.To makeIt has enough power for the required power. The above information is a broad concept including data, commands, parameters, and signals (for example, clock signals), and means all information transferred between the card reader / writer and the IC card 200. Hereinafter, a state where power is supplied by wireless electromagnetic coupling and information is mutually transferred will be described using the expression “there is a power supply signal” as appropriate.
[0036]
The clock extraction circuit 202 (having a fast clock frequency) extracts a clock signal from a wireless electromagnetic coupling signal received from the card reader / writer received via the transmission / reception planar coil 201 and outputs it to the clock switching circuit 207. On the other hand, the clock circuit 206 (having a slow clock frequency) generates a clock signal necessary for the processing of the CPU 213 when it is carried and outputs it to the clock switching circuit 207. The clock switching circuit 207 switches the output of the clock extraction circuit 202 or the clock circuit 206. When the IC card 200 is inserted into the card reader / writer and is electromagnetically coupled, the clock signal from the clock extraction circuit 202 is supplied to the CPU 213. When the card reader / writer is not inserted, the clock signal of the clock circuit 206 is supplied to the CPU 213.
[0037]
The direct current circuit 203 takes out electromagnetic energy to be supplied power to the IC card 200 from a wireless electromagnetic coupling signal received from the card reader / writer via the transmission / reception planar coil 201 and converts it into DC (that is, by the transmission / reception planar coil 201). Electric power is taken out from the supplemented electromagnetic wave to generate drive power) and supplied to the power switching circuit 208 and the transmission circuit 204. The solar cell 209 receives external light (for example, sunlight), generates DC power and supplies it to the power switching circuit 208, and is disposed on the surface of the IC card 200. The power switching circuit 208 switches the power supply to the IC card 200 to the DC circuit 203 or the solar battery 209. When the IC card 200 is inserted into the card reader / writer and is electromagnetically coupled, DC power is supplied to the CPU 213, and DC power from the solar cell 209 is supplied to the CPU 213 and the booster circuit 210 when the card reader / writer is not inserted.
[0038]
The booster circuit 210 boosts the voltage necessary for driving the LCD 212, boosts the DC voltage supplied from the power switching circuit 208 to a predetermined voltage, and supplies it to the driver circuit 211. The driver circuit 211 drives the LCD 212 with the DC voltage boosted by the booster circuit 210, and displays information on the LCD 212 based on the output signal of the CPU 213 at this time. The LCD 212 is driven by the driver circuit 211 and displays corresponding information based on the output signal of the CPU 213. The LCD 212 is a small and long liquid crystal display that can be displayed in a single line using multiple numbers, symbols, etc. to display necessary information (for example, the amount of money, the number of possessions, the amount of money, etc.) Is used. A color liquid crystal display may be used as the LCD 212. The key switch 217 is operated by a player. For example, each time a key is pressed, information such as the amount displayed on the LCD 212, the amount of money to be held, and the amount of money to be stored can be sequentially switched.
The demodulator circuit 205 demodulates the wireless electromagnetic coupling signal received from the card reader / writer received via the transmission / reception planar coil 201 to extract necessary data, and outputs the extracted data to the CPU 213. The transmission circuit 204 consumes the power supplied from the DC circuit 203 based on the output signal of the CPU 213, thereby indirectly informing the card reader / writer side of the signal from the IC card 200.
[0039]
The CPU 213 performs processing necessary for writing / reading data to / from the IC card 200, and the ROM 214 stores processing programs executed by the CPU 213 and data necessary for processing. The RAM 215 is used as a work area, and the EEPROM 216 (game-related information recording means) is a non-volatile memory that can hold data even when the power supply is cut off. Necessary information such as identification information of the terminal device (for example, card issuer identification information, large-value-added machine identification information) is stored.
[0040]
(B) Configuration of card reader / writer control device
FIG. 4 is a block diagram of the card reader / writer control device. 4 corresponds to a card reader / writer control device arranged in each terminal device. As an example, the card reader / writer control device 251 and the card reader / writer 252 arranged in the card issuing machine 23 are taken as an example. explain.
The card reader / writer control device 251 includes a CPU 231, a modulation circuit 232, a reception circuit 233, a transmission / reception planar coil 234, and an attached network board 247. The CPU 231 performs arithmetic processing necessary for reading data from the IC card 200 and writing data to the IC card 200 and controls the operation of the card reader / writer 252. Based on the output signal of the CPU 231, the modulation circuit 232 modulates a signal for supplying operating power to the IC card 200 and outputs the modulated signal to the transmission / reception planar coil 234. Therefore, data is superimposed on the signal for supplying the operating power of the IC card 200 to the transmission / reception planar coil 234. The transmission / reception planar coil 234 is driven based on the output of the modulation circuit 232, and the operating power, transfer data, and signals (including clock signals) of the IC card 200 are electromagnetically coupled to the transmission / reception planar coil 201 on the IC card 200 side. Send.
[0041]
The reception circuit 233 monitors how the output of the modulation circuit 232 supplied to the transmission / reception planar coil 234 changes (that is, transmission of the IC card 200 by electromagnetic coupling between the transmission / reception planar coil 234 and the transmission / reception planar coil 201). Since power is consumed based on information to be transmitted by the circuit 204, a signal change corresponding to data from the IC card 200 is indirectly detected by monitoring a voltage waveform corresponding to the information (from the IC card 200). The attached network board 247 supplies power to the card reader / writer control device 251 and transfers data to and from the CPU 231.
[0042]
(C) Structure of IC card
Next, the structure of the IC card 200 will be described.
FIG. 5 is an external perspective view of the front side of the IC card 200. In FIG. 5, an elongated LCD 212 and a solar cell 209 are arranged on the front side of the IC card 200, and a circular key switch 217 is further arranged. As shown in FIG. 6, a transmission / reception planar coil 201, a calculation control unit 261, and a communication control unit 262 are arranged inside the IC card 200. The transmitting / receiving planar coil 201 is arranged slightly on the solar cell 209 side from the center of the IC card 200 and is formed in a circular shape.
The arithmetic control unit 261 is formed as one large IC including the clock circuit 206, the clock switching circuit 207, the power switching circuit 208, the booster circuit 210, the driver circuit 211, the CPU 213, the ROM 214, the RAM 215, and the EEPROM 216, and is located near the terminal of the LCD 212. Has been placed. The communication control unit 262 is formed as one small IC including the clock extraction circuit 202, the DC circuit 203, the transmission circuit 204, and the demodulation circuit 205, and is disposed in the vicinity of the transmission / reception planar coil 201.
[0043]
FIG. 7 is a view showing an assembly structure of the IC card 200. FIG. 7A shows an upper member 301 of the IC card 200. The upper member 301 is made of a thin plastic material, and portions where the LCD 212 and the solar cell 209 are disposed are formed by transparent clear members 302 and 303. FIG. . The portion of the upper member 301 where the key switch 217 is disposed is formed by a key switch member 304 having a predetermined color.
FIG. 7B shows a base part 310 of the IC card 200. The base part 310 is made of a material that can be printed and wired, and each circuit such as an arithmetic control part 261, a communication control part 262, a key switch 217, a transmission / reception planar coil 201, and the like. Is forming. Further, the base portion 310 is integrally connected to the LCD 212 and the solar cell 209. The arithmetic control unit 261, the communication control unit 262, and the transmission / reception planar coil 201 constitute information writing / reading means. In addition, the arithmetic control unit 261 constitutes a failure counting unit, an operation disablement unit, an operation disable transition report unit, a mounted terminal device authentication unit, a failure determination unit, and an information writing / reading enablement unit. The arithmetic control unit 261 and the LCD 212 constitute inoperability notifying means.
[0044]
FIG. 7C shows a casing 320 of the IC card 200. The casing 320 is made of a thin plastic material, and portions where the LCD 212 and the solar cell 209 are arranged are formed in receiving portions 321 and 322 that are recessed in a concave shape. . In addition, a portion of the casing 320 where the circuits such as the arithmetic control unit 261, the communication control unit 262, the key switch 217, and the transmission / reception planar coil 201 are arranged is also formed in the receiving portion 323 that is recessed in the same manner.
FIG. 7D shows a seal member 330 on the back side of the IC card 200, and the seal member 330 is made of a thin seal-like material with a predetermined color and is attached to the back side of the casing 320.
In order to assemble the IC card 200 having such a structure, the base part 310 is mounted on the casing 320 from above, and then the upper member 301 is put on the base part 310, and the seal member 330 is pasted on the back surface of the casing 320. wear. In this way, the IC card 200 is assembled by the process.
[0045]
(D) IC card storage information
FIG. 8 is a diagram showing information stored in the IC card 200 (hereinafter referred to as card information as appropriate). Each data is stored separately in each storage area of the IC card 200 for each data.
