JP4976451B2 - Game machine, authentication method, program - Google Patents

Description

  The present invention relates to a gaming machine such as a pachinko machine.

  2. Description of the Related Art Conventionally, techniques for preventing fraud with respect to control boards mounted on various electronic devices have been proposed. The control board includes a main control board that controls the operation of the entire electronic device such as a pachinko game machine, and a controlled board (peripheral board) that operates each part of the electronic device. The main control board outputs a control signal including a control command to the peripheral board. The peripheral board performs an operation according to the control signal transmitted from the main control board.

  Examples of frauds with respect to the control board include a method of replacing a regular main control board with an unauthorized control board, or connecting an unauthorized control board between a regular main control board and a controlled board. In order to prevent such injustice, a technique has been proposed in which authentication data for authenticating the main control board is added to the control command, and the main control board is authenticated using the authentication data (for example, Patent Documents). 1).

  In Patent Document 1, as shown in FIG. 31, a main control unit 201 and a peripheral board that performs predetermined processing based on a control command transmitted by the main control unit 201 (effect control unit 202a, prize ball control unit 203d). In a pachinko machine equipped with That is, in the same figure, the adding unit 312 of the main control unit 201 controls the main control when the control command to be transmitted to the peripheral board is a miss command that causes the peripheral board to execute the process when the lottery result at the lottery is missed. Authentication data for authenticating the unit 201 is added to the control command. The transmission unit 314a transmits a control command to the peripheral board. The peripheral board receiving unit 321 receives the control command transmitted from the main control unit 201. The authentication unit 322 authenticates the main control unit 201 using the control command received by the reception unit 321.

  The control command storage unit 311 of the main control unit 201 stores control command data (control command data) to be transmitted to the peripheral board. A predetermined program code is recorded in the recording unit 313.

  The notification signal output unit 323 outputs a notification signal when the authentication unit 322 does not authenticate the main control unit. When the peripheral board has the effect control unit 202a, the notification signal output unit 323 outputs a notification signal to, for example, a symbol display unit (not shown) or a lamp control unit (not shown).

JP 2008-279042 A

  By the way, if the strength of security is increased and authentication of the main control unit 201 is attempted, the volume of authentication data increases. Increasing the authentication data capacity is not preferable because the processing load on the peripheral substrate increases. Therefore, in the conventional gaming machine, there is a design restriction when trying to increase the strength of security.

  The present invention provides a gaming machine, an authentication method, and a program that can determine whether or not a main control unit is valid without being restricted by design even when the strength of security is increased as compared with the prior art. For the purpose.

In order to solve the above problems and achieve the above object, the gaming machine of the present invention is a lottery means (for example, steps S312 and S314 in FIG. 12, steps S404 and S406 in FIG. The symbol display means (for example, corresponding to the symbol display unit 104 in FIG. 1) and the symbol change means (for example, corresponding to step S414 in FIG. 13) and the lottery result of the lottery means. Based on the special status generation means (for example, corresponding to steps S410, S412, and S424 in FIG. 13) that generates a special status after stopping the symbol in a predetermined manner, and a data processing device that performs data processing related to the game ( (For example, corresponding to the CPU 202 in FIG. 3) and an access control device that controls access by the data processing device. A machine,
The data processing device includes:
Data processing means (for example, corresponding to the CPU core 203 of FIG. 4);
Output means (for example, corresponding to IF212 in FIG. 4) that outputs information related to instructions executed by the data processing means to the outside;
The access control device
Storage means for storing data for performing the data processing (for example, corresponding to the registers 234 and 236 in FIG. 4);
Input means for inputting information related to the command from the output means (for example, corresponding to the input unit 231 in FIG. 4);
Access control means (for example, corresponding to the access control unit 238 in FIG. 4) for controlling access to the storage means by the data processing device based on information about the command input by the input means;
The main control unit outputs a jackpot reach command for designating a variation pattern for performing a reach effect among the variation patterns selected at the time of the jackpot, and authentication data for authenticating that it is valid,
Further, the output of the main control unit is used as an input to control the presentation based on the jackpot reach command or the pre-processing or post-processing of the presentation, and a peripheral part that outputs the authentication data, and a subsequent stage of the peripheral part And the main control unit is valid based on the authentication data output from the peripheral portion after the stage based on the jackpot reach command or the period during which the pre-processing or post-processing is executed. And an authentication unit for determining whether or not.

  According to such a configuration, the connected device authentication is performed by the CPU that is the data processing means and the access control device, and the authentication unit that determines whether or not the main control unit is valid separately from the peripheral unit. Therefore, it is possible to determine whether the main control unit is legitimate by reducing the burden on the peripheral portion and increasing the security strength as compared with the conventional case. Also, among the many control commands, the authentication data is added to the jackpot reach command for specifying the variation pattern for performing the reach effect among the variation patterns selected at the jackpot, and the authentication data may be wiretapped. Can be reduced.

  When the predetermined condition is established, the lottery means performs lottery with this as a trigger. Further, the symbol changing means displays the symbols in a variable manner by the symbol display means. Then, the special prize state is generated by the special prize state generating means after the symbol is stopped in a predetermined manner based on the lottery result of the lottery means. In the data processing device, the output unit outputs information related to an instruction executed by the data processing unit to the outside. In the access control device, information related to the command is input by the input unit, and the access control unit controls access to the storage unit by the data processing device based on the information related to the input command. This reduces the possibility that the data in the storage means will be illegally rewritten or read out.

  Here, as the information regarding the instruction, for example, (1) instruction code or instruction code string, (2) storage position information (for example, address) indicating the storage position of the instruction code or instruction code string, (3) instruction code or Execution result information indicating the execution result of the instruction code string (for example, the value of the flag register), or (4) secondary information obtained based on one or a plurality of pieces of information (for example, operation information obtained by operation or the like) ) Is included.

  As for “control” of access, for example, (1) when it is determined that an access permission condition is established based on information on an instruction or secondary information obtained based on the information, a part or all of the access is permitted. If it is determined that the access permission condition is not satisfied, the access restriction condition is satisfied based on information related to the instruction or secondary information obtained based on the information, or (2) restricting part or all of the access. When it is determined, part or all of the access is restricted, and when it is determined that the access restriction condition is not satisfied, permitting part or all of the access is included. As the access permission condition or the access restriction condition, for example, (1) information related to the instruction or secondary information obtained based on the information is within a predetermined value, content, or range, and (2) information related to the instruction or the information It is included that the secondary information obtained based on is not within a predetermined value, content or range. As for “restriction” of access, for example, (1) prohibiting a part or all of access, and (2) controlling so that an access result corresponding to the access request cannot be obtained (for example, access request Read or write data different from the related data).

Regarding the relationship between the instruction in the information related to the instruction and the access control, for example, (1) based on the information related to the instruction executed by the data processing means for accessing the storage means, the access related to the instruction (2) Based on the information related to the instruction executed by the data processing means, the access related to the instruction executed by the data processing means for accessing the storage means is controlled before or after the instruction. It is included. In the case of (2), the causal relationship is difficult to understand, and the possibility of fraudulent acts can be further reduced.
Further, the special prize state means an advantageous state in which a predetermined game value can be given to the player, and includes, for example, an opening operation of a special prize opening.

  In addition, as for the establishment of the predetermined condition, for a pachinko machine, for example, a game ball wins a start winning opening, and for a pachislot machine, for example, an operation lever that instructs a game start is operated. Is included.

  The storage means may include any means that can store data at any time, and may store predetermined data in advance, or may store the present data without storing the predetermined data in advance. Predetermined data may be stored by an external input or the like during operation of the gaming machine.

  In addition, when the access control unit determines that the access permission condition is satisfied based on the information related to the command input by the input unit, the access control unit determines that the access to the storage unit is permitted and the access permission condition is not satisfied. In such a case, access to the storage means may be restricted. With such a configuration, in the access control device, when it is determined by the access control means that the access permission condition is satisfied based on the information related to the input command, access to the storage means is permitted. On the other hand, if it is determined that the access permission condition is not satisfied based on the information related to the input command, access to the storage unit is restricted.

Further, the output means outputs an instruction code or an instruction code string executed by the data processing means, and the access permission condition is that the instruction code or instruction code string input by the input means is a predetermined code or code string. It may include being. With such a configuration, in the data processing apparatus, the output unit outputs an instruction code or an instruction code string executed by the data processing unit. In the access control device, an instruction code or an instruction code string is input by the input means, and when the access control means determines that the input instruction code or instruction code string is a predetermined code or code string, the storage means Access to is allowed. As a result, an illegally rewritten instruction code or instruction code string, or an instruction code or instruction code string whose contents have changed due to a bit error, is executed, so that the data in the storage means can be illegally rewritten or read. The possibility of doing is reduced.
The data processing device includes:
Further comprising instruction code storage means (for example, corresponding to the ROM 204 in FIG. 4) for storing instruction codes executed by the data processing means;
The output means outputs storage position information indicating a storage position in the instruction code storage means of an instruction code or an instruction code sequence executed by the data processing means;
The access permission condition may include that the storage position of the storage position information input by the input unit is a predetermined storage position.

  With such a configuration, in the data processing apparatus, the output means outputs storage position information indicating the storage position in the instruction code storage means of the instruction code or instruction code string executed by the data processing means. In the access control device, storage position information is input by the input means, and access to the storage means is permitted when the access control means determines that the storage position of the input storage position information is a predetermined storage position. Is done. As a result, the possibility that the data in the storage means is illegally rewritten or read out by executing the instruction code or the instruction code string stored in the illegal position is reduced.

Here, as the storage position of the instruction code string, for example, the storage position of the first instruction code in the instruction code string, the storage position of the predetermined instruction code in the instruction code string, the instruction code included in the instruction code string, Each storage location is included. In addition, the instruction code storage means includes a means capable of storing the instruction code at any time and at any time, and may store the instruction code in advance, or without storing the instruction code in advance, An instruction code may be stored by an external input or the like during operation of the gaming machine.
Furthermore, the data processing device comprises:
Instruction code storage means for storing an instruction code executed by the data processing means;
Arithmetic means (for example, corresponding to the check value calculation unit 218 in FIG. 21) that performs a predetermined operation using at least a part of the instruction code or instruction code string stored in the instruction code storage means;
The output means outputs a calculation result of the calculation means;
The access permission condition may include that the calculation result input by the input unit is a predetermined result. In such a configuration, in the data processing apparatus, the calculation means performs a predetermined calculation using at least a part of the instruction code or the instruction code string stored in the instruction code storage means, and the output means performs the calculation. The calculation result is output. In the access control device, the calculation result of the calculation means is input by the input means, and when the access control means determines that the input calculation result is a predetermined result, access to the storage means is permitted.

The data processing apparatus includes: an instruction code storage unit that stores an instruction code executed by the data processing unit; and an operation unit that performs a predetermined operation using a predetermined fixed value stored in the instruction code storage unit. For example, it corresponds to the check value calculation unit 218 in FIG. 21), and the output means outputs the calculation result of the calculation means,
The access permission condition may include that the calculation result input by the input unit is a predetermined result.

  With such a configuration, in the data processing apparatus, the calculation unit performs a predetermined calculation using a predetermined fixed value stored in the instruction code storage unit, and the output unit outputs the calculation result. . In the access control device, the calculation result of the calculation means is input by the input means, and when the access control means determines that the input calculation result is a predetermined result, access to the storage means is permitted.

  Further, the output means outputs execution result information indicating an execution result of an instruction code or an instruction code sequence executed by the data processing means, and the access permission condition is an execution result of the execution result information input by the input means. May be a predetermined result.

  With such a configuration, in the data processing apparatus, the output means outputs execution result information indicating the execution result of the instruction code or the instruction code string executed by the data processing means. In the access control device, when the execution result information is input by the input unit, and the access control unit determines that the execution result of the input execution result information is a predetermined result, access to the storage unit is permitted. The As a result, an illegally rewritten instruction code or instruction code string, or an instruction code or instruction code string whose contents have changed due to a bit error, is executed, so that the data in the storage means can be illegally rewritten or read. The possibility of doing is reduced.

  The access control means may control access to a specific address space in the storage means. With such a configuration, in the access control device, access to a specific address space in the storage means is controlled by the access control means. Thereby, by controlling access to the address space in which important information such as confidential information is stored in the storage means, the possibility that the important information is illegally rewritten or read is reduced.

  Furthermore, a control status notifying unit that notifies the status of access control by the access control unit may be further provided. With such a configuration, the status of access control by the access control means is notified by the control status notification means.

  Here, the control status notification means may be notified by a method capable of recognizing the notification target, and when the notification target is a person, for example, display, sound output, vibration, or other methods perceivable by the five senses. Can do. When the notification target is a computer or the like, signal output, data transmission, or other methods that can be recognized by the computer or the like can be performed.

  Further, when it is determined that the main control unit is not valid, the peripheral unit may notify the fact. This makes it easier for employees and players of pachinko halls to recognize the state.

  The authentication unit may determine whether the main control unit is valid after the presentation based on the jackpot reach command or a period during which the pre-processing or post-processing is executed. Even if the capacity of the authentication data is large by determining whether the main control unit is legitimate after the period based on the jackpot reach command or the period in which pre-processing or post-processing is executed, Can perform the authentication operation independently. Therefore, it is possible to determine whether or not the main control unit is legitimate by increasing the strength of security compared to the conventional case.

  You may provide the single path | route used for signal transmission / reception with the said peripheral part and the said authentication part. Even when the authentication data is exchanged through a single route, it is possible to determine whether the main control unit is valid by increasing the strength of security compared to the conventional case.

  Two paths used for signal exchange between the peripheral part and the authentication part are provided, the peripheral part outputs the authentication data to the authentication part by one of the paths, and the authentication part On the other hand, the result of determination as to whether the main control unit is valid may be output to the peripheral unit. Even when authentication data is exchanged through two routes, it is possible to determine whether or not the main control unit is legitimate by increasing the strength of security compared to the conventional case.

The authentication method of the present invention is applied to the gaming machine described above, and is used to authenticate that the jackpot reach command for specifying the variation pattern for performing the reach effect among the variation patterns selected at the time of the jackpot, and that it is valid. Authentication for authenticating the main control unit in a gaming machine comprising: a main control unit that outputs authentication data; and a peripheral unit that controls execution of the effect or the pre-processing or post-processing based on the jackpot reach command A method,
A connected device authentication step for authenticating a device connected to the data processing means;
An acquisition step in which the authentication unit acquires the authentication data via the peripheral unit;
Using the authentication data acquired in the acquisition step, the peripheral unit determines whether the main control unit is valid after the stage based on the jackpot reach command or the period in which the pre-processing or post-processing is executed. And an authentication step that is determined by the authentication unit provided in the subsequent stage . In addition to authenticating connected devices by the CPU and access control device as data processing means, the main control unit is authenticated using authentication data acquired via the peripheral part, so the burden on the peripheral part is reduced and security is reduced. It is possible to determine whether or not the main control unit is valid by increasing the strength compared to the conventional one.