・ Card number (card number)
This is a card identification number issued by the card company 2, and is issued based on, for example, the manufacturing date and the manufacturing number. The data is, for example, 32 bytes.
・ Security information (Security code: Equivalent to game information medium recognition information)
Data for determining the validity of the IC card 200 in each terminal device (that is, data for determining the authenticity of the card), which is stored in advance by the card company 2. For example, a security code is created using a random number including a code.
・ Temporary counter
This is a counter that is counted when a problem occurs in writing / reading of the IC card 200. When the accumulated value of the temporary counter reaches a predetermined value, an error display may be displayed, or it may be disabled.
[0046]
・ Today's balance
It is data indicating the contents of today's income and expenditure settlement for the player holding the card. The balance is expressed in monetary amounts. For example, the difference between the loan amount used today (minus) and the payment at the giveaway POS (added to the amount of stored balls at a predetermined rate and converted to a premium exchange amount) It becomes the data of.
・ Issuing machine number
This is an identification number of the card issuing machine 23 and is called an issuing machine PIN (hereinafter referred to as an issuing machine identification number). Note that a temporary issuing machine identification number is stored at the initial stage of the card (delivery), and mutual authentication is performed using this temporary issuing machine identification number. Thereafter, the issuing machine identification number (true identification number) is written to the card when the card is issued.
・ Update machine number
This is the identification number of the card renewal machine 24 and is called the renewal machine identification number.
[0047]
・ Game machine number
This is an identification number of the gaming machine 31 and is referred to as a gaming machine identification number.
・ Large-scale amount machine number
This is an identification number of the large-sized money adding machine 25 and is referred to as a large-sized money adding machine identification number.
・ Present POS number
This is the identification number of the prize POS 14 and is referred to as a prize POS identification number.
・ Management device number
This is the identification number of the management device 11 and is called the management device identification number.
Note that the issuing machine number, renewing machine number, gaming machine number, large-value-added machine number, premium POS number, management device identification number, scramble key (encryption key), security code, etc. are common throughout the country and managed by the card company 2 Sent to the device 11. Although not stored in the IC card 200, the card company 2 is also given a card company number (an identification number of the card company), which is referred to as a card company identification number.
[0048]
・ Ball amount
The amount added to the IC card 200 is a balance that can currently be used for ball lending.
・ Payment amount
This is the balance that can be used for lending the ball with the amount obtained by converting the number of possessed balls into stored balls at a predetermined rate at the prize POS14.
・ Number of balls
This is the current number of balls that can be used in the game. It can be used for games only on our day.
・ Game machine number record
This is the machine number of the last gaming machine used in the game. This is to leave a history of the game or to use it as data for relieving the player when the card information is different from the file data of the management device 11.
・ Final hall name
It is the name of the last game store where the game was played. This is to leave a game history.
・ Last hall number
This is the identification number of the last game store where the game was played. This is to leave a game history. The identification number of the amusement store is hierarchized by the municipality.
[0049]
・ Date of use
The date of use of the IC card 200 is stored, and in particular, the last use date is stored. This is to leave a game history.
・ Card status record
Stores the current state of the IC card 200 (hereinafter referred to as the card state). For example, “normal”, “playing”, “suspended”, “stopped”, “regulation 1”, “regulation 2”, “ There is “Regulation 3”. “Normal” refers to a state in which a card is inserted into a terminal device other than the gaming machine 31 or a state in which a player is carrying it. “In game” is a state in which a card is inserted into the gaming machine 31. “Suspended” refers to a state in which the game is suspended. For example, when the player leaves the gaming machine 31 and goes to a meal, the information is information when the game is suspended. “Stop” refers to a state in which the game is stopped at the gaming machine 31 because the number of balls that have been played exceeds a certain amount. “Regulation 1”, “Regulation 2”, and “Regulation 3” are states such as prohibition of movement of the number of balls (to other models).
[0050]
・ Expiration date information
The IC card 200 is valid for one year from the date of issue, and the expiration date information is a date on which one year has passed from the date of issue of the card.
・ Scramble key
This is an encryption key, which is sent from the card company 2 to the game store management device 11 and stored in the card by the card issuing machine 23. For example, the exclusive OR of the information stored in the scramble key area and the received encrypted ball lending amount is taken for decryption and use.
[0051]
(E) Card information memory map
The card information is stored separately in a predetermined storage area of the EEPROM 216 of the IC card 200 for each data, and FIG. 9 shows a memory map of the card information. In FIG. 9, numbers 0 to 255 in the left column indicate memory map addresses, and each column has a 32-byte data area. In the area of address 0, the issuing machine number, the renewing machine number, the large-sized money adding machine number, the gaming machine number, and the prize POS number are stored, and in the address 1 area, the card number is stored. The address 2 area stores a security code, the address 3 area stores a temporary counter, and the address 4 area stores an expiration date.
[0052]
In the area of address 5, ball lending information, number of balls information, accumulated ball information, date of use, card status, balance of payment, store number, store name, and unit number are stored. These information are hex data (hexadecimal data). ), Which is data for calculation. In the area from address 5 to address 154, ball lending information, number of possession information, storage ball information, date of use, card status, balance of payment, store number, store name, and unit number for each column (one address) The address can be stored, and the address is updated in the range from address 5 to address 154 each time access is made, and information is written in an area different from the previous time. This is to improve the use durability of the EEPROM 216 by changing the information writing area for each access.
[0053]
In the area of the address 155, an operating address pointer and an operating rotation counter are stored. The working address pointer is a pointer for designating the address where each information of ball lending information, number of possession information, storage ball information, date of use, card status, balance of payment, store number, store name, unit number is stored Each time there is an access in the range from address 5 to address 154, it is counted up and the next address is designated.
The operation rotation counter is counted up every time the operation address pointer circulates the range from address 5 to address 154 once. When the operation address counter is counted up, it returns to the original address 5 again, and the ball lending information and Number information, stored ball information, date of use, card status, balance of payment, store number, store name, and unit number are stored in the address 5 area.
[0054]
In the area of the address 156, ball lending information (display), number of possession information (display), storage ball information (display), balance of payment (display), unit number (display), store name (display), expiration date (display) The stored information is decimal data or character data, which is display data for display on the LCD 212. In the area from address 156 to address 252, the ball lending information (display), the number of possession information (display), the accumulated ball information (display), the balance of payment (display), the unit number (display) for each column (1 address) ), Store name (display), expiration date (display) can be stored, and the address is updated in the range from address 156 to address 252 each time access is made, so that information is written in an area different from the previous time. It has become. This is to improve the use durability of the EEPROM 216 by changing the information writing area for each access.
[0055]
In the area of address 254, a display address pointer and a display rotation counter are stored. The display address pointer is information on ball lending information (display), number of balls information (display), storage information (display), balance of payment (display), unit number (display), store name (display), expiration date (display) Is incremented every time there is an access in the range from address 156 to address 253 and designates the next address.
The display rotation counter is counted up every time the display address pointer circulates the range from address 156 to address 253 once. When the display address pointer is counted up, it returns to the original address 156 again and the ball rental information (display). , Number information (display), accumulated ball information (display), today's balance (display), unit number (display), store name (display), and expiration date (display) are stored in the address 156 area. An encryption key is stored in the area of address 255.
[0056]
(F) IC card access right status
FIG. 10 is a diagram showing the status of access rights for each piece of card information of the IC card 200. In the figure, the left column shows card information in the IC card, and among the terminal devices, those having the right to write to or read from the card information are indicated by ◯. For example, although the card number can be written / read in the card company 2, the access right is set so that each terminal device can only read out the card number.
In this case, the card number corresponds to write information, and corresponds to regulation information that the card company 2 is permitted to access (write access). The card number corresponds to read information, and corresponds to regulation information that is permitted to be accessed (read access) by the card issuing machine 23. The same applies to other card information, which corresponds to write information / read information along with the contents shown in FIG. 10 with each terminal device, and is treated as prescribed information when access is permitted.
[0057]
Next, the operation will be described.
FIG. 11 to FIG. 19 are flowcharts showing control programs for the IC card 200. This program is executed not only when the IC card 200 is inserted into the card reader / writer but also when the card is carried and operated.
A. IC card main program (FIGS. 11-13)
When the program starts, it is first determined in step S10 whether or not it is an offline mode. This is to determine whether or not there is a power supply signal (electromagnetic wave supply) after the card is inserted into the terminal device (attached terminal device). The power supply signal is wirelessly supplied from the card reader / writer when the card is inserted into the card reader / writer of the terminal device.
[0058]
(A) In offline mode (with card)
This corresponds to the case where there is no power supply signal. The determination result in step S10 is YES, the process proceeds to step S12, and processing corresponding to the player's card operation is executed in the subsequent steps. The card power is supplied from the built-in solar cell 209. At this time, since it is not inserted in the card reader / writer, the clock signal (having a slow clock frequency) of the clock circuit 206 is supplied to the CPU 213. On the other hand, when inserted into the card reader / writer, a clock signal (having a fast clock frequency) from the clock extraction circuit 202 is supplied to the CPU 213.
[0059]
First, in step S12, the RAM 215 is initialized, and in step S14, it is determined whether or not the value of the temporary counter is equal to or larger than a predetermined value (here, “5”). The temporary counter compares the information sent at the time of writing with the written information and checks the terminal identification number transmitted from the attached terminal device when there is a mismatch or only “1” when there is a mismatch. It is a counter that counts the number of malfunctions that are counted up. When the counter exceeds a predetermined value, the operation of the card is disabled. When the temporary counter is “5” or more, the process proceeds to step S16 to display “cumulative abnormality” on the LCD 212. This is equivalent to notifying the player that the card is inoperable. This state is a state where the card cannot be used at all, and the player cannot see the card information. Therefore, at this time, the card is shown to the attendant of the amusement store, and the handling of the card is left to the attendant. For example, after talking with the player, a measure such as updating the card is taken.
[0060]
When the temporary counter is less than “5”, it is determined in step S18, step S22, and step S26 whether the card has not been issued, has been updated, or has been issued.
In each step, “before issue”, “updated”, and “issued” are judged by the card issuer number (terminal identification number) stored in the card. A machine number is assigned.
・ "Before issue" = 55AA (provisional issue machine number)
・ "Updated" = 0000 (Cards inserted into the card updating machine 14 and collected)
・ "Issued" = 5151 (true issue machine number)
The card delivered from the card company 2 stores an encrypted security code, an encrypted card number, an encrypted temporary card issuer number, an encryption key, and a program for operating the IC card 200. The card issuing machine 23 performs mutual authentication with the card using the temporary card issuing machine number, and then the identification number of each terminal device as the initial value (the true card issuing machine number is the temporary card issuing machine number at this time). The initial value of the game (for example, the number of possessions = 0) is written and a card is issued.
[0061]
In step S18, whether or not the card is issued is determined based on whether the card has a temporary issuing machine number or a true issuing machine number. “Before issue” and “issued” if the true machine number is entered. When the card is not issued, the process proceeds to step S20, and “initial” is displayed on the LCD 212. This state indicates that the card has been delivered from the card company 2. Therefore, this corresponds to a state that should normally be in the tank of the card issuing machine 23 (where cards are stocked). However, when “initial” is displayed on the LCD 212, for example, a situation such as the card being stolen can be considered, and “initial” is displayed so that the card information cannot be seen.
[0062]
If the card has not been issued, the process proceeds to step S22 to determine whether or not the card has been updated. If it has been updated, the process proceeds to step S24 to display “DEAD-CARD” on the LCD 212. This state indicates that the card has been recovered by the card renewal machine 24 as the expiration date has passed, and is disabled. Therefore, this corresponds to a state that should normally be in the collection tank of the card renewal machine 24. However, when “DEAD-CARD” is displayed on the LCD 212, for example, there is a possibility that the card has been stolen from the collection tank, and “DEAD-CARD” is displayed to disable the card.
[0063]
If the card has not been issued and has not been updated, the process proceeds to step S26 to determine whether or not the card has been issued. If it has not been issued, the process returns to step S12 and the above processing is repeated. On the other hand, if it has been issued, the process proceeds to step S28 to determine whether or not the operation rotation counter is a predetermined value. The operation rotation counter stores game-related information (that is, ball lending information, number-of-balls information, stored-ball information, date of use, card status, balance of payment, store number, store name, unit number) in the EEPROM 216. If the same place (area) is used continuously, the durability of the storage area deteriorates. Therefore, each time it is used (for example, used for writing), information is written in the next area (of course, information is also read out). Therefore, when all the ranges of the plurality of storage areas are used, the use is counted up and counted. When one range is used, the storage area is rotated in order to use the same range again. Therefore, the operation rotation counter counts the number of rotations of the storage area. This is because the storage area is rotated in this way because there is a guaranteed write count. Therefore, when the guaranteed limit number is reached, the IC card 200 is updated to a new IC card and a notification is issued so that the operation of the IC card 200 can be guaranteed.
[0064]
If the operation rotation counter is a predetermined value as a result of the determination in step S28, the process proceeds to step S30, and a message “Please update the card” is displayed on the LCD 212. This state is performed even if the expiration date has not elapsed. Thereby, the player can know that it is requested | required to insert the said card | curd in the card update machine 24, and to update. In step S32, it is determined whether or not the key switch 217 of the card is on. If the key switch 217 is not turned on, the process returns to step S30 and is repeated. When the key switch 217 is turned on, the process proceeds to step S34. If the operation rotation counter is less than the predetermined value as a result of the determination in step S28, the process jumps to step S30 and step S32 and proceeds to step S34.
[0065]
In step S34, a display address pointer is acquired. The display address pointer is information on ball lending information (display), number of possession information (display), storage information (display), balance of payment (display), unit number (display), store name (display), expiration date (display) Is a pointer for designating the storage address. Therefore, the latest display address pointer value is acquired to display each piece of information, and the contents of the address are read in step S36. That is, the display information stored at the address specified by the display address pointer is read.
[0066]
Initially, the ball lending amount (the balance of the card) is displayed on the LCD 212 in step S38. Thereby, the player can know the balance that can be used for the game while carrying the card. Next, in step S40, it is determined whether or not the key switch 217 has been pressed (ON). If not, the process returns to step S38 to continue displaying the ball lending amount, and when the key switch 217 is pressed, In step S42, the amount of money stored is displayed on the LCD 212. Thereby, the player can know the amount of money that can be used for the game while carrying the card.
Similarly, in step S44, it is determined whether or not the key switch 217 has been pressed. If it has not been pressed, the process returns to step S42 and the display of the amount of money to be stored is continued. The number of balls is displayed on the LCD 212. Accordingly, the player can know the number of balls that can be used for the game while carrying the card.
[0067]
Next, in step S48, it is determined whether or not the key switch 217 has been pressed. If not, the process returns to step S46 and the display of the number of held balls is continued. When the key switch 217 is pressed, the card is loaded in step S50. The expiration date (the date of the card expiration date) is displayed on the LCD 212. Thereby, the player can know the expiration date of the card while carrying the card.
Next, in step S52, it is determined whether or not the key switch 217 has been pressed. If not, the process returns to step S50 to continue displaying the expiration date. If the key switch 217 is pressed, the current balance ( That is, the balance status corresponding to today's game result is displayed on the LCD 212. Thereby, the player can know the balance of the game of today with the card carried.
[0068]
Next, in step S56, it is determined whether or not the key switch 217 has been pressed. If not, the process returns to step S54 to continue displaying the current balance. When the key switch 217 is pressed, the hall name ( That is, the last game is played and the game store name) is displayed on the LCD 212. Thereby, the player can know the name of the game store while carrying the card.
Next, in step S60, it is determined whether or not the key switch 217 has been pressed. If it has not been pressed, the process returns to step S54 and the display of the hole name is continued. When the key switch 217 is pressed, the machine number ( That is, the last game machine number) is displayed on the LCD 212. Thus, the player can know the machine number of the gaming machine that last played the game while carrying the card.
[0069]
Next, in step S62, it is determined whether or not the key switch 217 has been pressed. If not, the process returns to step S62 to continue displaying the machine number of the gaming machine. If the key switch 217 is pressed, the process proceeds to step S28. Return and repeat the process.
In this way, each time the key switch 217 is pressed, the display content changes and information is displayed, and the display information stored at the address is read and displayed on the LCD 212. Thereby, the player can easily know the history of the game by displaying at least the information he wants to know.
[0070]
(B) In online mode (when inserted in the card reader / writer)
This corresponds to the case where there is a power supply signal. The determination result in step S10 is NO, the process branches to step S66, and the process of transferring information to and from the terminal device is executed in the subsequent steps. At this time, the frequency of the clock supplied to the CPU 213 increases at this time, and the clock signal (having a fast clock frequency) from the clock extraction circuit 202 is supplied to the CPU 213.
In step S66, it is determined whether or not there is an activation command. If there is no activation command, the process stands by. If there is an activation command, activation processing is performed in step S68. In the activation process, a line test with the card reader / writer is performed, and idling is performed so that information can be smoothly transmitted between the card and the card reader / writer. Next, the process proceeds to step S70, where it is determined whether or not there is an abnormality in the activation process. If the abnormality is confirmed, the process branches to step S72 to transmit a line abnormality to the card reader / writer, and the process returns to step S70.