  When it is determined in the authentication step that the main control unit is not valid, it may further include a notification signal output step of outputting a signal for notifying the authentication result. This makes it easier for employees and players of pachinko halls to recognize the state.

  In the authentication step, it may be determined whether or not the main control unit is valid after the presentation based on the jackpot reach command or the period during which the pre-processing or post-processing is executed. Even if the capacity of the authentication data is large by determining whether the main control unit is legitimate after the period based on the jackpot reach command or the period in which pre-processing or post-processing is executed, Can perform the authentication operation independently. Therefore, it is possible to determine whether or not the main control unit is legitimate by increasing the strength of security compared to the conventional case.

  A program according to the present invention causes a computer to execute each step of the authentication method. In addition to authenticating connected devices by the CPU and access control device as data processing means, the main control unit is authenticated using authentication data acquired via the peripheral part, so the burden on the peripheral part is reduced and security is reduced. It is possible to determine whether or not the main control unit is valid by increasing the strength compared to the conventional one. Further, by outputting a signal for informing the authentication result, it becomes easier for employees and players of the pachinko hall to recognize the state.

  According to the present invention, since the connected device authentication is performed by the CPU as the data processing means and the access control device, and authentication is performed in the authentication unit provided separately from the peripheral unit, the capacity of the authentication data is increased and the security is increased. Even if the strength is increased as compared with the conventional case, the processing load on the peripheral portion does not increase, and it is possible to determine whether or not the main control unit is valid without being restricted in design.

It is a figure which shows the structural example of the game board of the game machine by this Embodiment. It is a figure which shows the structural example of the gaming machine by this Embodiment. It is a block diagram which shows the structure of a main control part. It is a block diagram which shows the more detailed structure of a main control part. It is a block diagram which shows the structure of a CPU core and an access control apparatus. It is a flowchart which shows an access control process. It is the figure which showed typically the memory structure of ROM. It is a figure which shows the data structure of a control command. It is a flowchart which shows a game control process. It is a flowchart which shows operation | movement of the CPU core and access control apparatus accompanying execution of a connection apparatus authentication process. It is a flowchart which shows a control command transmission process. It is a flowchart which shows a winning determination process. It is a flowchart which shows a jackpot determination process. It is a flowchart which shows an electric accessory control process. It is a flowchart which shows production control processing. It is a flowchart which shows a control command reception process. It is a flowchart which shows a fluctuation pattern command process. It is a flowchart which shows a jackpot command process. It is explanatory drawing which shows the outline | summary of the access control which an access control part performs. It is explanatory drawing which shows the outline | summary of the access control which an access control part performs. It is a block diagram which shows the structure of a main control part. It is a flowchart which shows a check value calculation process. It is a flowchart which shows an access control process. It is a figure which shows the sequence of the authentication operation | movement of a pachinko machine based on a jackpot reach command. It is a figure which shows the sequence of operation | movement of the pachinko machine based on control commands other than jackpot reach command. It is a 1st figure which shows the timing at which the production | presentation based on jackpot reach command, or the pre-processing or post-processing is performed, and the timing at which an authentication process is performed. It is a 2nd figure which shows the timing when the production | presentation based on jackpot reach command, or the pre-processing or post-processing is performed, and the timing at which an authentication process is performed. It is a figure which shows the other structural example of the gaming machine by this Embodiment. It is a figure which shows the structure which added the alerting | reporting part to the structure of FIG. It is a figure which shows the structure which added the alerting | reporting part to the structure of FIG. It is a block diagram of the conventional game machine.

EMBODIMENT OF THE INVENTION Below, the form for implementing this invention is demonstrated with reference to drawings. Here, a case where the gaming machine, the authentication method, and the program according to the present invention are applied to a pachinko machine will be described.
[Composition of game board]
First, the configuration of the game board 1 in the pachinko machine will be described.
FIG. 1 is a front view of the game board 1.

  In FIG. 1, two rails 102 a and 102 b are provided on the left side of the game board 1 so as to draw an arc and extend upward. The game area 101 is provided with a plurality of nails (not shown) for making the trajectory of the game ball fall irregularly, and a windmill or a prize opening for changing the fall direction of the game ball is provided in the middle of the fall. It has been. The game ball is fired by a launching unit (not shown) disposed at a lower position of the game board 1 and rises between the rails 102a and 102b to reach the upper position of the game board 1, and then falls within the game area 101. To do.

  In the center of the game board 1, there is provided a symbol display unit 104 that displays the effect symbols in three regions while independently varying the effect symbols. The symbol display unit 104 is, for example, a variable display device such as a liquid crystal display (LCD (Liquid Crystal Display)) or a CRT (Cathode Ray Tube) display, a 7-segment LED, a dot matrix display device, a drum that variably displays by rotating a motor. Etc., and the effect symbols composed of a plurality of numbers, symbols, etc. are variably displayed.

  Below the symbol display unit 104 is provided a start winning opening 105 through which a game ball can be won. A winning gate 106 is provided on each of the left and right sides of the symbol display unit 104. When the game ball passes through the winning gate 106, a predetermined lottery is performed, and when the winning ball is won, the start winning opening 105 is opened for a predetermined time.

  A normal winning opening 107 is provided on each of the left and right sides of the start winning opening 105. When a game ball wins the normal winning opening 107, a predetermined number (for example, 10) of game balls is paid out as a prize ball for each game ball.

Below the start winning opening 105, it is normally closed, but when the design symbol on the symbol display unit 104 becomes a jackpot symbol (for example, “777”), the game ball can be won in an open state. A special winning opening 109 is provided. When the jackpot lottery results in a “hit” (hereinafter simply referred to as “hit”), the opening and closing members installed on the entire surface of the big winning opening 109 repeat the opening and closing operation. While the open / close member is open, a large number of game balls are received. When a game ball wins the big winning opening 109, a predetermined number (for example, 10) of game balls is paid out as a prize ball for each game ball. The opening of the special winning opening 109 continues until a predetermined time (for example, 30 seconds) elapses or a predetermined number (for example, 10) of game balls wins. One opening period of the big prize opening 109 is called a round, and the round continues a maximum of a predetermined number of times (hereinafter referred to as the maximum number of rounds).
At the lowermost part of the game area 101, a collection port 108 is provided for collecting game balls that have not won any prize opening.
[Overall configuration of gaming machine]

  FIG. 2 is a block diagram showing the overall configuration of the gaming machine of the present embodiment. As shown in FIG. 2, the gaming machine has a game board 1, a main control board 2, and a peripheral board 3. The main control board 2 and the peripheral board 3 constitute a gaming machine control device 100.

  The main control board 2 is a board having a main control unit 2a. The main control unit 2a includes a control command for controlling an effect relating to the game executed by the game board 1 or pre-processing or post-processing of the effect, and authentication data for authenticating the main control unit 2a. Is a means for outputting.

  Here, “production” is, for example, a jackpot production by lottery. “Pre-production of the effect” is, for example, a process of setting a value for changing the symbol in the register when the symbol displayed by the symbol display unit is changed. However, the main control unit 2a may not output control data but may output a control command and authentication data to the peripheral unit 3a. For example, when the contents of the control are clear, such as when the power of the pachinko machine is going to be turned on, the control data is not output. In this case, the power of the pachinko machine is turned on as preprocessing for the effect. Note that the “post-processing of the effect” is, for example, a process of initializing the contents of the RAM described later after the effect.

  The peripheral board 3 is a board having a peripheral part 3a, an authentication part 3b, and a bus 3c. The peripheral unit 3a receives the output of the main control unit 2a as input, and controls the execution of the pre-processing or post-processing of the effect or effect based on the control command from the main control unit 2a, and the authentication data from the main control unit 2a Is output to the authentication unit 3b.

  The authentication unit 3b is provided at the subsequent stage of the peripheral unit 3a, and is a means for determining whether or not the main control unit 2a is valid based on the authentication data output from the peripheral unit 3a. In addition to the peripheral part, a configuration with an authentication part is adopted. For this reason, even when the main control unit is not authenticated by the general configuration of the main control unit and the peripheral unit, if the authentication unit is added, the specification change of the peripheral unit can be minimized and the main control unit Authentication can be performed. When the authentication unit 3b determines that the main control unit 2a is not valid, the peripheral unit 3a performs control for notifying that the main control unit 2a is not valid. When the main control unit 2a notifies that it is not valid, the notification by displaying on a liquid crystal (not shown) provided in the gaming machine or lighting a lamp or the like under the control of the peripheral unit 3a Is done. The notification using the liquid crystal and the lamp will be described in detail later.

Not only visual notification by lighting a liquid crystal display or a lamp, but also auditory notification by outputting sound from a speaker (not shown) or tactile notification by vibrating a vibrator (not shown) may be performed. Moreover, you may perform combining the said alert | report. The bus 3c is the only communication path used for signal exchange between the peripheral unit 3a and the authentication unit 3b. A single bus 3c provided between the peripheral part 3a and the authentication part 3b is used as a bidirectional communication path.
[Configuration of game control device]
Next, the configuration of the game control device in the pachinko machine will be described.
FIG. 3 is a block diagram showing a configuration of the game control device 100.

As shown in FIG. 3, the game control device 100 includes a main control board 2, a peripheral board 3, and a prize ball control unit 400. In this example, the main control board 2 is provided with a main control unit 2a that performs main control of the game. The main control unit 2a includes a DIP (Dual Inline
A CPU 202 that is a one-chip type microprocessor including a package) and an access control device 230 that controls access to the CPU 202 are provided. Further, the peripheral board 3 is provided with an effect control unit 300 that controls the effect of the game by the control of the main control unit 2a, and an authentication unit 3b that authenticates the main control unit 2a. The effect control unit 300 is an example of the peripheral portion 3a in FIG. The prize ball control unit 400 controls the payout of game balls under the control of the main control unit 2a.

  The main control unit 2a performs main control of the game, and transmits various control commands for performing game effect control or game ball payout control to the effect control unit 300 and the prize ball control unit 400, respectively.

  The main control unit 2 a includes a start winning port detection unit 280 that detects a game ball won in the start winning port 105, a gate detection unit 282 that detects a game ball that has passed the winning gate 106, and a normal winning port 107. An ordinary winning opening detection unit 284 that detects the game ball that has been played and a large winning opening detection unit 286 that detects the game ball that has won the winning prize port 109 are connected. These detection parts 280-286 can be comprised using a proximity switch, for example.

  The main control unit 2a is further connected to a large winning opening / closing unit 288 that opens and closes the opening / closing member of the large winning port 109 during a big hit, an effect control unit 300, and a prize ball control unit 400. Note that communication with the effect control unit 300 is in one direction from the main control unit 2a to the effect control unit 300. In contrast, communication with the prize ball control unit 400 is bidirectional.

  The big prize opening opening / closing unit 288 can be configured using, for example, a solenoid. The jackpot is pre-programmed to occur with a predetermined probability (for example, 1/300) based on the jackpot random number.

The effect control unit 300 receives a control command from the main control unit 2a, and performs an effect control of the game based on the received control command. The effect control unit 300 includes a ROM 304 that stores a control program, a CPU 302 that executes an effect control process according to the control program stored in the ROM 304, a RAM 306 that functions as a data work area during the calculation process of the CPU 302, and a display on the symbol display unit 104. And an I / F 310 for inputting / outputting data to / from an external device.
The ROM 304 stores an expected value for collation with the verification value. The verification value is for authenticating the main control unit 2a, and the expected value is the same value as the verification value.

  The RAM 306 stores input data from the main control unit 2a, data for arithmetic processing, a random number counter for generating random numbers, various other counters, and various flags.

  The I / F (interface) 310 includes a main control unit 2a, a symbol display unit 104, a sound control unit 382 that performs sound control for outputting sound from the speaker 380, and lamp control that performs lamp control for lighting the lamp 384. The part 386 is connected.

  The award ball control unit 400 receives a control command from the main control unit 2a, and performs payout control of the game ball based on the received control command. The prize ball control unit 400 includes a ROM 404 that stores a control program, a CPU 402 that executes a payout control process according to the control program in the ROM 404, a RAM 406 that functions as a data work area during the calculation process of the CPU 402, and an external device. And an I / F 410 that performs output.

  Connected to the I / F 410 are a main control unit 2 a, a payout unit 480 that pays out a predetermined number of game balls from a storage unit for game balls, and a launch unit 482 that launches game balls to the game board 1.

  The award ball control unit 400 controls the payout unit 480 to pay out a predetermined number of game balls in accordance with winnings in each winning award (starting winning port 105, normal winning port 107, large winning port 109). . In addition, an operation on the launch unit 482 is detected, and the launch of the game ball is controlled.

  The launching unit 482 includes a sensor (not shown) that detects an operation by the player and a solenoid (not shown) that launches a game ball. When the award ball control unit 400 detects an operation by the sensor of the launch unit 482, the prize ball control unit 400 intermittently fires a game ball by driving a solenoid according to the operation amount.

The main control unit 2a, the effect control unit 300, and the prize ball control unit 400 are provided on different printed boards. However, the present invention is not limited to this, and the prize ball control unit 400 is the same print as the main control unit 2a. It can also be provided on the substrate.
[Configuration of main controller]
Next, the configuration of the main control unit 2a will be described.
FIG. 4 is a block diagram showing a more detailed configuration of the main control unit 2a and the like.

  As shown in FIG. 4, the main control unit 2a includes a CPU 202, which is a one-chip type microprocessor made of DIP or the like, an access control device 230 that controls access by the CPU 202, and an inspection port used for a pachinko machine verification test. 240.

  The CPU 202 includes a ROM 204 that stores a control program, a CPU core 203 that executes game control processing in accordance with the control program stored in the ROM 204, a RAM 206 that functions as a data work area when the CPU core 203 performs arithmetic processing, and an inspection port 240. And a security inspection circuit 208 that outputs an instruction code string executed by the CPU core 203 and other inspection data.

  The CPU 202 further includes I / Fs 210 and 212 that perform input / output with an external device, and a timer 214 that measures time. The CPU core 203, ROM 204, RAM 206, security inspection circuit 208, I / Fs 210 and 212, and timer 214 are connected to each other via a bus 216.

  The RAM 206 stores input / output data for the main control unit 2a, data for arithmetic processing, various counters, a jackpot flag and other various flags, and the number of reserved balls. Here, the number of reserved balls refers to the number of game balls won in the start winning opening 105 and the jackpot lottery is not performed.

  An access control device 230 is connected to the I / F 212. Due to its hardware structure, the CPU 202 does not output address signals, data signals, and control signals transmitted / received via the bus 216 to the outside. Further, since the signal line of the bus 216 is built in the CPU 202, it is difficult to directly connect the access control device 230 to the signal line of the bus 216 because it requires modification. Therefore, in the configuration as it is, the access control device 230 cannot acquire information related to an instruction executed by the CPU core 203. Therefore, in the present embodiment, as information relating to instructions executed by the CPU core 203, an instruction code string executed by the CPU core 203 and an address (hereinafter simply referred to as an address) in the ROM 204 are transmitted via the I / F 212. The CPU core 203 is caused to execute the output process. This output process can be incorporated as one process of the control program in the ROM 204, for example. Thereby, the access control device 230 can input the instruction code string executed by the CPU core 203 and its address from the I / F 212. Here, the address of the instruction code string refers to the address of the first instruction code in the instruction code string.

In addition to the CPU 302, ROM 304, RAM 306, VRAM 308, and I / F 310, the effect control unit 300 includes an effect-related device group 314 including a plurality of devices necessary for game effect control. Similarly, the prize ball control unit 400 includes a prize ball related device group 414 including a plurality of devices required for game ball payout control, in addition to the CPU 402, the ROM 404, the RAM 406, and the I / F 410.
[Configuration of CPU core and access control device]
Next, the configuration of the CPU core 203 and the access control device 230 will be described.
FIG. 5 is a block diagram showing the configuration of the CPU core 203 and the access control device 230. In FIG. 5, a part of the configuration is omitted for convenience of explanation.

As shown in FIG. 5, the CPU core 203 reads (fetches) the instruction code string stored in the ROM 204 and performs data processing according to the read instruction code string. The CPU core 203 includes a control unit 203a, a calculation unit 203b, and a register 203c.
The control unit 203a controls the overall operation of the CPU 202 and outputs a control signal to the bus 216 in order to read and write instruction code strings and other data.
The operation unit 203b performs an operation on the data held in the register 203c.
The register 203c holds the instruction code string read from the ROM 204, its address, and the data processed by the arithmetic unit 203b.

The access control device 230 generates random numbers used for game control and authentication information necessary for authentication, and holds data processed by the CPU core 203. The access control device 230 includes an input unit 231, a calculation unit 232, registers 234 and 236, and an access control unit 238.
The input unit 231 includes a latch circuit and the like, and inputs an instruction code string executed by the CPU core 203 and its address from the I / F 212.

The arithmetic unit 232 includes a random number generator or the like, and generates at least one of a random number used for game control and authentication information necessary for authentication. Random numbers used for game control include random numbers used for jackpot lottery (big hit determined random numbers), random numbers for determining the stop mode of the effect symbols (stop symbol determined random numbers), random numbers for determining the change pattern of the effect symbols (variation) Pattern determination random number) and other random numbers used for game control.
The register 234 holds the random number and authentication information generated by the calculation unit 232. Access to the register 234 is controlled by the access control unit 238.
The register 236 holds data processed by the CPU core 203. Access to the register 236 is controlled by the access control unit 238.

  When the access control unit 238 inputs a read request to the registers 234 and 236, the access control unit 238 inputs a read command and its address related to the read request from the input unit 231, and the access permission condition is set based on the input read command and address. When it is determined that it is established, reading of data from the registers 234 and 236 is permitted. On the other hand, when it is determined that the access permission condition is not satisfied, reading of data from the registers 234 and 236 is prohibited. Specifically, the instruction code string input by the input unit 231 is a code string permitted in advance (hereinafter referred to as a permitted instruction code string), and the address of the instruction code string is an address permitted in advance. The data can be read from the registers 234 and 236 only when it is (hereinafter referred to as a permitted address).

When the access control unit 238 inputs a write request to the register 236, the access control unit 238 inputs a write command and its address related to the write request from the input unit 231, and the access permission condition is satisfied based on the input write command and address. When the determination is made, writing of data to the register 236 is permitted. On the other hand, when it is determined that the access permission condition is not satisfied, data writing to the register 236 is prohibited. Specifically, data can be written into the register 236 only when the instruction code string input from the input unit 231 is a permitted instruction code string and the address of the instruction code string is a permitted address.
[Access control processing]
Next, an access control process executed by the access control unit 238 will be described.
FIG. 6 is a flowchart showing the access control process.
When executing the access control process, the access control unit 238 first proceeds to step SS10 as shown in FIG.

  In step SS10, it is determined whether or not a read request for the registers 234 and 236 has been input from the I / F 212. When it is determined that a read request has been input (Yes), the process proceeds to step SS12 and the CPU core 203 determines that the read request has been input. The instruction code string to be executed and its address are input from the input unit 231 and the process proceeds to step SS14.

  In step SS14, it is determined whether or not the input instruction code string is a permitted instruction code string. If it is determined that the input instruction code string is a permitted instruction code string (Yes), the process proceeds to step SS16 and the input address is permitted. It is determined whether or not it is an address, and when it is determined that the address is a permitted address (Yes), the process proceeds to step SS18.

  In step SS18, the data held in the registers 234 and 236 are read, the process proceeds to step SS20, and the read data is output to the I / F 212. The output data is held in the register 203c of the CPU core 203 via the I / F 212.

  Next, the process proceeds to step SS22, where it is determined whether or not a write request for the register 236 has been input from the I / F 212. When it is determined that a write request has been input (Yes), the process proceeds to step SS24, and the CPU The instruction code string executed by the core 203 and its address are input from the input unit 231 and the process proceeds to step SS26.

  In step SS26, it is determined whether or not the input instruction code string is a permitted instruction code string. When it is determined that the input instruction code string is a permitted instruction code string (Yes), the process proceeds to step SS28 and the input address is permitted. It is determined whether or not it is an address, and when it is determined that the address is a permitted address (Yes), the process proceeds to step SS30.

  In step SS30, the data held in the register 203c of the CPU core 203 is input from the I / F 212, the process proceeds to step SS32, the input data is written in the register 236, and the access control process is terminated.

  On the other hand, when it is determined in step SS28 that it is not a permitted address (No), when it is determined in step SS26 that it is not a permitted instruction code string (No), and when it is determined in step SS22 that a write request is not input (No) ) Terminates the access control process without writing data to the register 236. At this time, the CPU core 203 may receive a notification from the access control device 230 and may notify that there is a possibility of fraud (hereinafter referred to as fraud notification). For example, the fraud notification may be performed by displaying a predetermined message, mark, or image on the symbol display unit 104, outputting a predetermined message sound or sound effect from the speaker 380, or the manufacturer or administrator of the CPU 202 via the I / F 210. Alternatively, an error message can be transmitted to another device, or a control signal for causing the other device to perform the display or audio output can be transmitted via the I / F 210. As a result, the user or the like can be made aware that there is a possibility that the main control unit 2a has been cheated, and measures such as investigation and repair can be taken.

On the other hand, when it is determined in step SS16 that it is not a permitted address (No), when it is determined in step SS14 that it is not a permitted instruction code string (No), and when it is determined in step SS10 that a read request is not input (No) In both cases, the data held in the registers 234 and 236 is not output to the I / F 212, and the process proceeds to step SS22. At this time, since there is no output from the access control device 230, the register 203c of the CPU core 203 holds an invalid value such as “0000” or “1111”. If the non-legitimate value is set to a predetermined value and the value is held in the register 203c, the CPU core 203 may make an unauthorized notification. Here, the predetermined value is, for example, a plurality of types of fixed value groups or a variation value for which a variation rule has been defined in advance.
[ROM memory structure]
Next, the memory structure of the ROM 204 will be described.
FIG. 7 is a diagram schematically showing the memory structure of the ROM 204.
As shown in FIG. 7, the ROM 204 stores an instruction code string executed by the CPU core 203.

An address is assigned to the storage area 204a of the ROM 204 for each predetermined area (for example, for each byte). In the example of FIG. 7, addresses “0x000” to “0xNNN” are assigned to the storage area 204a, and each address indicates an area for 1 byte. For example, an instruction code string “0xABCDEFGH” (read instruction) is stored at addresses “0x100” to “0x103”. In addition, an instruction code string “0xJKLMNOPQ” (write instruction) is stored at addresses “0x104” to “0x107”.
[Data structure of control commands, etc.]
Next, a data structure such as a control command will be described.
FIG. 8 is a diagram illustrating a data structure of control commands and the like.

  In the case of a normal control command 500, control data 501 is added as shown in FIG. On the other hand, in the case of the control command with authentication data, as shown in FIG. 8B, the control data 501 is added, and the encrypted authentication data 502 is further added. In this way, by adding the authentication data to the control command and transmitting from the main control unit 2a, the communication load between the main control unit 2a and the peripheral unit 3a is reduced as compared with the case of transmitting the authentication data alone. The increase can be suppressed. Further, by adding the authentication data to the control command and transmitting from the main control unit 2a, there is a risk that the authentication data is extracted from the communication data and analyzed compared to the case where the authentication data is transmitted alone. Can be reduced. Furthermore, since the authentication process is performed only when a control command to which authentication data is added is transmitted, the rate at which the processing load of the main control unit 2a due to the authentication process increases due to the authentication process can be suppressed.

Note that the arrangement order of the control data 501 and the authentication data 502 with respect to the control command 500 is not limited to the case of FIG. That is, as shown in FIG. 8 (c), the control command 500 is arranged with authentication data 502 added to the head, or as shown in FIG. 8 (d), authentication is performed between the control command 500 and the control data 501. Alternatively, the data 502 may be inserted. Further, the authentication data may be transmitted separately from the control command 500 and the control data 501. For example, after transmitting a jackpot command that is one of the control commands and its control data, authentication data may be added and transmitted when the third control command is transmitted.

Here, the control commands include a power-on command, a power-off command, a customer waiting demo start command, a customer waiting demo stop command, a variation pattern command, a jackpot start command, a jackpot end command, and a jackpot command.
The power-on command is a control command for designating power-on, and is transmitted to the effect control unit 300 and the prize ball control unit 400 when the power is turned on.
The power-off command is a control command for designating power-off, and is transmitted to the effect control unit 300 and the prize ball control unit 400 when the power is turned off.

The customer waiting demonstration start command is a control command for designating the start of a demonstration effect (hereinafter referred to as a customer waiting demo) for attracting a player, and is transmitted to the effect control unit 300 when the game is interrupted.
The customer waiting demo stop command is a control command for designating the end of the customer waiting demo, and is transmitted to the effect control unit 300 when the game is resumed.

  The variation pattern command is a control command for designating the variation pattern of the effect symbol, and is transmitted to the effect control unit 300 when the variation of the effect symbol is started. The variation pattern command includes an outlier non-reach command, an outlier reach command, and a jackpot reach command.

  The non-reach non-reach command is a control command for designating a change pattern that does not perform reach among the change patterns that are selected when the big hit lottery results in “out” (hereinafter, simply referred to as “out”). .

  The detachment reach command is a control command for designating a variation pattern for performing a reach effect among the variation patterns selected at the time of detachment. The effect control unit 300 can determine that there is a loss based on a loss reach command or a loss non-reach command.

The jackpot reach command is a control command for designating a variation pattern for performing a reach effect among the variation patterns selected at the time of the jackpot. The effect control unit 300 can determine that the jackpot is based on the jackpot reach command.
The jackpot start command is a control command for designating the start of the jackpot effect, and is transmitted to the effect control unit 300 at the start of the jackpot effect.

The jackpot end command is a control command for designating the end of the jackpot effect, and is transmitted to the effect control unit 300 at the end of the jackpot effect (at the end of the final round).
The jackpot command is a control command for designating a jackpot, and includes a round start command and a round end command.

  The round start command is a control command for designating the start of a round, and is transmitted to the effect control unit 300 at the start of the round. The round start command is set for each round. For example, when the maximum number of rounds is 15, 15 types of round start commands are set. Accordingly, when the round continues twice or more, the round start command is transmitted a plurality of times during the jackpot.

  The round end command is a control command for designating the end of the round, and is transmitted to the effect control unit 300 at the end of the round excluding the final round. The round end command is set for each round except the final round. For example, when the maximum number of rounds is 15, 14 types of round end commands are set. Therefore, when the round continues three or more times, the round end command is transmitted a plurality of times during the jackpot.

These control commands are merely representative, and various other control commands are defined. Among these control commands, encryption authentication data is added to predetermined ones. In this embodiment, encrypted authentication data is added to the jackpot reach command.
[Game control processing]
Next, game control processing executed by the CPU core 203 of the main control unit 2a will be described.

The CPU core 203 reads from the ROM 204 a control program that can execute one cycle at a predetermined operation clock (for example, 4 [ms]), and executes the game control process shown in the flowchart of FIG. 9 according to the read control program.
FIG. 9 is a flowchart showing the game control process.
When the game control process is executed in the CPU core 203, first, as shown in FIG. 9, the process proceeds to step S100.

  In step S100, it is determined whether or not the power is turned on. When it is determined that the power is turned on (Yes), the process proceeds to step S102, but when it is determined that it is not (No), the power is turned on. It waits in step S100 until it turns on.

  In step S102, the RAM 206 is initialized, and an initialization process for transmitting a control command for designating power-on to the effect control unit 300 and the prize ball control unit 400 via the I / F 210 is executed. In the initialization process, a power-on command is transmitted. Since the power-on command is not a predetermined command, that is, a jackpot reach command, the encrypted authentication data is not added to the effect control unit 300 and the prize ball control unit 400 via step S210.

  When the effect control unit 300 receives the power-on command, the effect display unit 104, the lamp control unit 386, and the sound control unit 382 receive a control command for the effect at the time of power-on (specifically, display of a demonstration screen). , A control command for designating lamp lighting and sound output).

  Next, the process proceeds to step S104, and a connected device authentication process for authenticating a device connected to the CPU 202 (hereinafter referred to as a connected device) is executed. The process proceeds to step S106, and a game ball is placed in the start winning opening 105. A winning determination process is performed to determine that a win has been won, and the process proceeds to step S108.

  In step S108, the jackpot determination process for determining the jackpot and determining the variation pattern of the effect symbol is executed, and the process proceeds to step S110 to open the opening / closing member of the jackpot 109 in a predetermined pattern. Is executed, and the process proceeds to step S112.