[0071]
When the line abnormality disappears, the process proceeds to step S74, and the card company flag and the management device flag are cleared. Next, card company processing is performed in step S76. This is an operation process of the IC card 200 when the card content is checked by the terminal device of the card company 2 (details will be described later in a subroutine). Next, in step S78, management device processing is performed. This is a process of checking the card contents when the terminal device is the management device 11 (details will be described later in a subroutine).
Next, the process proceeds to step S80, where it is determined whether or not the temporary counter is greater than or equal to a predetermined value (here, “5”). When the temporary counter is "5" or more, the process proceeds to step S82, and a card failure error command is transmitted to the card reader / writer. As a result, the card reader / writer recognizes that the card operation is impossible, and disables the card operation on the IC card 200 side. The disabling of the operation here means that the processing after step S84 is not performed, and no information can be transferred between the card and the terminal device.
After step S82, the process returns to step S70. Therefore, if the temporary counter is “5” or more, the process does not proceed to step S84 and subsequent steps, and the card information is not transferred with the terminal device.
[0072]
When the temporary counter is less than “5”, the process proceeds to step S84, where the card issuing machine flag, the large amount money adding machine flag, the gaming machine flag,Free gift POSClear the flag and updater flag. Next, card issuing machine processing is performed in step S86. This is a process for issuing a card in response to a player's request when the terminal device is the card issuing machine 23 (details will be described later in a subroutine). Thereafter, processing corresponding to each terminal device is performed in the same manner. That is, in step S88, a large amount money adding machine process is performed, in step S90, a gaming machine process is performed, and in step S92,Free gift POSIn step S94, an updater process is performed. Since the outline of the processing of these steps S88 to S94 is the same as the card issuing machine processing in step S86, the card issuing machine processing will be described in detail as a representative. After step S94, the process returns to step S70 and is repeated.
[0073]
B. Card issuer processing subroutine
FIG. 14 is a flowchart showing a subroutine of card issuing machine processing. When this subroutine starts, it is determined whether or not there is a check command from the card issuing machine 23 in step S100. If no check command is transmitted, the process branches to step S102 to check whether or not there is a card issuing machine flag. Determine. If there is a card issuing machine flag, the process returns to step S100 and the process is repeated. If there is no card issuing machine flag, the current routine is terminated and the process returns to the main program.
[0074]
On the other hand, if the check command is transmitted from the card issuing machine 23, the process proceeds to step S104, and the card issuing machine flag is set. Next, in step S106, the temporary card issuer number received from the card issuer 23 (if another terminal device, the identification number of the terminal device) and the temporary card issuer number stored in the card are encrypted. Is used for decoding and comparing with a predetermined algorithm. The predetermined algorithm is, for example, an algorithm that takes the exclusive OR of the information stored in the scramble key area and the encrypted temporary card issuer number received from the card issuer 23 and decrypts it. It is.
[0075]
Here, game-related information in the card is encrypted and stored, and when information is transmitted from the card (for example, transmitted to a terminal device), the information stored in the card is transmitted as it is. That is, the encrypted information is transmitted to the terminal device. Therefore, the raw information is not stored in the card and the raw information is not encrypted at the time of transmission. Also, when receiving information from the terminal device, the received encrypted information is temporarily stored in a memory (for example, RAM 215 used as a work area), and then the encrypted received information is stored. Decrypt and check the information restriction item. If it is OK, the encrypted information stored in the memory is written in the addressing area of the EEPROM 216 according to the command. The command itself is not encrypted. The information attached to the command is only encrypted. For example, when “write command”, “write area”, and “information (encrypted information)” are transmitted from the terminal device to the card, “write command” and “write area” are not encrypted. Only “information” is encrypted. On the other hand, in the case of a “read command” for reading information in the card, the information stored after encryption is transmitted to the terminal device as it is (as encrypted information).
[0076]
In step S108, the temporary card issuer number (if another terminal device, the identification number of the terminal device) and the temporary card issuer number stored in the card are used with a predetermined algorithm using an encryption key. It is determined whether the result of decryption and comparison is normal. If the comparison result is abnormal, the process branches to step S110, the temporary counter is incremented by "1", and the process returns to step S100. Therefore, at this time, the card becomes unresponsive. This is also because the information for falsification is not shown by making no response so as not to know the error code. The terminal device performs error processing (for example, ejects the card).
[0077]
If the determination result in step S108 is abnormal, the process branches to step S110 and the temporary counter is incremented by “1”. However, the present invention is not limited to this. If it is determined that the number comparison result is abnormal (that is, false), the temporary counter may be immediately counted up to a predetermined value (for example, “5”). In that case, an error command is transmitted to the terminal device to recognize that the card operation is impossible, and the card disables the operation itself. In this way, the comparison result of the identification number of the terminal device is an important determination result that is false, and thereafter, the card information is not transferred to the card issuing machine 23. Therefore, if the terminal device number is mistaken at the time of transmission, the card operation is immediately disabled, and the card information can be effectively prevented from being falsified.
[0078]
On the other hand, when the comparison result in step S108 is normal, the card has recognized the mounted terminal device (that is, the card issuing machine 23). In step S112, it is determined whether or not the temporary counter is "5" or more. If it is "5" or more, a card failure error command is transmitted to the card reader / writer of the terminal device in step S114. At this time, the terminal device recognizes that the card operation is impossible, while the card disables the operation itself. After step S114, the process returns to step S100. Therefore, if the temporary counter is “5” or more, the process does not proceed to step S116 and subsequent steps, and the card information is not transferred to the card issuing machine 23.
[0079]
When the temporary counter is less than “5”, the process proceeds to step S116 to determine whether the command is an undefined command. An undefined command is a command that is not defined between the card and the terminal device. If there is an undefined command, an abnormality, card falsification, failure, or the like can be considered. Therefore, if there is an undefined command in step S116, the process returns to step S100. At this time, the card becomes unresponsive. This is also because the information for falsification is not shown by making no response so as not to know the error code. The terminal device performs error processing (for example, ejects the card).
[0080]
If there is no undefined command in step S116, the process proceeds to step S118 to determine whether or not there is a security request command (transmitted) from the card reader / writer of the card issuing machine 23. If there is a security request command, the process branches to step S120, and the security check command, the stored security code (encrypted) and card number (serial number) are transmitted to the card reader / writer of the terminal device. As a result, the terminal device checks the security code and recognizes the card. After step S120, the process returns to step S100 to repeat the loop.
In this way, mutual authentication is performed between the card and the terminal device (card issuing machine 23).
[0081]
The above mutual authentication process will be described with reference to FIG. 20. A terminal check command and a terminal device identification number (encrypted information) are sent from the terminal device (ie, card issuing machine 23) to the card (ie, IC card 200). ) And a security data request command. In this case, the terminal device identification number is individual identification information, such as a temporary card issuing machine identification number. In addition, the terminal check command and the security data request command are not encrypted because they are merely command commands.
The card receives a terminal check command transmitted from the terminal device, and performs processing for checking the terminal device based on the received terminal check command. That is, the card obtains the terminal device identification number by decrypting information (encrypted terminal device identification number) with a predetermined algorithm using the encryption key based on the terminal check command received from the terminal device.
[0082]
Next, the decrypted terminal device identification number (hereinafter referred to as the terminal device recognition number transmitted from the terminal device and decrypted) is compared with the decrypted terminal device recognition number stored in advance in the card. At this time, since the terminal device identification number stored in advance in the card is encrypted, the terminal device identification number stored in advance in the card is first used before the check. Then, decryption is performed with a predetermined algorithm, and the decrypted terminal device identification number (hereinafter referred to as a terminal device recognition number held in the card) is acquired. Then, the terminal device identification number transmitted from the terminal device and decrypted is compared with the decrypted terminal device identification number held in the card and checked (Terminal device identification numberConfirmation process), if they match, OK (determined as a legitimate terminal device), and a security check command based on the previously received security data request command, pre-stored security data (encrypted Information) and card number (encrypted information) are transmitted to the terminal device.
[0083]
The terminal device receives the security check command transmitted from the card, and based on the received security check command, obtains the security code by decrypting the security code (encrypted information) with a predetermined algorithm using the encryption key To do. Next, the decrypted security code and the security code stored in the terminal device are compared and checked (card confirmation processing is performed). If they match (if it is a legitimate security code), OK (valid) Mutual authentication is completed.
[0084]
In step S122, it is determined whether or not there is a read command. If there is a read command, the process branches to step S124 to determine whether or not information is read out to the non-access area. This is because information that can be read is defined for each terminal device (see the access right status in FIG. 10).
(A) When reading information to a non-access area
If the information is to be read from the non-access area, the process branches to step S126, a parameter error command is transmitted to the terminal device, and the process returns to step S100. Therefore, card information cannot be read at this time. When returning to step S100, the process is repeated.
(B) When reading information to an area (accessible area) that is not a non-access area
If the information is not read to the non-access area in step S124, the process proceeds to step S128, and the designated data (read request information) is acquired from the memory of the current operating address pointer or the dedicated memory and set as transmission data. .
[0085]
Here, the memory of the working address pointer corresponds to the area of each column of addresses 5 to 154 in the memory map shown in FIG. There are information on lending information, information on the number of possession balls, information on accumulated money, date of use, card status, balance of payment, store number, store name, and unit number. On the other hand, the dedicated memory corresponds to the area of each column of address 0 to address 4 and address 255 in the memory map shown in FIG. 9, and the memory stored in the dedicated memory includes, for example, an issuing machine number and an updating machine. There are information on a number, a large-sized money adding machine number, a gaming machine number, a prize POS number, a card number, a security code, a temporary counter, an expiration date, and an encryption key.
In step S130, the security check command, the stored security code (encrypted), and the card number are transmitted to the terminal device. Next, in step S132, the read response command and the previously set transmission data are transmitted to the terminal device. At this time, since the transmission data is encrypted, it is transmitted as it is.
[0086]
Here, even if the information is encrypted between the card and the terminal device, mutual authentication is performed each time the information is transferred. For example, when an event occurs and information needs to be read from the card, mutual authentication processing is performed each time.
This will be described with reference to FIG. 21. As shown in FIG. 21, a terminal check command and a terminal device identification number (encrypted) are sent from the terminal device (card issuing machine 23) to the card (that is, the IC card 200). Information), a read command (a command for requesting reading of information), and a parameter (which specifies information of the read request) encrypted with a predetermined algorithm using an encryption key. The terminal device identification number is individual identification information, such as a card issuing machine identification number.
[0087]
When the card receives the terminal check command transmitted from the terminal device, the card performs processing for checking the terminal device based on the received terminal check command. That is, the card obtains the terminal device identification number by decrypting information (encrypted terminal device identification number) with a predetermined algorithm using the encryption key based on the terminal check command received from the terminal device. The decrypted terminal device identification number (that is, the terminal device recognition number transmitted from the terminal device and decrypted) is compared with the decrypted terminal device recognition number stored in advance in the card and checked. However, since the terminal device identification number previously stored in the card is encrypted at this time, the terminal device identification number previously stored in the card is first determined using the encryption key before the check. And the decrypted terminal device identification number (that is, the terminal device recognition number held in the card) is acquired. Then, the terminal device identification number transmitted from the terminal device and decrypted is compared with the decrypted terminal device identification number held in the card and checked (Terminal device identification numberInformation corresponding to the parameter specifying the read response command and the read request information based on the previously received read command as OK (determined as a valid terminal device). A security check command (encrypted), a security code (encrypted information) and a card number (encrypted information) stored in advance are transmitted to the terminal device.
[0088]
The terminal device receives the security check command transmitted from the card, and based on the received security check command, obtains the security code by decrypting the security code (encrypted information) with a predetermined algorithm using the encryption key To do. Next, the decrypted security code and the security code stored in the terminal device are compared and checked (card confirmation processing is performed). If they match (if it is a legitimate security code), OK (valid) Mutual authentication is completed. Next, the information received from the card is similarly decrypted and used. In decryption, processing is performed using a predetermined algorithm using an encryption key. For example, decryption is performed using an algorithm that performs exclusive OR operation between the encryption key received and stored from the terminal device and the encrypted information received from the card.
[0089]
In this way, even if the information is encrypted between the card and the terminal device (here, the card issuing machine 23), mutual authentication is performed each time the information is transferred, and the mutual authentication result is OK ( After confirming that the card and the terminal device are legitimate), the card data is used. Therefore, for example, when an event occurs and information needs to be read from the card issuing machine 23, mutual authentication processing is performed each time, and the safety of the card information is further improved. When an event occurs and information is written to the card, mutual authentication is performed in the same manner. After confirming that the mutual authentication result is OK (the card and the terminal device are valid), the data is written to the card.
After step S132, the process returns to step S100 and is repeated.
[0090]
If it is not a read command in step S122, the process proceeds to step S134 to determine whether it is a write command. If it is not a write command, the process returns to step S116 to repeat the loop. If it is a write command, it is determined in step S136 whether information has been written to the non-access area. This is because information that can be written to the card is defined for each terminal device (see the access right status in FIG. 10).
(C) When writing information to a non-access area
If the information is to be written to the non-access area, the process branches to step S126, a parameter error command is transmitted to the terminal device, and the process returns to step S100. Therefore, information cannot be written on the card at this time, and the process returns to step S100 and the process is repeated.
[0091]
(D) When writing information to an area (accessible area) that is not a non-access area
If the information is not written in the non-access area in step S136, the process proceeds to step S138 to determine whether or not the information is written in the dedicated data area.
(D-1) When not writing to the dedicated data area (writing outside the dedicated data area)
If not writing to the dedicated data area, the process proceeds to step S140, where the received data (encrypted) is stored in the memory, and in step S142, the received data is decrypted with a predetermined algorithm using the encryption key. For example, decryption is performed using an algorithm that performs the exclusive OR operation between the information stored in the scramble key area and the encrypted received data.
[0092]
Next, each restriction information is checked in steps S144 to S148. That is, it is determined whether or not the ball lending amount exceeds a maximum value (for example, 20,000 yen) in step S144, and whether or not the stored amount of money exceeds a maximum value (for example, 20,000 yen) in step S146. In step S148, it is determined whether or not the number of possessed balls exceeds a maximum value (for example, 99999). If the determination result of any restriction information is NG, the process branches to step S126, and a parameter error command is transmitted to the terminal device, and the process returns to step S100. Therefore, at this time, the received data cannot be written to the card, and the process returns to step S100 to repeat the process.
[0093]
If the determination results of all the restriction information are OK, the process proceeds to step S150, and the current operating address pointer is counted up by “1”. This is because the reception data is newly written this time, so that the data writing area is advanced. Next, in step S152, it is determined whether or not the operating address pointer exceeds a predetermined value (for example, the maximum value of the address information storage area). If the operating address pointer does not exceed the predetermined value, the process jumps to step S158.
On the other hand, when the operating address pointer exceeds the predetermined value, the process proceeds to step S154 to set the initial address pointer in the operating address pointer. This is because the maximum value of the address information storage area has been exceeded, so that it is returned to the first storage area again. In step S156, the operation rotation counter is incremented by “1”. Since the operation rotation counter is counted up every time the operation address pointer circulates the range from the address 5 to the address 154 once, when it is counted up, it returns to the original address 5 again, and the ball loan information, The information on the number of possessed balls, the stored ball information, the date of use, the card status, the balance of payment, the store number, the store name, and the unit number are stored in the address 5 area.
[0094]
In step S158, the encrypted information stored in the memory (see step S140) is written in the area specified by the updated operating address pointer. In step S160, it is determined whether the verification is normal. This is a write check (verify check) as to whether or not the information written in step S158 has been written normally.
If the verification is abnormal, the process branches to step S162, and the temporary counter is incremented by “1”. In step S164, it is determined whether or not the temporary counter is “3” or more. If the temporary counter is less than “3”, the process returns to step S158 to repeat the same loop. As a result, another attempt is made to write information. If the information is normally written, the process proceeds to step S166.
[0095]
However, if the information is not normally written even after multiple attempts to write the information, that is, if the temporary counter becomes “3” or more in step S164, the process proceeds to step S165 and a write error command is transmitted to the terminal device. Return to step S100. As a result, the terminal device recognizes that the card operation is impossible, while the card disables the operation itself. Then, it returns to step S100. Therefore, the processing from step S100 is repeated. However, if the writing is tried several times and the temporary counter reaches “5” or more, the process branches to YES in step S112 and the card is transmitted.Error commandIs transmitted to the terminal device. Then, the terminal device recognizes that the card operation is impossible, while the card disables the operation itself.
[0096]
When the information is normally written, the process proceeds to step S166, and the security check command, the stored security code (encrypted) and the card number are transmitted to the terminal device (card issuing machine 23). Next, a write response is transmitted to the terminal device in step S168. In this way, mutual authentication is performed each time information is transferred between the card and the terminal device. That is, in this case, when information is written to the card, if the verify check is normal, a mutual authentication process is performed and a write response (notifying completion of normal writing) is transmitted to the terminal device.