  In step S112, a prize ball payout control process for storing in the transmission buffer of the RAM 206 a control command (payout control command) for designating the payout of game balls to the prize ball control unit 400 is executed, and the process proceeds to step S114. Then, a control command transmission process for transmitting the control command stored in the transmission buffer to the effect control unit 300 or the prize ball control unit 400 via the I / F 210 is executed, and the process proceeds to step S116.

In step S116, it is determined whether or not the power has been turned off. When it is determined that the power has been turned off (Yes), the process proceeds to step S118, and the power is turned off via the I / F 210. The end process of transmitting the control command (power-off command) for the effect control unit 300 and the prize ball control unit 400 is executed, and the game control process is ended.
On the other hand, when it is determined in step S116 that the power is not turned off (No), the process proceeds to step S106. In FIG. 9, after the connected device authentication process (step S104) is executed, the process proceeds to a winning determination process (step S106). However, the present invention is not limited to this. That is, the connected device authentication process may be performed in the middle of the process after the winning determination process, and the order of the processes is not limited.

Note that the random number counter is updated using the remaining time during which each process is executed in one cycle (for example, 4 [ms]) of the operation clock. In addition, it can be updated by a random number update process executed in parallel with the game control process. For example, the random number counter counts up by “1” sequentially from “0”, and returns to “0” when the count value exceeds the maximum value (for example, “999”). Counting is performed cyclically in a range (for example, “0” to “999”).
[Device / PLC authentication processing]
Next, the connected device authentication process in step S104 of FIG. 9 will be described.

Various devices can be connected to the CPU 202, but devices that are not approved by the user or manufacturer are illegally connected, causing the CPU 202 to malfunction, or the data in the ROM 204 to be altered or stolen. There is a fear. In order to prevent this, the CPU 202 authenticates the connected device. Since the access control device 230 is also closely related to the execution of the connected device authentication process, the operations of the CPU core 203 and the access control device 230 accompanying the execution of the connected device authentication process will be described here.
FIG. 10 is a flowchart showing the operations of the CPU core 203 and the access control device 230 when the connected device authentication process is executed.

As shown in FIG. 10, the CPU core 203 first acquires authentication data from the connected device through steps S40 and S42, and uses the acquired authentication data to obtain the verification value V via the I / F 212. Output generation request. The verification value V is a value used for authenticating the connected device. Note that the authentication data acquired in step S40 may be used as the verification value V as it is.
Upon receiving the verification value V generation request, the access control device 230 generates the verification value V by the arithmetic unit 232 through step S44 and holds it in the register 234.

  Next, the CPU core 203 reads a read command for reading the verification value V from the register 234 of the access control device 230 from the ROM 204 through step S46, and executes the read command to read the register 234 via the I / F 212. A read request for is output. Further, through step S48, the read instruction and its address are output via the I / F 212.

  When the read request is input, the access control device 230 inputs the read command and its address through step S50, and reads the verification value V held in the register 234 if it is a permitted command code string and a permitted address. The read verification value V is output to the I / F 212.

  When the verification value V is input, the CPU core 203 stores the input verification value V in the register 203c through step S52. Then, the CPU core 203 reads the write command for writing the verification value V into the register 236 of the access control device 230 from the ROM 204 through step S54, and executes the read write command, thereby executing the register 236 via the I / F 212. A write request for is output. Further, through step S56, the read write instruction, its address, and the verification value V are output via the I / F 212.

  When the write request is input, the access control device 230 inputs a write command and its address through step S58. If it is a permitted command code string and a permitted address, the access control device 230 inputs a verification value V. Write to register 236.

Next, the CPU core 203 outputs a generation request for the expected value P via the I / F 212 through step S60. The expected value P is a value used for verifying the verification value V.
When the access control device 230 receives the generation request for the expected value P, the operation unit 232 generates the expected value P through step S 62 and holds it in the register 234.

  Next, the CPU core 203 reads a read command for reading the expected value P from the register 234 of the access control device 230 from the ROM 204 through step S64, and executes the read command to read the register 234 via the I / F 212. A read request for is output. Further, through step S66, the read instruction and its address that have been read are output via the I / F 212.

  When the read request is input, the access control device 230 inputs a read command and its address through step S68, and reads the expected value P held in the register 234 if the read command and its address are input, The read expected value P is output to the I / F 212.

  Next, the CPU core 203 reads a read command for reading the verification value V from the register 236 of the access control device 230 from the ROM 204 through step S70, and executes the read command to read the register 236 via the I / F 212. A read request for is output. Further, the read instruction and its address are output via the I / F 212 through step S72.

  When the read request is input, the access control device 230 inputs a read command and its address through step S74, and if it is a permitted command code string and a permitted address, reads the verification value V held in the register 236, The read verification value V is output to the I / F 212.

  When the verification value V and the expected value P are input, the CPU core 203 compares the verification value V with the expected value P through steps S76 and S78, and determines whether the verification result is correct. Whether or not the collation result is correct is determined based on, for example, whether or not the verification value V has a predetermined relationship with the expected value P. The predetermined relationship is, for example, that the verification value V matches the expected value P, that the calculation value obtained by calculating one of the verification value V and the expected value P by a predetermined calculation method matches the other, This means that the value V and the expected value P have a magnitude relationship and other correlations.

When it is determined that the collation result is correct (Yes), the CPU core 203 authenticates the connected device through step S80 and ends the connected device authentication process. On the other hand, when it is determined that the collation result is not correct (No), the CPU core 203 ends the connected device authentication process without authenticating the connected device through step S82. When the connected device is not authenticated, the CPU core 203 performs fraud notification or disconnects the connection with the connected device.
[Control command transmission processing]
Next, the control command transmission process in step S114 will be described.
FIG. 11 is a flowchart showing the control command transmission process.
When the control command transmission process is executed in step S114, the process first proceeds to step S200 as shown in FIG.

  In step S200, the control command is read from the transmission buffer, and the process proceeds to step S202, where it is determined whether or not the read control command is a predetermined command (ie, jackpot reach command), and is a jackpot reach command. When it determines (Yes), it transfers to step S204.

In step S204, authentication data is generated based on the data of the control program stored in the ROM 204. The authentication data is data for authenticating the main control unit 2a by the production control unit 300. For example, for part or all of the data of the control program, calculation using a hash function, parity check, cyclic redundancy check ( CRC (Cyclic Redundancy
Check)) or a value obtained by performing an error detection operation such as a checksum is included as a verification value. Thus, the verification value is calculated from the data of the control program actually stored in the ROM 204. Therefore, by performing authentication using the verification value, it is possible to detect fraudulent acts such as replacing a regular main control board with an unauthorized main control board or falsifying the control program in the ROM 204.
Next, the process proceeds to step S206, and an encryption process for encrypting the generated authentication data is executed by a predetermined encryption algorithm.

In this encryption process, for example, an encryption algorithm that calculates an exclusive OR (XOR) with an encryption key (for example, “0x33”) is used. In this case, the decryption algorithm corresponding to the encryption algorithm is the same.
Then, with this encryption algorithm, the operation value obtained by the executed encryption process is used as encrypted authentication data.

  Next, the process proceeds to step S208, and the control command read in step S200 is transmitted to the effect control unit 300 with the encrypted encrypted authentication data added thereto, and the series of processes is terminated and the original process is restored. .

  On the other hand, when it is determined in step S202 that the command is not a jackpot reach command (No), the process proceeds to step S210, and the control command read in step S200 is transmitted to the effect control unit 300 or the prize ball control unit 400 as it is. The process is terminated and the original process is restored.

Note that the transmission of the power-on command and the power-off command (steps S102 and S116) is similar to the control command transmission process shown in the flowchart of FIG.
[Winning determination process]
Next, the winning determination process in step S106 will be described.
FIG. 12 is a flowchart showing a winning determination process.
When the winning determination process is executed in step S106, as shown in FIG. 12, first, the process proceeds to step S300.
In step S300, it is determined whether or not the number of reserved balls is “0”, and when it is determined that the number of reserved balls is “0” (Yes), the process proceeds to step S302.

  In step S302, a timer (not shown) is used to determine whether or not a predetermined time (for example, 10 minutes) has elapsed since the last winning to the start winning opening 105, and when it is determined that the predetermined time has elapsed ( If Yes, the process proceeds to step S304.

  In step S304, a customer waiting demo execution process for performing a customer waiting demo is executed. In the customer waiting demo execution process, the customer waiting demo is started by storing the customer waiting demo start command in the transmission buffer. Further, when the resumption of the game is detected in response to winning at the start winning opening 105, an operation on the launching unit 482, etc., the customer waiting demo is terminated by storing a customer waiting demo stop command in the transmission buffer. Thereby, in the control command transmission process of step S114, the customer waiting demonstration start command or the customer waiting demonstration stop command is transmitted to the effect control unit 300.

  Next, the process proceeds to step S306, where the sensor signal from the start winning opening detection unit 280 is read via the I / F 210, and whether it is detected that the game ball has won the start winning opening 105 based on the read sensor signal. If it is determined whether or not the winning of the game ball is detected (Yes), the process proceeds to step S308.

  In step S308, it is determined whether or not the number of retained balls is “4” or more, and when it is determined that the number of retained balls is less than “4” (No), the process proceeds to step S310 and the number of retained balls is determined. “1” is added to, and the process proceeds to step S312.

  In step S312, the jackpot determined random number, stop symbol determined random number and other random numbers used for game control are acquired from the random number counter, and the process proceeds to step S314, where each acquired random number is stored in a predetermined area of the RAM 206 corresponding to the number of reserved balls. Store, end a series of processing, and return to the original processing.

  On the other hand, when it is determined in step S308 that the number of held balls is “4” or more (Yes) and when it is determined in step S306 that no winning of a game ball is detected (No), a series of processes To return to the original process.

On the other hand, when it is determined in step S302 that the predetermined time has not elapsed (No) and when it is determined in step S300 that the number of reserved balls is not “0” (No), the process proceeds to step S306. .
[Big hit judgment processing]
Next, the jackpot determination process in step S108 will be described.
FIG. 13 is a flowchart showing the jackpot determination process.

  In the jackpot determination process, in order to generate a jackpot with a predetermined probability, one jackpot value is set in a predetermined numerical range (for example, “0” to “400”) that can be taken by the jackpot determination random number, and the start winning hole 105 13 is a process for obtaining a jackpot decision random number at the winning timing when the game ball is won and generating the jackpot when the acquired random number value matches the jackpot value. First, the process proceeds to step S400.

  In step S400, it is determined whether or not the effect symbol is changing in the symbol display unit 104, and when it is determined that the effect symbol is not changing (No), the process proceeds to step S402 and the number of reserved balls is “1”. When it is determined whether or not the number is equal to or more than one and the number of reserved balls is determined to be “1” or more (Yes), the process proceeds to step S404.

  In step S404, the jackpot determination random number is read from a predetermined area of the RAM 206 corresponding to the number of reserved balls, and the process proceeds to step S406 to determine whether or not the read random number value matches the jackpot value. When it is determined that it has been done (Yes), the process proceeds to step S408, the jackpot flag is set, and the process proceeds to step S410.

  In step S410, a big-hit stop symbol determination process is executed to determine the aspect of the effect symbol to be stopped at the big-hit. In the jackpot stop symbol determination process, for example, a jackpot stop symbol determination table is read from the ROM 204. Then, a stop symbol determination random number is read from a predetermined area of the RAM 206 corresponding to the number of reserved balls, a stop symbol number of the order of the read random number value is acquired from the read stop symbol determination table, and control indicating the acquired stop symbol number Store the command (designation command) in the transmission buffer.

  Next, the process proceeds to step S412, and the big hit hour fluctuation pattern determination process is executed for determining the fluctuation pattern of the effect symbol to be displayed in a variable manner at the big hit. In the jackpot variation pattern determination process, for example, a reach determination random number is acquired from a random number counter, and a variation pattern determination table for jackpot corresponding to the acquired random number value is read from the ROM 204. Since the jackpot reach command is registered only in one or a plurality of specific variation pattern determination tables, this selection based on the reach determination random number determines whether or not to perform the reach effect. Then, the fluctuation pattern determination random number is obtained from the random number counter, the fluctuation pattern number of the order of the obtained random number value is obtained from the read fluctuation pattern determination table, and the fluctuation pattern command indicating the obtained fluctuation pattern number is stored in the transmission buffer. To do. As a result, in the control command transmission process of step S112, the jackpot reach command and other variation pattern commands selected at the time of jackpot are transmitted to the effect control unit 300.

  Next, the process proceeds to step S414, and a symbol variation start process for storing in the transmission buffer a control command (variation start command) for designating the effect symbol variation start to the effect control unit 300 is executed, and the process proceeds to step S416. Then, “1” is subtracted from the number of held balls, a series of processing is terminated, and the original processing is restored.

  On the other hand, when it is determined in step S406 that it does not coincide with the jackpot value (No), the process proceeds to step S418, and the off-time stop symbol determining process is executed to determine the mode of the effect symbol to be stopped at the time of loss. The off-time stop symbol determination process is configured in the same manner as in step S410. The difference from step S410 is that a stop symbol determination table for detachment is used.

Next, the process proceeds to step S420, and a variation pattern determination process at the time of detachment is performed to determine a variation pattern of the effect symbol that is variably displayed at the time of the detachment. The deviation variation pattern determination process is configured in the same manner as in step S412. The difference from step S412 is that a deviation variation pattern determination table is used. As a result, in the control command transmission process of step S114, the variation non-reach command, the deviation reach command, and other variation pattern commands selected at the time of deviation are transmitted to the effect control unit 300.
When the process of step S420 ends, the process proceeds to step S414.
On the other hand, when it is determined in step S400 that the effect symbol is changing in the symbol display unit 104 (Yes), the process proceeds to step S422.

  In step S422, it is determined whether or not a predetermined time (for example, 30 seconds) has elapsed since the start of the change in the effect design. If it is determined that the predetermined time has elapsed (Yes), the process proceeds to step S424. The symbol stop process for storing in the transmission buffer a control command (design stop command) for designating the stop of the effect symbol to the effect control unit 300 is executed, and the series of processes is terminated and the original process is restored. Let

On the other hand, when it is determined at step S422 that the predetermined time has not elapsed (No) and when it is determined at step S402 that the number of reserved balls is “0” (No), a series of processing is performed. End and return to the original process.
[Electric character control processing]
Next, the electric accessory control process in step S110 will be described.
FIG. 14 is a flowchart showing the electric accessory control process.
When the electric accessory control process is executed in step S110, the process proceeds to step S500 as shown in FIG.

  In step S500, it is determined whether or not the jackpot is based on the jackpot flag, and if it is determined that the jackpot is set by setting the jackpot flag (Yes), the process proceeds to step S502.

  In step S502, it is determined whether or not it is time to start the jackpot effect. If it is determined that it is time to start the jackpot effect (Yes), the process proceeds to step S504.

  In step S504, a jackpot presentation start process for storing the jackpot start command in the transmission buffer is executed, and a series of processes is terminated and the process returns to the original process. Thereby, in the control command transmission process of step S114, the big hit start command is transmitted to the effect control unit 300.

  On the other hand, when it is determined in step S502 that it is not the timing to start the jackpot effect (No), the process proceeds to step S506, where it is determined whether it is the timing to start the round, and the timing to start the round. (Yes), the process proceeds to step S508.

  In step S508, a round start process for storing the round start command in the transmission buffer is executed, a series of processes are terminated, and the original process is restored. Thereby, in the control command transmission process of step S114, a round start command is transmitted to the effect control unit 300.

  On the other hand, when it is determined in step S506 that it is not the timing to start the round (No), the process proceeds to step S510, where it is determined whether the round is continuing, and it is determined that the round is continuing. If (Yes), the process proceeds to step S512.

  In step S512, a special prize opening / closing control process for controlling the opening / closing of the special prize opening 109 is executed by the special prize opening / closing part 288, and a series of processes is terminated and the process returns to the original process.

  On the other hand, when it is determined in step S510 that the round is not continuing (No), the process proceeds to step S514, where it is determined whether it is time to end the round, and it is determined that it is time to end the round. If yes (Yes), the process proceeds to step S516.

  In step S516, “1” is added to the number of rounds, and the process proceeds to step S518 to determine whether or not the number of rounds exceeds the maximum number of rounds (for example, 15 times). When it determines (No), it transfers to step S520.

In step S520, a round end process for storing the round end command in the transmission buffer is executed, and a series of processes are ended to return to the original process. Thereby, in the control command transmission process of step S114, the round end command is transmitted to the effect control unit 300.
On the other hand, when it is determined in step S518 that the number of rounds exceeds the maximum number of rounds (Yes), the process proceeds to step S522.

In step S522, a jackpot presentation end process for storing the jackpot end command in the transmission buffer is executed. Thereby, in the control command transmission process of step S114, the big hit end command is transmitted to the effect control unit 300.
Next, the process proceeds to step S524, where the jackpot flag is reset, a series of processes are terminated, and the original process is restored.

On the other hand, when it is determined at step S514 that it is not the timing to end the round (No), and when it is determined at step S500 that the big hit flag is not reset because the big hit flag is reset (No), a series of processing To return to the original process.
[Production control processing]
Next, the effect control process executed by the effect control unit 300 will be described.
CPU302 reads a control program from ROM304, and performs the production | presentation control process shown to the flowchart of FIG. 15 according to the read control program.
FIG. 15 is a flowchart showing the effect control process.
When the effect control process is executed by the CPU 302, the process first proceeds to step S600 as shown in FIG.

  In step S600, a control command reception process for receiving a control command from the main control unit 2a is executed, and the process proceeds to step S602 to execute a fluctuation pattern command process for processing a fluctuation pattern command among the received control commands. The process proceeds to S604.

In step S604, a jackpot command process for processing the jackpot command among the received control commands is executed, and the process proceeds to step S606, and other command processes for processing the received control command other than the variation pattern command and the jackpot command. And the process proceeds to step S600.
[Control command reception processing]
Next, the control command reception process in step S600 will be described.
FIG. 16 is a flowchart showing control command reception processing.
When the control command reception process is executed in step S600, the process first proceeds to step S700 as shown in FIG.

  In step S700, it is determined whether or not a control command has been received from the main control unit 2a via the I / F 310. When it is determined that a control command has been received (Yes), the process proceeds to step S702. (No), the process waits in step S700 until a control command is received.

  In step S702, it is determined whether or not the received control command is a jackpot reach command. When it is determined that the received control command is a jackpot reach command (Yes), the process proceeds to step S704 and is added to the received control command. The encrypted authentication data is acquired, and the process proceeds to step S706.

  In step S706, a decryption process for decrypting the obtained encrypted authentication data is executed by a decryption algorithm corresponding to a predetermined encryption algorithm used by the main control unit 2a.

  As the decryption algorithm, for example, a decryption algorithm that calculates an exclusive OR with a decryption key (for example, “0x33”) is used. Here, the decryption algorithm is capable of decrypting the encrypted result encrypted by the encryption algorithm.

  Therefore, in the decryption process, the verification value is obtained by decrypting the encrypted authentication data by the decryption algorithm. This verification value matches the verification value (that is, the expected value) generated by the main control unit 2a.

Next, the process proceeds to step S708, the expected value is read from the ROM 304, and the process proceeds to step S710, where it is determined whether the verification value obtained by decoding matches the read expected value, When it is determined that they match (Yes), the process proceeds to step S712.
In step S712, the control command received in step S700 is stored in the reception buffer of the RAM 306, and a series of processing is terminated and the original processing is restored.
On the other hand, when it is determined in step S710 that the verification value does not match the expected value (No), the process proceeds to step S716.
In step S716, the control command received in step S700 is discarded, and the process proceeds to step S718.

In step S718, a fraud notification process for transmitting a control command (fault notification effect command) for designating a fraud notification effect for performing a fraud notification to the symbol display unit 104, the sound control unit 382, and the lamp control unit 386, respectively. Execute. When the symbol display unit 104, the voice control unit 382, and the lamp control unit 386 receive the fraud notification effect command, the fraud notification effect is performed. In the fraud notification effect, for example, a character that does not normally appear in the symbol display unit 104 appears, or a character appears in a method different from normal. Further, notification may be performed by changing the brightness or color of the symbol display unit 104 or blinking the lamp 384 with a predetermined blinking pattern. This makes it easier for employees of pachinko halls to recognize the condition. Further, the fraud notification effect may be performed in a mode in which the player is difficult to recognize the state, or conversely, may be performed in a mode in which the player is easy to recognize. If it is performed in a manner that is easy for the player to recognize, it can be expected that fraud will be stopped.
When the process of step S718 ends, the series of processes ends and the original process is restored.

On the other hand, when it is determined in step S702 that the received control command is not a jackpot reach command (No), the process proceeds to step S720, the control command received in step S700 is stored in the reception buffer, and the series of processing ends. To return to the original process.
[Variation pattern command processing]
Next, the variation pattern command process in step S602 will be described.
FIG. 17 is a flowchart showing the variation pattern command processing.
When the variation pattern command process is executed in step S602, as shown in FIG. 17, first, the process proceeds to step S800.

  In step S800, it is determined whether or not a variation pattern command has been received based on the control command of the reception buffer. When it is determined that the variation pattern command has been received (Yes), the process proceeds to step S802. When it is determined (No), the process waits in step S800 until a variation pattern command is received.

  In step S802, a random number is acquired from a random number counter, the process proceeds to step S804, and one of a plurality of variation effects corresponding to the received variation pattern command is selected based on the acquired random number, and the process proceeds to step S806. Transition.

  In step S806, a variation effect start process for transmitting a control command (variation effect start command) for designating the start of the selected variation effect to the symbol display unit 104, the sound control unit 382, and the lamp control unit 386 is performed. Execute.

  Next, the process proceeds to step S808, where it is determined whether or not a predetermined time (for example, 30 seconds) has elapsed since the transmission of the change effect start command, and when it is determined that the predetermined time has not elapsed (No). Shifts to step S810 to determine whether or not a symbol stop command has been received based on the control command of the reception buffer, and when it is determined that a symbol stop command has been received (Yes), shifts to step S812. .

In step S812, a variation effect end process is performed in which a control command (variation effect end command) for designating the end of the variation effect is transmitted to the symbol display unit 104, the sound control unit 382, and the lamp control unit 386, respectively. .
When the process of step S812 ends, the series of processes ends and the original process is restored.
On the other hand, when it determines with not receiving a symbol stop command by step S810 (No), it transfers to step S808.
On the other hand, when it is determined in step S808 that the predetermined time has elapsed (Yes), the process proceeds to step S812.

The random number counter can be updated by the above method employed by the main control unit 2a. However, the update method is not necessarily the same as that of the main control unit 2a.
[Big hit command processing]
Next, the jackpot command processing in step S604 will be described.
FIG. 18 is a flowchart showing the jackpot command processing.
When the jackpot command process is executed in step S604, the process first proceeds to step S900 as shown in FIG.

  In step S900, it is determined whether or not a jackpot start command has been received based on the control command of the reception buffer. If it is determined that a jackpot start command has been received (Yes), the process proceeds to step S902.

  In step S902, a jackpot effect start process for transmitting a control command (a jackpot effect start command) for designating the start of a jackpot effect to the symbol display unit 104, the sound control unit 382, and the lamp control unit 386 is executed. .

  Next, the process proceeds to step S904, where it is determined whether a round start command is received based on the control command of the reception buffer. When it is determined that the round start command is received (Yes), the process proceeds to step S906. .

  In step S906, a round effect start process for transmitting a control command (round effect start command) for designating the start of the round effect to the symbol display unit 104, the sound control unit 382, and the lamp control unit 386 is executed. .

  Next, the process proceeds to step S908, where it is determined whether a round end command has been received based on the control command of the reception buffer. When it is determined that a round end command has been received (Yes), the process proceeds to step S910. .

  In step S910, a round effect end process for transmitting a control command (round effect end command) for designating the end of the round effect to the symbol display unit 104, the sound control unit 382, and the lamp control unit 386 is executed. The process proceeds to step S904.

  On the other hand, when it is determined in step S908 that the round end command is not received (No), the process proceeds to step S912, where it is determined whether or not the jackpot end command is received based on the control command of the reception buffer. When it is determined that the end command has been received (Yes), the process proceeds to step S914.

In step S914, a big hit effect ending process is executed for transmitting a control command (big hit effect end command) for designating the end of the big win effect to the symbol display unit 104, the sound control unit 382, and the lamp control unit 386, respectively. Then, the series of processes is terminated and the original process is restored.
On the other hand, when it is determined in step S912 that the jackpot end command is not received (No), the process proceeds to step S908.

  On the other hand, when it is determined in step S904 that the round start command is not received (No), the process waits in step S904 until the round start command is received.

On the other hand, when it is determined in step S900 that the jackpot start command is not received (No), the process waits in step S900 until the jackpot start command is received.
[Operation of the present embodiment]
Next, the operation of the present embodiment will be described.

  First, when power is turned on to the pachinko machine, the main control unit 2a executes an initialization process through step S102. In the initialization process, a power-on command is transmitted. Since the power-on command is not a predetermined command (that is, a jackpot reach command), the encrypted authentication data is not added to the effect control unit 300 and the prize ball control unit 400 via step S210.

When the effect control unit 300 receives the power-on command, the effect display unit 104, the sound control unit 382, and the lamp control unit 386 receive the control command for the effect when the power is turned on (specifically, display of a demonstration screen). , The lighting of the lamp 384 and the control command for designating the output of sound) are transmitted respectively.
When the initialization process is completed, the main control unit 2a executes the connected device authentication process through step S104.

  In the connected device authentication process, the access control device 230 authenticates the connected device through steps S40 to S82. As a result, the validity of the connected device can be authenticated. However, for example, a connected device authentication process may be falsified by a malicious third party so that an unauthorized device is authenticated.

  For example, in step S58, the verification value V is written in the register 236 of the access control device 230. At this time, what is written in the register 236 is the verification value V originally held in the register 203 c of the CPU core 203. However, the value written to the register 236 can be set to a value stored in a place other than the register 203c (or an area other than the area where the verification value V is held in the register 203c) by an illegal instruction code string. It becomes.

  For example, in step S50, the verification value V is read from the register 234 of the access control device 230. At this time, the value to be read can be a value stored in a place other than the register 234 (or an area other than the area in the register 234 where the verification value V is held).

  These frauds can be made, for example, by branching the processing of the CPU core 203 by an illegal patch or the like.

  If such an illegal act is performed, a correct connection device authentication process cannot be performed, and an unauthorized device can be connected. Therefore, the main control unit 2a is provided with an access control device 230 to control access to the registers 234 and 236 by the CPU 202. As a result, it is possible to reduce the possibility that an unauthorized device is authenticated by executing an unauthorized instruction code string.

  FIG. 19 is an explanatory diagram showing an outline of access control performed by the access control unit 238. In FIG. 19, a part of the configuration is omitted for convenience of explanation.

  As illustrated in FIG. 19, for example, it is assumed that the permitted instruction code string and the permitted address are an instruction code string “0xJKLMNOPQ” (write instruction) and an address “0x104”. At this time, the normal ROM 204 stores an instruction code string “0xJKLMNOPQ” (write instruction) at addresses “0x104” to “0x107”.

  When the CPU core 203 reads and executes the instruction code string “0xJKLMNOPQ” from the addresses “0x104” to “0x107” (arrow α), the access control unit 238 permits writing of data to the register 236.

  However, suppose that an illegal instruction code string “0xPOIYUTRE” (write instruction) has been written to addresses “0x200” to “0x203” as in unauthorized example 1, for example. In this case, even if the CPU core 203 reads and executes the instruction code string “0xPOIYUTRE” from the addresses “0x200” to “0x203” (arrow β), the address of the instruction code string is not a permitted address, so the access control unit 238 prohibits writing of data to the register 236 (deny write command).

  Further, for example, it is assumed that an illegal instruction code string “0xLKJHGFDS” is inserted into addresses “0x080” to “0x083” as in the illegal example 2. This illegal instruction code string is, for example, an instruction code string that changes a value written to the register 236. However, due to the insertion of this illegal instruction code string, the address of the instruction code string “0xJKLMNOPQ” (write instruction) that is originally permitted to be executed has become “0x108” to “0x10B”.

  Therefore, even if the CPU core 203 reads and executes the instruction code string “0xJKLMNOPQ” from the addresses “0x108” to “0x10B” (arrow γ), the address of the instruction code string is not a permitted address, so the access control unit 238 Prohibits the writing of data to the register 236 (denies the write command). At this time, the CPU core 203 may receive a notification from the access control device 230 and perform an unauthorized notification. As a result, even if the write value is changed by execution of the illegal instruction code string “0xLKJHGFDS”, the value is not written to the register 236, so that the possibility of an illegal act can be reduced.