Next, display calculation processing is performed in step S170. This converts the memory contents (hexadecimal data) of the latest operating address pointer into display data (decimal data or character data) (details will be described later in a subroutine). After step S170, the process returns to step S100 and is repeated.
[0097]
(D-2) When writing to the dedicated data area
If it is writing to the dedicated data area in step S138, the process branches to step S172 and the received data is written to the memory of the designated dedicated address. Examples of data that can be written to the dedicated data area (that is, those stored in the dedicated memory) include, for example, an issuing machine number, an updating machine number, a large-capacity additional machine number, a gaming machine number, a premium POS number, a card number, a security code, There are information such as counters and expiration dates.
Next, in step S174, it is determined whether or not the verification is normal. This is a write check (verify check) as to whether or not the information written in step S172 has been written normally.
[0098]
If the verification is abnormal, the process branches to step S176, and the temporary counter is incremented by “1”. In step S178, it is determined whether or not the temporary counter is “3” or more. If the temporary counter is less than “3”, the process returns to step S172 to repeat the same loop. As a result, another attempt is made to write information. If the information is normally written, the verification becomes normal and the process proceeds to step S182. However, if the information is not normally written even after multiple attempts to write the information, that is, if the temporary counter becomes “3” or more in step S178, the process proceeds to step S180 and a write error command is transmitted to the terminal device. Return to step S100. As a result, the terminal device recognizes that the card operation is impossible, while the card disables the operation itself.
[0099]
If the information is normally written, the verification is normal and the process proceeds to step S182, and the security check command, the stored security code (encrypted) and the card number are stored in the terminal device (card issuing machine 23). Send. Next, a write response is transmitted to the terminal device in step S184.
In this way, even when writing to the dedicated data area between the card and the terminal device, mutual authentication is performed each time the information is transferred. That is, in this case, when information is written in the dedicated data area of the card, if the verification check is normal, a mutual authentication process is performed and a write response (notifying the end of normal writing) is transmitted to the terminal device.
After step S184, the process returns to step S100 and the process is repeated.
[0100]
C. Display calculation processing subroutine
FIG. 17 is a flowchart showing a subroutine of display calculation processing in card issuing machine processing. When this subroutine starts, the display address pointer is incremented by "1" in step S200. This is because the reception data is newly written this time, so that the display data area for displaying the data is advanced. In addition, the display address pointer is ball lending information (display), number of possession information (display), storage ball information (display), today's balance (display), unit number (display), store name (display), expiration date (display) The address for storing each information is designated, and is counted up every time there is an access in the range from address 156 to address 252 to designate the next address.
Next, in step S202, it is determined whether or not the display address pointer exceeds a predetermined value (for example, the maximum value of the address information storage area). If the display address pointer does not exceed the predetermined value, the process jumps to step S206.
[0101]
On the other hand, when the display address pointer exceeds the predetermined value, the process proceeds to step S204 to set the display address pointer to the initial address pointer. This is because the maximum value of the address information storage area has been exceeded, so that it is returned to the first storage area again. Next, in step S206, the contents of the current operating address pointer are read. That is, information in the area specified by the current operating address pointer (ball lending information, number of possession information, accumulated ball information, date of use, card status, balance of payment, store number, store name, or unit number) Is read. In step S208, the memory contents (information) and the expiration date data in the area specified by the operating address pointer are decrypted using the encryption key. At this time, the memory contents (information) and the expiration date data are hexadecimal data, and are decoded with the hexadecimal data as it is. In the decryption, for example, the decryption is performed using an algorithm that performs an exclusive OR operation between information stored in the scramble key area and each encrypted data.
[0102]
Next, each data (hexadecimal data) decoded in step S210 is converted into decimal data or character data. Next, the data converted into the decimal number or character data in step S212 is written into the memory designated by the updated display address pointer. After step S212, the process returns to the card issuing machine process.
Thus, when power is supplied from the terminal device (card issuing machine 23) to the IC card 200, display calculation is performed (that is, hexadecimal data is converted into decimal data or character data), and display is performed. The data is stored in a memory (storage area). This is because sufficient power cannot be taken during operation by the solar cell 209, so the clock is lowered to reduce power consumption. Therefore, sufficient power is supplied so that the display can be switched quickly when switching display information. It is calculated and recorded when there is a supply and the operation clock is fast.
Accordingly, when stored (when the solar cell 209 is driven), information stored in the display data memory is searched, and the display information stored in the address is read out and displayed on the LCD 212. At this time, the search information has already been converted into decimal data or character data, and can be simply read from the memory. Therefore, necessary data can be quickly displayed while suppressing power consumption of the IC card 200.
[0103]
D. Card company processing subroutine
FIG. 18 is a flowchart showing a card company processing subroutine. This subroutine is similar in content to the card issuer processing in terms of contents, but since it is used by the card company 2, there is no restriction on writing to and reading from the memory area of the card, and mutual authentication Also not done.
When this subroutine starts, it is determined in step S300 whether there is a password check command. The password is stored in advance in a program in the ROM 214 of the IC card 200, and is stored in the program at the time of delivery from the card company 2, for example. The password check command is transmitted from the terminal device of the card company 2 to the card. If the password check command has not been transmitted, the process branches to step S302 to determine whether there is a card company flag. If there is a card company flag, the process returns to step S300 and the process is repeated. If there is no card company flag, the current routine is terminated and the process returns to the main program.
[0104]
On the other hand, if the password check command has been transmitted from the terminal device of the card company 2, the process proceeds to step S304 and the card company flag is set. In step S306, the password received from the card is checked. In step S308, it is determined whether the password check result is normal. If the password check result is abnormal, the process returns to step S300 and the process is repeated. The case where the password check result is abnormal is, for example, a case where the card has been stolen (stolen in the manufacturing stage) before being delivered to the hall from the card company 2.
[0105]
If the password check in step S308 is normal, the process proceeds to step S310 to determine whether or not there is a read command. If there is a read command, the process branches to step S312 to store the designated data (read request information) in the memory. Is obtained and set as transmission data. When accessing from the card company 2, as can be seen from the access right situation in FIG. 10, all information can be read and there is no non-access area. Also, mutual authentication is not performed. In step S314, the read response command and the previously set transmission data are transmitted to the terminal device (card company 2). At this time, since the transmission data is encrypted, it is transmitted as it is. After step S314, the process returns to step S300 and is repeated.
[0106]
If there is no read command in step S310, the process proceeds to step S316 to determine whether there is a write command. If there is no write command, the process returns to step S310 to repeat the process. If there is a write command, the process advances to step S318 to write the received data to the designated memory. In the case of the card company 2, there is no distinction as a dedicated data area, and data can be written anywhere.
Here, when a card is delivered from the card company 2 to the hall, predetermined initial information is written to the card (written to the EEPROM 216). The initial information includes, for example, an encrypted security code, an encrypted card number, an encrypted temporary card issuer number, and an encryption key. In this case, the encryption of the security code and the card number and the encryption of the temporary card issuer number may be encrypted with different encryption keys. Thus, if the encryption of the security code and the card number is made different from the encryption of the temporary card issuer number, the security can be further improved by separating the encryption keys of the two.
[0107]
Next, in step S320, a write check (verify check) is performed to determine whether the verify is normal, that is, whether the information written in step S318 is normally written. If the verification is abnormal, the process branches to step S322, a write error command is transmitted to the terminal device (card company 2), and the process returns to step S300. Thereby, the terminal device recognizes that the data writing operation is impossible. However, the card company 2 can try to write data any number of times.
When the received data is normally written, the verification is normal and the process proceeds to step S324, the write response is transmitted to the terminal device, and the process returns to step S300 to repeat the process.
[0108]
E. Management device processing subroutine
FIG. 19 is a flowchart showing a subroutine of management apparatus processing. When this subroutine starts, it is determined whether or not there is a check command from the management apparatus 11 in step S400. If no check command is transmitted, the process branches to step S402 to determine whether or not there is a management apparatus flag. . If there is a management device flag, the process returns to step S400 to repeat the process. If there is no management device flag, the current routine is terminated and the process returns to the main program.
On the other hand, if the check command has been transmitted from the management apparatus 11, the process proceeds to step S404 and the management apparatus flag is set. Next, in step S406, the management apparatus number received from the management apparatus 11 (the identification number of the management apparatus 11) and the management apparatus number stored in the card are decrypted with a predetermined algorithm using an encryption key and compared. . The predetermined algorithm is, for example, an algorithm that decrypts the exclusive OR of the information stored in the scramble key area and the encrypted management device number received from the management device 11.
[0109]
In step S408, it is determined whether the received management device number and the management device number stored in the card are decrypted with a predetermined algorithm using an encryption key and compared, and the result is normal. If the comparison result is abnormal, the process returns to step S4000 to repeat the process. Therefore, at this time, the card becomes unresponsive.
On the other hand, when the comparison result in step S408 is normal, the card recognizes the management apparatus 11. Next, the process proceeds to step S410 to determine whether the command is an undefined command. An undefined command is a command that is not defined between the card and the management apparatus 11. If there is an undefined command, an abnormality, card tampering, failure, or the like can be considered. Therefore, if there is an undefined command in step S410, the process returns to step S400. At this time, the card becomes unresponsive.
[0110]
If there is no undefined command in step S410, the process proceeds to step S412 to determine whether there is a security request command (transmitted) from the card reader / writer of the management apparatus 11. If there is a security request command, the process branches to step S414, and the security check command, the stored security code (encrypted) and card number (serial number) are transmitted to the terminal device (in this case, the management device 11). As a result, the terminal device checks the security code and recognizes the card. After step S414, the process returns to step S400 to repeat the loop.
[0111]
In this way, mutual authentication is performed between the card and the terminal device (management device 11). The above mutual authentication process will be described with reference to FIG. 20. A terminal check command, a terminal device identification number, and a security data request command are transmitted from the management device 11 to the card. In this case, the terminal device identification number is individual identification information and is a management device identification number. The card performs processing for checking the management apparatus 11 based on the terminal check command transmitted from the management apparatus 11. That is, when the card receives the terminal device identification number from the management device 11, the card compares and checks with the terminal device identification number stored in advance in the card (performs the terminal device identification number confirmation process), and the card matches. If it is OK (determined that the management apparatus 11 is legitimate), a security check command, previously stored security data, and a card number are transmitted to the management apparatus 11 based on the previously received security request command.
Based on the security check command transmitted from the card, the management device 11 compares and checks the received security data and the security data stored in the management device 11 (performs card confirmation processing), and if they match. If it is valid security data, the mutual authentication is completed as OK (determined that the card is valid).
[0112]
In step S416, it is determined whether or not there is a read command. If there is no read command, the process returns to step S410 to repeat the loop. If there is a read command, the process proceeds to step S418. In addition, in the access from the management apparatus 11, unlike the other terminal device in a game store, there is no division of a non-access area | region and an accessible area | region, and it can access all the areas. In step S418, the designated data (read request information) is acquired from the memory of the current operating address pointer or the dedicated memory and set as transmission data.
[0113]
Here, the memory of the working address pointer corresponds to the area of each column of addresses 5 to 154 in the memory map shown in FIG. , Information on the number of possessions, information on accumulated money, date of use, card status, balance of payment, store number, store name, and unit number. On the other hand, the dedicated memory corresponds to the area of each column of address 0 to address 4 and address 255 in the memory map shown in FIG. 9, and the memory stored in the dedicated memory includes, for example, an issuing machine number and an updating machine. There are information on a number, a large-sized money adding machine number, a gaming machine number, a prize POS number, a card number, a security code, a temporary counter, an expiration date, and an encryption key.
[0114]
In step S420, the security check command, the stored security code (encrypted), and the card number are transmitted to the management apparatus 11. Next, in step S422, the read response command and the previously set transmission data are transmitted to the management apparatus 11. At this time, since the transmission data is encrypted, it is transmitted as it is.
[0115]
Here, mutual authentication is performed each time information is transferred between the card and the management apparatus 11. For example, each time an event occurs and information needs to be read from the card, mutual authentication processing is performed (see FIG. 21). Therefore, for example, when an event occurs and information needs to be read from the card, mutual authentication processing is performed each time, and the security of the card information is further enhanced. When an event occurs and information is written to the card, mutual authentication is performed in the same manner, and after confirming that the mutual authentication result is OK (the card and the management device 11 are valid), data is written to the card. After step S422, the process returns to step S400 to repeat the process.
In this way, the clerk accesses the card that has become a dead card from the management device 11, and the card contents (for example, ball lending information, number of possession information, storage ball information, date of use, card status, today's balance, store By confirming the information of the number, the store name, and the machine number, it becomes possible to reissue the card and take relief measures.
[0116]
As described above, in this embodiment, the IC card 200 is inserted into the terminal device, and game-related information (for example, ball lending information, number-of-balls information, stored-ball information, date of use, etc.) recorded in the EEPROM 216 of the card. , Card status, balance of payment, store number, store name, machine number), the information sent at the time of writing is compared with the written information. If there is a mismatch, the temporary counter is “1”. In addition, the terminal identification number transmitted from the attached terminal device is checked, and in the case of a mismatch, the temporary counter is similarly incremented by “1” and counted as the number of occurrences of the malfunction. When the temporary counter reaches a predetermined value (for example, “5”) or more, the card operation is disabled (that is, the card becomes a dead card).
Therefore, when it is determined that the authentication of the terminal device into which the IC card has been inserted is false as in the conventional case, the IC card cannot be inserted any number of times, and the terminal device authentication cannot be continuously challenged. . As a result, the possibility of falsification and unauthorized use of the IC card 200 can be extremely reduced, and the security level of the IC card 200 can be significantly increased.
[0117]
In addition, when the card operation is disabled (dead card), the card information can be confirmed by the card company 2, and the card is reissued to a legitimate player according to the confirmation result. You can take action that will not be a disadvantage. On the other hand, when it is determined that the card information has been tampered with, the subsequent measures can be taken by confiscating the card. Therefore, the player can be rescued even if the operation of the card is disabled.
Similarly, a dead card can be remedied at the game store 1 as well, and a clerk inserts a dead card into the management device 11 of the game store 1 to check the card information. In response to this, it is possible to take measures that will not be disadvantageous, such as card reissue. On the other hand, when it is determined that the card information has been tampered with, the subsequent measures can be taken by confiscating the card. Therefore, even in the game store 1, the player can be rescued even if the card operation is disabled.
[0118]
When there is an error in writing information to the IC card 200, etc., the terminal device has been configured so that the terminal device can simply try to write again by simply ejecting the card. There was a problem that the IC card would be held continuously, but in this embodiment, when a staff member inserts a dead card into the management device 11 to check the card information, it is confirmed that the card is valid. By reissuing the card, it is possible to always provide the player with the IC card 200 having a certain normal function. This is a case where, for example, the function of the IC card 200 is poor, and the player has made a dead card forcefully.
[0119]
Although the IC card 200 is generally highly secure, it is still possible to tamper with information when a command, communication protocol, or encryption process is decrypted by a third party. Even if the identification number is incorrect, the operation of the IC card is not disabled, and the same terminal device can be accessed again and again next time, but in this embodiment, if the identification number of the terminal device is incorrect a predetermined number of times, Since the IC card 200 becomes inoperable, falsification of the IC card 200 can be prevented.
When the temporary counter reaches “5” or more, “cumulative abnormality” is displayed on the LCD 212, so that it is possible to accurately notify the player that the card cannot be operated. For example, in such a case, at this time, the player shows the card to the clerk, leaves the card handling decision to the clerk, and after discussion, if the player is valid, the card is reissued (the card information is new) Can be transferred to a valid card and issued).
[0120]
Next, the present invention encrypts the terminal device identification number, the security code, etc. as shown in FIGS. 20 and 21 shown in the above embodiment and stores them in the card.DecryptionThus, the method is not limited to the comparison check. For example, the present invention can be applied to a device in which a terminal device identification number, a security code, and the like are stored in a card as raw data without being encrypted, and mutual authentication is performed by reading out the data. In this case, game-related information in the card is stored as raw data without being encrypted, and when information is transmitted from the card (for example, transmitted to a terminal device), the information stored in the card is used as it is. Transmission (however, mutual authentication processing is performed at the time of data transfer) Hereinafter, such an embodiment will be described with reference to FIGS.
[0121]
A. Procedure for mutual authentication between card and terminal device
The process of performing mutual authentication between the card and the terminal device will be described with reference to FIG. 22. From the terminal device (for example, the card issuing machine 23) to the card (that is, the IC card 200), the terminalCheck commandThe terminal device identification number and the security data request command are transmitted. In this case, the terminal device identification number is individual identification information, such as a temporary card issuing machine identification number. The card performs processing for checking the terminal device based on the terminal check command transmitted from the terminal device. In other words, when the card receives the terminal device identification number from the terminal device, the card is checked against the terminal device recognition number stored in advance in the card (performs a terminal device identification number confirmation process). As OK (determined as a valid terminal device), a security check command, previously stored security data and a card number are transmitted to the terminal device based on the previously received security request command.