  On the other hand, the access control unit 238 can reduce the possibility that the CPU 202 malfunctions due to a bit error in addition to the above-mentioned fraudulent acts.

  FIG. 20 is an explanatory diagram showing an outline of access control performed by the access control unit 238.

  As illustrated in FIG. 20, for example, the permitted instruction code string and the permitted address are an instruction code string “0xABCDEFGH” (read instruction) and address “0x100”, and an instruction code string “0xABCDEFGI” (write instruction) and address “0x104”. ”. At this time, the regular ROM 204 stores an instruction code string “0xABCDEFGH” (read instruction) at addresses “0x100” to “0x103”.

  When the CPU core 203 reads the instruction code string, a bit error (for example, “1” becomes “0”) may occur in the instruction code string. As a result, the instruction code string “0xABCDEFGH” (read instruction) read from the addresses “0x100” to “0x103” by the CPU core 203 may be replaced with, for example, the instruction code string “0xABCDEFGI” (write instruction) ( Arrow δ). In this case, if the CPU core 203 executes the instruction code string “0xABCDEFGI” (write instruction), the data of the access control device 230 may be rewritten in an unexpected manner.

  However, even if such a write instruction is executed (arrow ε), the address of the instruction code string is not a permitted address, so the access control unit 238 prohibits writing of data to the register 236 (write instruction). Rejected).

  Next, a case where a game is played with a pachinko machine will be described.

  When the connected device is authenticated, the main control unit 2a repeatedly executes a winning determination process, a jackpot determination process, an electric accessory control process, and a control command transmission process at predetermined intervals through steps S106 to S114. As a result, the pachinko machine is in a playable state. A player can play a game by loading a rented game ball into a pachinko machine and operating the launch unit 482 to fire the game ball onto the game board 101.

  When the game ball fired on the game board 101 wins the start winning opening 105, the main control unit 2a reads the big hit decision random number from the access control device 230 at the winning timing through steps S306 and S312. The jackpot determination random number may also be read out only when access is permitted by the access control device 230, as in the case of the connected device authentication process. That is, it may be read only when the instruction code sequence related to reading the jackpot determination random number is a permitted instruction code sequence and the address of the instruction code sequence is a permitted address. The same applies to other random numbers used for game control. And if the random number value read through steps S404 and S406 matches the jackpot value, it is a jackpot.

  When the jackpot is reached, the stop symbol mode and the variation pattern at the jackpot are determined through steps S410 and S412. At this time, when it is determined to perform the reach effect, in the control command transmission process, a symbol designation command for designating a jackpot symbol and a jackpot reach command are transmitted. Since the jackpot reach command is a predetermined command, encrypted authentication data is added through steps S204 to S208 and transmitted to the effect control unit 300, which is an example of the peripheral unit 3a.

  When the effect control unit 300 receives the jackpot reach command, the process at the time of jackpot reach change is executed based on the received jackpot reach command through steps S802 to S812.

  In steps S414 and S424, the main control unit 2a displays the effect symbols in a predetermined variation pattern, stops a portion of the effect symbols in the reach symbol, and then stops the effect symbol in the jackpot symbol. When the effect symbol stops, a jackpot start command is transmitted in the control command transmission process. Since the jackpot start command is not a predetermined command (that is, jackpot reach command), the encrypted authentication data is not added to the effect control unit 300 via step S210 and is transmitted as it is.

  When the effect control unit 300 receives the jackpot start command, the process at the time of starting the jackpot effect is executed based on the received jackpot start command through step S902.

  During the big hit, the round continues until the predetermined condition is satisfied with the maximum number of rounds as the upper limit. In the control command transmission process, a jackpot command is transmitted at the start and end of a round. Since the jackpot command is not a predetermined command (that is, jackpot reach command), the encrypted authentication data is not added to the effect control unit 300 via step S210.

  In addition, during the big hit, the big winning opening 109 is opened with a predetermined opening / closing pattern, and when a gaming ball wins the big winning opening 109, a predetermined number of gaming balls are paid out as one winning ball.

  When the final round ends, a jackpot end command is transmitted in the control command transmission process. Since the jackpot end command is not a predetermined command (that is, jackpot reach command), the encrypted authentication data is not added to the effect control section 300 via step S210.

When the effect control unit 300 receives the jackpot end command, the process at the time of the end of the jackpot effect is executed based on the received jackpot end command through step S914.
On the other hand, if the acquired random number value does not coincide with the jackpot value through steps S404 and S406, the result is a loss.

  When it comes off, through steps S418 and S420, the mode and variation pattern of the stop symbol at the time of loss are determined. At this time, when it is determined to perform the reach effect, in the control command transmission process, a symbol designating command and a missed reach command for designating a missed symbol (or an effect of becoming a missed symbol) are transmitted. On the other hand, when it is determined not to perform the reach effect, the symbol designation command and the off-reach non-reach command are transmitted in the control command transmission process. Since the loss reach command or the loss non-reach command is not a predetermined command (that is, jackpot reach command), the encrypted authentication data is not added to the effect control unit 300 via step S210.

  When the production control unit 300 receives the outlier reach command or the outlier nonreach command, the process at the time of deviation fluctuation is executed based on the received outlier reach command or outlier nonreach command through steps S802 to S812.

  On the other hand, when the game is interrupted, the main control unit 2a executes a customer waiting demonstration execution process. In the control command transmission process, a customer waiting demonstration start command is transmitted. Since it is not a customer waiting demonstration start command or a predetermined command (ie, jackpot reach command), the encrypted authentication data is not added to the effect control unit 300 via step S210, and is transmitted as it is.

  When the production control unit 300 receives the customer waiting demonstration start command, as a process at the time of the customer waiting demonstration start, control commands for the customer waiting demonstration are sent to the symbol display unit 104, the voice control unit 382, and the lamp control unit 386, respectively. Sent.

  Thereafter, when the game is resumed, a customer waiting demonstration stop command is transmitted in the control command transmission process. Since it is not a customer waiting demo stop command or a predetermined command (that is, jackpot reach command), the encrypted authentication data is not added and transmitted to the effect control unit 300 as it is through step S210.

  When the production control unit 300 receives the customer waiting demonstration stop command, a control command for the customer waiting demonstration is sent to the symbol display unit 104, the voice control unit 382, and the lamp control unit 386 as processing at the time of the customer waiting demonstration end. Sent.

  In the above description, when the command is not a predetermined command, the case where the encrypted authentication data is transmitted without being added has been described. However, instead of the encrypted authentication data, dummy value data is added and transmitted. Also good.

[Effect of this embodiment]
In this way, in the present embodiment, the access control device 230 includes the registers 234 and 236, the input code 231 executed by the CPU core 203 and its address from the I / F 212, and the input module 231. And an access control unit 238 for controlling the access to the registers 234 and 236 by the CPU 202 based on the instruction code string and the address input in (1).

  This can reduce the possibility that the data in the registers 234 and 236 will be illegally rewritten or read out, thereby reducing the possibility that an illegal operation or an illegal operation due to an error will be performed. . In addition, since the access control device 230 that is separate from the CPU 202 realizes the access control function, the CPU core 203 itself does not need to perform unauthorized operation detection processing, and is more difficult to develop and design than in the past. It can be suppressed. Furthermore, since access is controlled based on the instruction code string and its address, it is not necessary to prepare a table having the same capacity as the ROM 204, and an increase in data capacity can be suppressed as compared with the conventional case.

  Further, in the case of adopting the CPU 202 that is a one-chip type microprocessor made of DIP or the like, in a configuration in which the CPU core 203 performs an unauthorized operation detection process, if an unauthorized action is performed such that the entire CPU 202 is replaced, the CPU Since the core 203 itself is exchanged, the validity of the CPU 202 cannot be authenticated. On the other hand, in this embodiment, since the access control device 230 is provided separately from the CPU 202, the legitimacy of the CPU 202 can be authenticated even if such an illegal act is performed.

  Further, in the case where the CPU 202 which is a one-chip type microprocessor made of DIP or the like is employed, the CPU 202 is newly developed, designed, etc. in the configuration in which the circuit for realizing the access restriction function of the access control device 230 is built in the CPU 202. And must not be applied to existing CPUs. On the other hand, in this embodiment, it is only necessary to connect the access control device 230 to the CPU 202, so that the present invention can also be applied to an existing CPU.

  Further, in the present embodiment, the access control unit 238 only registers the register 234 when the instruction code string input from the input unit 231 is a permitted instruction code string and the address of the instruction code string is a permitted address. 236 is permitted.

  As a result, an illegally rewritten instruction code string, an instruction code string whose contents have been changed due to a bit error, or an instruction code string stored at an illegal address are executed, whereby the data in the registers 234 and 236 are illegally stored. Since the possibility of being rewritten or read can be reduced, the possibility of an unauthorized operation can be further reduced.

  Further, in the present embodiment, fraud notification is performed according to the status of access control by the access control device 230.

  Thereby, it is possible to grasp that there is a possibility that an illegal operation has been performed.

  Further, in the present embodiment, the access control device 230 is applied to the CPU 202 of the main control unit 2a.

  As a result, the possibility that the CPU 202 of the main control unit 2a operates illegally can be reduced. Since the main control unit 2a performs main control that is the basis of the game, the security effect is high.

[Second Embodiment]
Next, a second embodiment of the present invention will be described with reference to the drawings. FIG. 21 to FIG. 23 are diagrams showing a second embodiment of the gaming machine, the access control program, and the game control method according to the present invention.

  The present embodiment is based on the check value calculated from the instruction code string in addition to the instruction code string and its address executed by the CPU core 203, compared to the first embodiment. The point of controlling access is different. Hereinafter, only the parts different from the first embodiment will be described, and the same parts as those in the first embodiment will be denoted by the same reference numerals and the description thereof will be omitted.

[Configuration of main controller]
First, the configuration of the main control unit 2a will be described.

  FIG. 21 is a block diagram showing a configuration of the main control unit 2a.

  As shown in FIG. 21, the CPU 202 includes a CPU core 203, ROM 204, RAM 206, security inspection circuit 208, I / F 210, 212, and timer 214, and a check value calculation unit 218 that calculates a check value from an instruction code string. Configured. These are connected to each other via a bus 216.

The check value calculation unit 218 acquires an instruction code string from the ROM 204. Then, a check value for checking the validity of the instruction code string is calculated from the acquired instruction code string. The check value is used for access control by the access control unit 238. Here, the check value is a value calculated from a part or all of the instruction code or instruction code string stored in the ROM 204, a part of one instruction code, or a combination thereof. The check value calculation unit 218, for example, performs an operation using a hash function, parity check, and cyclic redundancy check (CRC (Cyclic Redundancy) on all instruction code strings stored in the ROM 204.
Check)) or error detection calculation such as checksum is performed to calculate a check value. As described above, the check value is calculated from the instruction code string actually stored in the ROM 204. Therefore, by performing verification using the check value, it is possible to detect unauthorized rewriting of the instruction code sequence stored in the ROM 204, unauthorized replacement of the ROM 204, or the like.

  The input unit 231 inputs the instruction code string executed by the CPU core 203 and its address, and the check value calculated by the check value calculation unit 218 from the I / F 212. At this time, the check value may be divided and input. In this case, the check values are combined by combining the divided data.

  In the access control unit 238, the instruction code string input from the input unit 231 is a permitted instruction code string, the address of the instruction code string is a permitted address, and the check value input from the input unit 231 is a check value. Access to the registers 234 and 236 is permitted only when there is a predetermined relationship with the expected value. The predetermined relationship is, for example, that the check value matches the expected value, that the calculated value obtained by calculating one of the check value and the expected value by the predetermined calculation method matches the other, the check value and the expected value Means that there is a magnitude relationship or other correlation. In this way, by combining the collation of the instruction code string and address with the collation of the check value, the possibility of an illegal operation can be further reduced.

  The expected value used by the access control unit 238 for verification is stored in the access control unit 238 in advance (for example, at the time of manufacture). In addition, an expected value used for collation by the access control unit 238 may be transmitted to the access control unit 238 from another component unit. The other components are, for example, a CPU core 203 and a dedicated processing unit (hereinafter referred to as an expected value calculation unit) for generating an expected value of a check value. The CPU core 203 and the expected value calculation unit may transmit an expected value stored in advance to the access control unit 238, or may generate an expected value for each matching process. Further, a coefficient or the like necessary for calculating an expected value may be received from an external device via the I / F 210 to the CPU core 203 or the expected value calculation unit. As described above, if the expected value is not stored in advance in the access control unit 238 and is input from another component unit, the check value of the ROM 204 can be changed later.

[Check value calculation processing]
Next, a check value calculation process executed by the check value calculation unit 218 will be described.

  FIG. 22 is a flowchart showing the check value calculation process.

  When the check value calculation unit 218 executes the check value calculation process, first, as shown in FIG. 22, the process proceeds to step SS600.

  In step SS600, it is determined whether or not a check value acquisition request has been received from the access control unit 238. When it is determined that a check value acquisition request has been received (Yes), the process proceeds to step SS602, but this is not the case. (No), the process waits at step SS600 until a check value acquisition request is received.

  In step SS602, an instruction code string is read from the ROM 204, the process proceeds to step SS604, the check value is calculated by performing the error detection operation on the read instruction code string, and the process proceeds to step SS606. The value is transmitted to the access control unit 238, and the check value calculation process ends.

[Access control processing]
Next, an access control process executed by the access control unit 238 will be described.

  FIG. 23 is a flowchart showing the access control process.

  When executing the access control process, the access control unit 238 first proceeds to step SS700 as shown in FIG.

  In step SS700, it is determined whether or not a read request for the registers 234 and 236 has been input from the I / F 212. When it is determined that a read request has been input (Yes), the process proceeds to step SS702 and the CPU core 203 determines that the read request has been input. The instruction code string to be executed and its address are input from the input unit 231 and the process proceeds to Step SS704.

  In step SS704, it is determined whether or not the input instruction code string is a permitted instruction code string. When it is determined that the input instruction code string is a permitted instruction code string (Yes), the process proceeds to step SS706 and the input address is permitted. It is determined whether the address is an address, and when it is determined that the address is a permitted address (Yes), the process proceeds to step SS708.

  In step SS708, a check value acquisition request is transmitted to the check value calculation unit 218, the process proceeds to step SS710, the check value is input from the input unit 231 as a response, and the process proceeds to step SS712.

  In step SS712, the expected value of the check value is acquired by reading the expected value stored in the access control unit 238 or by receiving the expected value generated by the CPU core 203 or the expected value calculating unit. The process proceeds to step SS714.