Based on the security check command transmitted from the card, the terminal device compares and checks the received security data and the security data stored in the terminal device (performs card confirmation processing), and if they match ( If it is regular security data), mutual authentication is completed as OK (determined that the card is valid).
[0122]
B. Procedure for mutual authentication for each event occurrence
Next, FIG. 23 is a diagram showing a procedure for performing mutual authentication each time unencrypted information is transferred between the card and the terminal device. As shown in FIG. 23, for example, when an event occurs and information (unencrypted information) needs to be read from the card, mutual authentication processing is performed each time.
First, a terminal check command, a terminal device identification number, and an A read command (a command for requesting reading of certain information: for example, A information) from a terminal device (for example, card issuing machine 23) to a card (that is, IC card 200) ) And parameters (specifying information of the read request). The terminal device identification number is individual identification information, such as a card issuing machine identification number.
[0123]
The card performs processing for checking the terminal device based on the terminal check command transmitted from the terminal device. In other words, when the card receives the terminal device identification number from the terminal device, the card is checked against the terminal device recognition number stored in advance in the card (performs a terminal device identification number confirmation process). As OK (determined as a legitimate terminal device), a read response command based on the previously received A read command, information corresponding to a parameter designating read request information (encryption), a security check command, and pre-stored The security code (security data) and the card number are transmitted to the terminal device.
[0124]
Based on the security check command transmitted from the card, the terminal device compares and checks the received security code and the security code stored in the terminal device (performs card confirmation processing), and if they match ( If it is a legitimate security code, mutual authentication is completed as OK (determined as a valid card). The information received from the card is then used.
In this way, each time unencrypted information is transferred between the card and the terminal device (for example, the card issuing machine 23), mutual authentication is performed, and the mutual authentication result is OK (the card and the terminal device are OK). Use the card data after confirming that it is legitimate. Therefore, for example, when an event occurs and information needs to be read from the card issuing machine 23, mutual authentication processing is performed each time, and the safety of the card information is further improved.
[0125]
When an event occurs and information is written to the card, mutual authentication is performed in the same manner. After confirming that the mutual authentication result is OK (the card and the terminal device are valid), the data is written to the card.
Therefore, as shown in FIGS. 21 and 22, information such as the terminal device identification number and security code is stored in the card as it is without being encrypted, and the data is read and mutual authentication is performed. However, the same effect as the above embodiment can be obtained. Further, in this case, there is an advantage that processing is facilitated as much as the information is not encrypted, and raw data can be directly handled when writing / reading information.
[0126]
Embodiments of the present invention are not limited to the above-described embodiments, and various modifications as described below are possible.
(A) Application to pachislot machines is possible.
(B) The present invention can be applied not only to a pachinko gaming machine but also to a video game machine, for example. That is, as long as a game is played using a card, it can be applied to other types of game machines.
(C) The value of the temporary counter for making the IC card a dead card is not limited to “5”, and may be other values according to the embodiment of the invention. Further, the count-up condition of the temporary counter for making a dead card is not limited to a mistake in the terminal device identification number and a write error, and other requirements may be set.
(D) The manner in which the IC card is relieved is free, and any form of redress may be taken within the scope of the present invention.
[0127]
【The invention's effect】
  According to the present invention, when a game information medium is inserted into a mounted terminal device and information is written, the information sent at the time of writing is compared with the written information.Count by adding 1 as the number of failuresIn addition, the terminal recognition information transmitted from the attached terminal device is checked,If it is determined to be false, immediately set the number of malfunctions to a predetermined value,When the number of mismatches reaches a predetermined value, the operation of the game information medium is disabled, and the following effects can be obtained.
(1) When authentication of a terminal device with an IC card inserted is determined to be false as in the past, it is no longer possible to insert an IC card as many times as possible, and authentication of the terminal device can be continuously challenged. Disappear. As a result, the possibility of falsification and unauthorized use of the game information medium can be extremely reduced, and the security level of the game information medium can be significantly increased.
(2)Although game information media are generally highly secure, information can be altered when a command, communication protocol, or encryption process is decrypted by a third party. Even if the identification number is wrong, the operation of the game information medium is not disabled, and the same terminal device can be accessed any number of times next time. However, in the present invention, if the identification number of the terminal device is wrong a predetermined number of times, ,right awaySince the game information medium becomes inoperable, it is possible to prevent the game information medium from being falsified.
(3)In addition, when the operation of the game information medium is disabled, the information content of the game information medium can be confirmed by the card company. Measures that do not cause disadvantages such as reissuance can be taken. On the other hand, if it is determined that the information content of the game information medium is falsified, the subsequent measures can be taken by confiscating the game information medium. Therefore, the player can be rescued even if the operation of the game information medium is disabled.it can.
[Brief description of the drawings]
FIG. 1 is a block diagram showing the overall configuration of an embodiment of a game hall facility using a game information medium of the present invention.
FIG. 2 is a diagram showing a management system for the game hall equipment of the embodiment.
FIG. 3 is a block diagram of the IC card of the embodiment.
FIG. 4 shows the card of the same embodiment.Reader / writerFIG.
FIG. 5 is an external perspective view of the front side of the IC card of the embodiment.
FIG. 6 is a diagram showing an internal configuration of the IC card according to the embodiment.
FIG. 7 is a view showing an assembly structure of the IC card according to the embodiment.
FIG. 8 is a diagram illustrating information stored in the IC card according to the embodiment.
FIG. 9 is a diagram showing a memory map of the IC card of the same embodiment.
FIG. 10 is a diagram showing the status of access rights of the IC card of the embodiment.
FIG. 11 is a flowchart showing an IC card control program according to the embodiment;
FIG. 12 is a flowchart showing an IC card control program according to the embodiment;
FIG. 13 is a flowchart showing an IC card control program according to the embodiment;
FIG. 14 is a flowchart showing a subroutine of card issuing machine processing according to the embodiment;
FIG. 15 is a flowchart showing a subroutine of card issuing machine processing according to the embodiment;
FIG. 16 is a flowchart showing a subroutine of card issuing machine processing according to the embodiment;
FIG. 17 is a flowchart showing a subroutine of display calculation processing according to the embodiment;
FIG. 18 is a flowchart showing a card company processing subroutine of the embodiment;
FIG. 19 is a flowchart showing a subroutine of management device processing in the embodiment;
FIG. 20 is a diagram for explaining mutual authentication processing according to the embodiment;
FIG. 21 is a diagram for explaining mutual authentication processing according to the embodiment;
FIG. 22 is a diagram illustrating a mutual authentication process according to another embodiment of the present invention.
FIG. 23 is a diagram for explaining mutual authentication processing according to another embodiment of the present invention.
[Explanation of symbols]
1 amusement store
2 Card management company
11 Card management device (management device)
14 Premium POS (Premium Exchange Device)
23 Card issuing machine (information medium issuing device)
24 Updater (information medium update device)
25 Large-scale money-adding machine (value-added equipment)
31, 31a-31n Game machine (enclosed ball game machine)
200 IC card (information medium)
201 Transceiver planar coil
216 EEPROM (game-related information recording means)
261 arithmetic control unit (defect counting means, inoperability disable means, inoperability transition report means, attached terminal device authentication means, defect determination means, information write / read enable means)
262 communication control unit

Claims (3)

Game-related information recording means capable of recording at least valuable information, game value information, information related to games such as security information , and recognition information of a plurality of terminal devices ;
Information writing / reading means for writing and reading game related information to and from the game related information recording means based on a command from the attached terminal device;
Write information comparison means for comparing the information sent at the time of writing information to the game related information recording means based on the command of the information writing / reading means and the written information;
A mounted terminal device authenticating means for comparing and comparing terminal device recognition information sent based on a command from the mounted terminal device and the terminal device recognition information stored in advance in the game related information recording unit;
A failure counting means for counting the number of occurrences of a failure when the comparison result by the writing information comparing means is inconsistent and when the comparison determination by the attached terminal device authentication means is determined to be false ;
An operation disabling unit for disabling at least the operation of the information writing / reading unit, except for a specific attached terminal device, when the counting result of the defect counting unit reaches a predetermined value ,
If the comparison result by the writing information comparison means does not match, 1 is added and counted as the number of trouble occurrences, and if the comparison judgment by the attached terminal apparatus authentication means is determined to be false, the number of trouble occurrences immediately Is set to a predetermined value which is determined in advance . The inoperable means is
2. The game information medium according to claim 1, further comprising inoperable transition reporting means for reporting to the mounted terminal device that the inoperable state is transited. The inoperable means is
3. The game information medium according to claim 1, further comprising inoperability notifying means for informing the player that it is inoperable.

Images