  In step SS714, it is determined whether or not the input check value matches the input expected value. If it is determined that the check value matches the expected value (Yes), the process proceeds to step SS716.

  In step SS716, the data held in the registers 234 and 236 are read out, the process proceeds to step SS718, and the read data is output to the I / F 212. The output data is held in the register 203c of the CPU core 203 via the I / F 212.

  Next, the process proceeds to step SS720, where it is determined whether a write request for the register 236 is input from the I / F 212. When it is determined that a write request is input (Yes), the process proceeds to step SS722, and the CPU The instruction code sequence executed by the core 203 and its address are input from the input unit 231, and the process proceeds to step SS 724.

  In step SS724, it is determined whether or not the input instruction code string is a permitted instruction code string. When it is determined that the input instruction code string is a permitted instruction code string (Yes), the process proceeds to step SS726 and the input address is permitted. It is determined whether or not it is an address, and when it is determined that the address is a permitted address (Yes), the process proceeds to step SS728.

  In steps SS728 to SS732, processing similar to that in steps SS708 to SS712 is executed, and the process proceeds to step SS734.

  In step SS734, it is determined whether or not the check value matches the expected value. If it is determined that the check value matches the expected value (Yes), the process proceeds to step SS736.

  In step SS736, the data held in the register 203c of the CPU core 203 is input from the I / F 212, the process proceeds to step SS738, the input data is written in the register 236, and the access control process is terminated.

  On the other hand, when it is determined at step SS734 that the check value does not match the expected value (No), when it is determined at step SS726 that it is not a permitted address (No), it is determined at step SS724 that it is not a permitted instruction code string. When it is determined (No) and when it is determined in Step SS720 that the write request is not input (No), the access control process is terminated without writing data to the register 236. At this time, the CPU core 203 may receive a notification from the access control device 230 and perform an unauthorized notification.

  On the other hand, when it is determined at step SS714 that the check value does not match the expected value (No), when it is determined at step SS706 that it is not a permitted address (No), it is determined at step SS704 that it is not a permitted instruction code string. (No) and when it is determined in step SS700 that no read request is input (No), the data held in the registers 234 and 236 are not output to the I / F 212, and the process returns to step SS720. Transition. At this time, the illegal value is held in the register 203c of the CPU core 203. However, when the value is a predetermined value, the CPU core 203 may make an unauthorized notification.

[Effect of this embodiment]
Thus, in this embodiment, the CPU 202 includes the check value calculation unit 218 that calculates the check value from the instruction code string stored in the ROM 204, and the access control unit 238 receives the instruction code input from the input unit 231. Only when the column is a permitted instruction code string, the address of the instruction code string is a permitted address, and the check value input by the input unit 231 has a predetermined relationship with the expected value of the check value, the register 234 236 is permitted.

  Thereby, it can be detected that the instruction code string stored in the ROM 204 has been illegally rewritten. Further, by combining the collation of the instruction code string and address with the collation of the check value, the possibility of an illegal operation can be further reduced. Note that check value verification is performed in combination with instruction code string and address verification, so that even if an error detection operation (for example, parity check) with a relatively low processing load is used for calculation of the check value, a certain degree of accuracy can be obtained. Obtainable.

[Other Embodiments]
In the second embodiment, the access control device 230 is configured to calculate the check value from the instruction code string. However, the present invention is not limited to this, and the following three configurations can be employed.
(1) First Configuration In the first configuration, a check value is calculated from data stored in the ROM 204 (hereinafter referred to as first calculation basic data) instead of an instruction code string. The first calculation basic data is, for example, a predetermined fixed value stored in the ROM 204. The first calculation basic data is not limited to a fixed value, and may be fluctuation data that can accurately predict data values before and after the fluctuation. To be able to accurately predict the data values before and after the fluctuation specifically refers to, for example, a case where the fluctuation range is fixed or a fluctuation rule is fixed.

  The check value calculation unit 218 reads the first calculation basic data from the ROM 204 and calculates the check value from the read first calculation basic data.

  The access control unit 238 stores the expected value of the first calculation basic data in advance. The access control unit 238 calculates a check value from the expected value, and determines whether the check value input by the input unit 231 has a predetermined relationship with the calculated check value. In addition, it may be determined whether the check value input by the input unit 231 has a predetermined relationship with the expected value. Note that access control may be performed based on both the check value calculated from the instruction code string and the check value calculated from the first calculation basic data. As a result, it is possible to detect that the ROM 204 has been replaced with an illegal one.

(2) Second Configuration In the second configuration, a check value is calculated from an execution result of an instruction code sequence executed by the CPU core 203 (hereinafter referred to as second calculation basic data) instead of an instruction code sequence. The second calculation basic data is, for example, the value of the flag register of the CPU core 203. Note that the second calculation basic data is not limited to the value of the flag register, and is a return value of a function that returns the first value when the instruction code string is correctly executed, and otherwise returns the second value. Also good.

  The check value calculation unit 218 acquires second calculation basic data from a flag register or the like, and calculates a check value from the acquired second calculation basic data.

  The access control unit 238 can be configured in the same manner as in the first configuration. Note that access control may be performed based on the check value calculated from the first calculation basic data.

  Further, the second calculation basic data may be used as it is without calculating the check value from the second calculation basic data. That is, the access control unit 238 has the instruction code string input from the input unit 231 as a permitted instruction code string, the address of the instruction code string is a permitted address, and the second calculation basic data is a predetermined value. Allow access only at certain times.

  As a result, there is a possibility that the data in the registers 234 and 236 may be illegally rewritten or read by executing an illegally rewritten instruction code string or an instruction code string whose contents have changed due to a bit error. Since it can reduce, possibility that an unauthorized operation will be performed can further be reduced.

(3) Third Configuration In the third configuration, a check value is calculated from the address of the instruction code string (hereinafter referred to as third calculation basic data) instead of the instruction code string.

  The check value calculation unit 218 acquires third calculation basic data from the bus 216 or the like, and calculates a check value from the acquired third calculation basic data.

  The access control unit 238 can be configured in the same manner as in the first configuration. Note that access control may be performed based on a check value calculated from one or both of the first calculation basic data and the second calculation basic data.

  In the second embodiment, the access permission condition is that the instruction code string input by the input unit 231 is a permitted instruction code string, the address of the instruction code string is a permission address, and the input The check value input in the unit 231 has a predetermined relationship with the expected value of the check value. However, the present invention is not limited to this. (1) The instruction code string input in the input unit 231 is a permitted instruction code string. 2) that the address of the instruction code string is a permitted address, or (3) that the check value input by the input unit 231 has a predetermined relationship with the expected value of the check value, or any two combinations It can also be. Even when the first calculation basic data or the second calculation basic data is used, the access permission condition can be set in any combination with (1) to (3). Also in the first embodiment, the access permission condition can be set in (1) or (2).

  In the first and second embodiments, the access control unit 238 is configured to control access to the registers 234 and 236. However, the present invention is not limited to this, and a specific address of the registers 234 and 236 is used. It can also be configured to control access to the space.

  Thus, by controlling access to the address space in which important information such as confidential information is stored in the registers 234 and 236, the possibility that the important information is illegally rewritten or read is reduced. Therefore, the possibility of unauthorized operation can be further reduced.

  In the first and second embodiments, the read, execute, determination and other processes are performed in units of instruction code strings. However, the present invention is not limited to this, and read and execute in units of instruction codes. Further, it can be configured to perform determination and other processing. The same applies to the other embodiments described above. As a representative example, access is permitted only when the input instruction code is a previously permitted code and the address of the instruction code is a permitted address. For the combination of access permission conditions, the same combination as in the case of the instruction code string can be adopted.

  In the first and second embodiments, only one access control device 230 is provided. However, the present invention is not limited to this, and a plurality of access control devices 230 may be provided. In the case of two units, for example, the first access control device includes an input unit 231, a calculation unit 232, a register 234, and an access control unit 238. The second access control apparatus includes an input unit 231, a calculation unit 232, a register 236, and an access control unit 238. In this case, the access control unit 238 may be provided only in one of the access control devices.

  In the second embodiment, the check value calculation unit 218 is configured to calculate the check value in response to the check value acquisition request. However, the present invention is not limited to this, and the check value calculation unit 218 checks when a predetermined condition is satisfied. A value may be calculated, and the calculated check value may be transmitted to the access control unit 238.

  In the first and second embodiments, the CPU 202 is configured by providing the two I / Fs 210 and 212. However, the present invention is not limited thereto, and may be configured by providing only one I / F. However, a larger number of I / Fs may be provided.

  In the first and second embodiments, the CPU 202 is configured to output the instruction code string and its address independently of the control command. However, the present invention is not limited to this, and the instruction code string and its address are not limited thereto. Can be added to the control command and output. In this case, the input unit 231 inputs a control command, and inputs an instruction code string and its address added to the input control command. The instruction code string and its address can be added to arbitrary or specific control commands.

  When a random number is read from the register 234 of the access control device 230 in the configuration added to the control command, the output timing of the instruction code string and its address may not match the read timing of the random number depending on the type of the control command. . For example, when adding to a jackpot command transmitted during the jackpot, the instruction code string and its address are output during the jackpot, whereas the jackpot decision random number must be read before the jackpot occurs. Thus, for example, the following two configurations can be adopted as the configuration of the access control device 230.

  In the first configuration, when authentication is obtained at the time of transmission of the control command, authentication is not performed only for access of a predetermined number of times. The predetermined permission count may start counting from the first access after the authentication is obtained, or may start counting after a predetermined number of accesses after the authentication is obtained. In the latter case, access before the start of counting is prohibited. Therefore, a predetermined number of dummy accesses are required after authentication. If this number is not known, access to the registers 234 and 236 cannot be made even if authentication is obtained, so that the possibility of unauthorized operation can be reduced. .

  In the second configuration, when authentication is obtained when the control command is transmitted, authentication is not performed only within a predetermined permission period. The predetermined permission period may be started immediately after the authentication is obtained, or may be started after a predetermined time elapses after the authentication is obtained. In the latter case, access before starting is prohibited. Further, when there is an access before the start, subsequent access may be prohibited. Therefore, it is necessary to wait for a predetermined time after the authentication. If this time is not known, the registers 234 and 236 cannot be accessed even if the authentication is obtained, so that the possibility of an unauthorized operation can be reduced.

  In the first and second embodiments, at least one of the instruction code and the instruction code string may be encrypted and used.

  In the first and second embodiments, the case where the control program stored in advance in the ROM 204 is executed when executing the game control processing shown in the flowcharts of FIGS. 9 to 13 has been described. However, the present invention is not limited to this, and the program may be read from the storage medium storing the program showing these procedures into the RAM 206 and executed. The same applies to the processing shown in the flowcharts of FIGS.

  Here, the storage medium is a semiconductor storage medium such as RAM or ROM, a magnetic storage type storage medium such as FD or HD, an optical reading type storage medium such as CD, CDV, LD, or DVD, or a magnetic storage type such as MO. / Optical reading type storage media, including any storage media that can be read by a computer regardless of electronic, magnetic, optical, or other reading methods.

  FIG. 24 is a diagram showing an authentication operation sequence of the main control unit 2a of the pachinko machine based on the jackpot reach command. When the control command is a predetermined command (ie, jackpot reach command), the encrypted authentication data is added and then transmitted from the main control unit 2a.

  When a control command is stored (S1) and the control command is a jackpot reach command, authentication data including a verification value is generated (S2). The generated authentication data is encrypted by a predetermined encryption algorithm (S3). The jackpot reach command to which the authentication data is added is transmitted from the main control unit 2a to the peripheral unit 3a (S4, S5).

The jackpot reach command to which the authentication data is added is received by the peripheral part (S6). Then, the jackpot reach command to which the authentication data is added is transmitted from the peripheral unit 3a to the authentication unit 3b via the bus 3c (S7, S8).
Further, processing based on the jackpot reach command is performed in the peripheral portion 3a (S9).

  The jackpot reach command to which the authentication data is added is received by the authentication unit 3b (S10). In the authentication unit 3b, after the decryption process is performed, the authentication process using the authentication data is performed (S11). In the case of authentication OK, the processing is continued as it is.

  If the authentication is not OK (No in S13), a notification signal is output via the bus 3c (S14, S15). This notification signal is received by the peripheral portion 3a (S16). Then, it is informed that the main control unit 2a is not valid (S17).

Here, the authentication process in the authentication unit 3b will be described in more detail. For example, when the verification value is “0x12”, encrypted authentication data “0x21” is obtained by the predetermined encryption algorithm as shown in the following formula (1).
0x21 = 0x12 xor 0x33 (1)

When the effect control unit 300 receives the jackpot reach command, the encrypted authentication data added to the received command is acquired through steps S704 and S706, and the acquired encrypted authentication data is obtained by a predetermined decryption algorithm. Decrypted.
When the encrypted authentication data “0x21” obtained by the above equation (1) is decrypted by a predetermined decryption algorithm, the verification value “0x12” is obtained by the following equation (2).
0x12 = 0x21 xor 0x33 (2)

  When the verification value is obtained, an expected value “0x12” that is the same value as the verification value generated by the main control unit 2a is read through step S708. Then, through step S710, the verification value obtained by decoding is collated with the expected value. At this time, since the verification value “0x12” obtained by the above equation (2) matches the expected value “0x12”, authentication is obtained, and the control command is stored in the reception buffer through step S712. Then, processing is executed based on the received control command.

  On the other hand, if an unauthorized act such as an unauthorized control board is connected between the main control board and the production control board, even if the unauthorized control board sends a control command to the production control board, In the effect control unit 300, since the encrypted authentication data is not added to the received command, the verification value does not match the expected value, and there is a high possibility that the authentication cannot be obtained. As a result, the received control command is discarded through steps S716 and S718, and the fraud notification process is executed (that is, it is notified that the main control unit is not valid).

  Even if an unauthorized control board adds some authentication data and transmits a control command to the production control board, the production control unit 300 cannot obtain an appropriate verification value, so that the verification value matches the expected value. Therefore, there is a high possibility that authentication will not be obtained.

  It should be noted that the order in which the processes are performed is not limited for the transmission of the control command to the authentication unit in the peripheral part and the process based on the control command in the peripheral part. That is, as shown in FIG. 24, the control command may be transmitted to the authentication unit first, and then the process based on the control command may be performed. The order may be such that the processing is performed first and then the control command is transmitted to the authentication unit.

  Similarly, the order in which the processing is performed is not limited for the processing based on the control command in the peripheral portion and the authentication processing using the authentication data in the authentication portion. In other words, the processing based on the control command may be performed first, and then the authentication processing using the authentication data may be performed, or vice versa.

FIG. 25 is a sequence diagram illustrating an operation based on a control command other than the jackpot reach command. As shown in FIG. 25, when a control command other than the jackpot reach command is stored (S151), a normal control command to which no authentication data is added is transmitted from the main control unit 2a to the peripheral unit 3a (S152, S153). The control command is received by the peripheral part (S154), and processing based on the control command is performed (S155). Control commands other than the jackpot reach command are not transmitted from the peripheral unit 3a to the authentication unit 3b.
[Timing of authentication operation]

  Incidentally, the main control unit 2a normally outputs a plurality of control commands at intervals. In the following, a case where the main control unit 2a outputs the second jackpot reach command after outputting the first jackpot reach command is taken as an example, and the main control unit 2a outputs a plurality of control commands at intervals. The timing of the authentication operation when outputting will be described with reference to FIGS. 26 and 27. FIG.

  FIG. 26 shows the timing when the presentation or pre-processing or post-processing is executed when the main control unit 2a outputs the second jackpot reach command after outputting the first jackpot reach command, and the authentication unit 3b It is a 1st figure which shows the timing which performs an authentication process. FIG. 27 shows the timing when the presentation or pre-processing or post-processing is executed when the main control unit 2a outputs the second jackpot reach command after outputting the first jackpot reach command, and the authentication unit 3b It is a 2nd figure which shows the timing which performs an authentication process.

  When the main controller 2a outputs the first jackpot reach command, the main controller 2a outputs first authentication data associated with the first jackpot reach command. Further, when outputting the second jackpot reach command, the main control unit 2a outputs second authentication data associated with the second jackpot reach command together with the second jackpot reach command.

  At this time, the second jackpot reach command may be output from the main control unit 2a after the authentication operation for the first authentication data associated with the first jackpot reach command is performed. For example, as shown in FIG. 26, the authentication unit 3b determines that the main control unit 2a is valid based on the first authentication data after the presentation based on the first jackpot reach command or the execution period t41 of pre-processing or post-processing. Is determined in the period t42. After that, after the presentation based on the second jackpot reach command or the execution period t43 of the pre-processing or post-processing, it is determined in the period t44 whether or not the main control unit 2a is valid based on the second authentication data. .

  In contrast, the main controller 2a outputs the second jackpot reach command from the main controller 2a before the authentication operation for the first authentication data associated with the first jackpot reach command is performed. There is a case. In that case, as shown in FIG. 27, the authentication unit 3b performs the main control unit 2a based on the first authentication data after the presentation based on the second jackpot reach command or the execution period t42 ′ of the pre-processing or post-processing. Is determined in the period t43 ′ as to whether or not is valid. Thereafter, based on the second authentication data, it is determined in a period t44 'whether or not the main control unit 2a is valid.

  In any case, as is clear from FIG. 26 and FIG. 27, the authentication unit 3b is associated with the jackpot reach command after an effect based on the jackpot reach command or a period during which pre-processing or post-processing is executed. Based on the authentication data, the main control unit 2a determines whether or not it is valid.

  As described above, the pachinko machine according to the present embodiment includes the authentication unit 3b that determines whether or not the main control unit 2a is valid separately from the peripheral unit 3a, so that the burden on the peripheral unit 3a is reduced. Therefore, it is possible to determine whether the main control unit 2a is legitimate by increasing the strength of security compared to the conventional case.

  In addition, the authentication unit 3b is configured so that the main control unit 2a performs, based on the authentication data output from the main control unit 2a together with the jackpot reach command, after the effect based on the jackpot reach command or the period in which pre-processing or post-processing is executed. Determine if it is legitimate. Therefore, even if the capacity of the authentication data is large, the authentication unit 3b can perform the authentication operation independently of the operation of the peripheral unit 3a. Therefore, the pachinko machine according to the present embodiment can determine whether or not the main control unit 2a is legitimate by increasing the strength of security compared to the conventional one.

  In the embodiment described above, the peripheral board 3 has the bus 3c, which is the only communication path used for signal exchange between the peripheral part 3a and the authentication part 3b. However, as shown in FIG. 28, the peripheral board 3 does not have the bus 3c, but the bus 3d and the bus 3e which are two communication paths used for signal exchange between the peripheral part 3a and the authentication part 3b. You may have. In this case, the peripheral unit 3a outputs authentication data to the authentication unit 3b via one of the communication paths (for example, the bus 3d), and the authentication unit 3b determines whether the main control unit 2a is valid. Is output to the peripheral portion 3a via the other communication path (for example, the bus 3e).

  Further, a memory having a program for causing a computer to realize the functions of the main control unit 2a and a computer for executing the program may be provided on the main control board 2. In this case, the function of the main control unit 2a is realized by the computer executing the program.

  A memory having a program for causing the computer to realize the functions of the peripheral unit 3a and a computer for executing the program may be provided on the peripheral board 3. In this case, the function of the peripheral portion 3a is realized by the computer executing the program.

A memory having a program for causing the computer to realize the function of the authentication unit 3b and a computer that executes the program may be provided on the peripheral board 3. In this case, the function of the authentication unit 3b is realized by the computer executing the program.
[Authentication method]

In the gaming machine described above, the following authentication method is employed. In other words, a jackpot reach command for specifying a variation pattern for performing a reach effect among the variation patterns selected for the jackpot and outputting authentication data for authenticating itself is output. An authentication method for authenticating the main control unit in a gaming machine comprising a main control unit that performs and a peripheral unit that controls execution of the effect or the pre-processing or post-processing based on the jackpot reach command, A connected device authentication step (corresponding to S104 in FIG. 9) for authenticating a device connected to the data processing means, and an acquisition step (in FIG. 24) where the authentication unit acquires the authentication data via the peripheral portion. S8, and the corresponding) to S10, using the authentication data acquired in said acquisition step, based on the jackpot reach command After a period whose serial presentation or the pretreatment or post-treatment is performed, the authentication step (FIG. 24 the authentication unit the main control unit is provided whether valid downstream of the peripheral portion is determined (Corresponding to S12). When this authentication method is adopted, the connected device authentication is performed by the CPU as the data processing means and the access control device, and the authentication unit that determines whether the main control unit is valid performs authentication. It is possible to determine whether or not the main control unit is legitimate by increasing the security strength as compared with the prior art. Further, by further including a notification signal output step (corresponding to S14 to S17 in FIG. 24) that outputs a signal for notifying the authentication result when it is determined that the main control unit is not valid in the authentication step. Pachinko hall employees and players can easily recognize the situation.

In the authentication step, it may be determined whether or not the main control unit is valid after the period based on the presentation based on the jackpot reach command or the pre-processing or post-processing. Even if the capacity of the authentication data is large by determining whether the main control unit is legitimate after the period based on the jackpot reach command or the period in which pre-processing or post-processing is executed, Can perform the authentication operation independently. Therefore, it is possible to determine whether or not the main control unit is legitimate by increasing the strength of security compared to the conventional case.
〔program〕

Moreover, in order to implement | achieve the said authentication method, you may make a computer run the program containing each step of the said authentication method. When this program is executed by a computer, connected device authentication is performed by the CPU that is the data processing means and the access control device, and authentication is performed by the authentication unit that determines whether the main control unit is valid. It is possible to determine whether or not the main control unit is legitimate by reducing the burden on the unit and increasing the strength of security compared to the conventional one. When it is determined in the authentication step that the main control unit is not valid, it may further include a notification signal output step of outputting a signal for notifying the authentication result. This makes it easier for employees and players of pachinko halls to recognize the state.
[Modification]

  In the above-described embodiment, the case where the peripheral unit 3a performs notification that the main control unit 2a is not valid has been described. However, a notification unit for the notification is provided, and the notification unit is the peripheral unit 3a. Notification may be performed instead of. For example, as shown in FIG. 29 and FIG. 30, a notification unit 4 that notifies that the main control unit 2a is not valid may be provided separately from the peripheral unit 3a. When the notification unit 4 receives a signal indicating that the main control unit 2a is not valid from the peripheral unit 3a, the notification unit 4 notifies the outside of the pachinko machine to that effect.

29 is a diagram illustrating a configuration in which the notification unit 4 is added to the configuration illustrated in FIG. FIG. 30 is a diagram showing a configuration in which a notification unit 4 is added to the configuration shown in FIG. In either case of FIG. 29 or FIG. 30, the notification unit 4 performs notification by displaying on a liquid crystal (not shown) or notification by turning on a lamp or the like. Not only visual notification by turning on or blinking a liquid crystal display or a lamp, but also auditory notification by outputting sound from a speaker (not shown) and tactile notification by vibrating a vibrator (not shown). You may go. Moreover, you may perform combining these alerting | reporting.
Further, the peripheral unit 3a may simply pass the authentication data from the main control unit 2a without receiving it and allow the authentication unit 3b to receive it.

  Further, in the above-described embodiment, the gaming machine of the present invention has been described by taking a pachinko machine as an example. However, the gaming machine of the present invention is not limited to a pachinko machine. Examples of the gaming machine of the present invention include a pachislot machine, an amusement game machine, and the like having an execution unit that executes an effect relating to a game. In that case, a gaming machine such as a pachislot machine or an amusement game machine has a main control unit 2a, a peripheral unit 3a, and an authentication unit 3b.

DESCRIPTION OF SYMBOLS 1 Game board 2 Main control board 2a Main control part 3 Peripheral board 3a Peripheral part 3b Authentication part 3c-3e Bus 4 Notification part 100 Game control apparatus 101 Game area 102a, 102b Rail 104 Symbol display part 105 Start winning opening 106 Winning gate 107 Normal winning port 108 Collection port 109 Large winning port 201 Main control unit 202 CPU
202a Production control unit 203 CPU core 203a Control unit 203b Calculation unit 203c Register 203d Prize ball control unit 204 ROM
206 RAM
210 I / F
216 Bus 218 Check value calculation unit 230 Access control device 231 Input unit 232 Calculation unit 234, 236 Register 238 Access control unit 280 Start winning port detection unit 282 Gate detection unit 284 Normal winning port detection unit 286 Large winning port detection unit 288 Large winning a prize Mouth opening / closing unit 300 Production control unit 302 CPU
304 ROM
306 RAM
308 VRAM
310 I / F
311 Control command storage unit 312 Addition unit 313 Recording unit 314 Production related device group 314a Transmission unit 321 Reception unit 322 Authentication unit 323 Notification signal output unit 380 Speaker 382 Audio control unit 384 Lamp 386 Lamp control unit 400 Prize ball control unit 402 CPU
404 ROM
406 RAM
410 I / F
414 Prize ball-related device group 480 Dispensing unit 482 Launching unit 500 Control command 501 Control data 502 Authentication data

Claims (15)

A lottery means for performing a lottery upon establishment of a predetermined condition, a symbol changing means for variably displaying a symbol by a symbol display means, and a special prize after the symbol is stopped in a predetermined manner based on a lottery result of the lottery means A gaming machine comprising a main control unit having a special state generating means for generating a state, a data processing device for performing data processing on a game, and an access control device for controlling access by the data processing device,
The data processing device includes:
Data processing means;
Output means for outputting information relating to instructions executed by the data processing means to the outside,
The access control device
Storage means for storing data for performing the data processing;
Input means for inputting information on the command from the output means;
Access control means for controlling access to the storage means by the data processing device based on information relating to an instruction input by the input means;
The main control unit
Output a jackpot reach command for specifying a variation pattern for performing a reach effect among the variation patterns selected at the time of the jackpot, and authentication data for authenticating that it is valid,
further,
With the output of the main control unit as an input, controlling the performance based on the jackpot reach command or the pre-processing or post-processing of the performance, and a peripheral section that outputs the authentication data;
The main control is provided based on the authentication data output from the peripheral portion after the stage based on the jackpot reach command, or after the period in which the pre-processing or post-processing is executed, provided in the subsequent stage of the peripheral portion A gaming machine comprising: an authentication unit that determines whether or not the unit is legitimate. In claim 1,
When the access control means determines that the access permission condition is satisfied based on the information related to the command input by the input means, the access control means permits access to the storage means and determines that the access permission condition is not satisfied Is a game machine that restricts access to the storage means. In claim 2,
The output means outputs an instruction code or an instruction code string executed by the data processing means,
The gaming machine characterized in that the access permission condition includes that the instruction code or instruction code string input by the input means is a predetermined code or code string. In any one of Claim 2 and 3,
The data processing device includes:
Further comprising instruction code storage means for storing an instruction code executed by the data processing means;
The output means outputs storage position information indicating a storage position in the instruction code storage means of an instruction code or an instruction code sequence executed by the data processing means;
The access permission condition includes that the storage position of the storage position information input by the input means is a predetermined storage position. In any one of Claim 2 and 3,
The data processing device includes:
Instruction code storage means for storing an instruction code executed by the data processing means;
An arithmetic means for performing a predetermined operation using at least a part of the instruction code or the instruction code string stored in the instruction code storage means;
The output means outputs a calculation result of the calculation means;
The gaming machine according to claim 1, wherein the access permission condition includes that the calculation result input by the input means is a predetermined result. In any one of Claim 2 and 3,
The data processing device includes:
Instruction code storage means for storing an instruction code executed by the data processing means;
A calculation unit that performs a predetermined calculation using a predetermined fixed value stored in the instruction code storage unit;
The output means outputs a calculation result of the calculation means;
The gaming machine according to claim 1, wherein the access permission condition includes that the calculation result input by the input means is a predetermined result. In any one of Claims 2 thru | or 6,
The output means outputs execution result information indicating an execution result of an instruction code or an instruction code sequence executed by the data processing means;
The gaming machine characterized in that the access permission condition includes that the execution result of the execution result information input by the input means is a predetermined result. In any one of Claims 1 thru | or 7,
The access control means controls access to a specific address space in the storage means. In any one of Claims 1 thru | or 8,
A gaming machine, further comprising a control status notification means for notifying a status of access control by the access control means. The gaming machine according to any one of claims 1 to 9, wherein when the main control unit is determined not to be valid, the peripheral unit notifies that fact. The gaming machine according to any one of claims 1 to 10, characterized in that it comprises a single path used for signal exchange between the authentication unit and the peripheral unit. Provided with two paths used for signal exchange between the peripheral part and the authentication part,
The peripheral unit outputs the authentication data to the authentication unit through one of the paths,
The said authentication part outputs the result of the judgment about whether the said main control part is valid by the other of the said path | route to the said peripheral part, The one of Claim 1 thru | or 11 characterized by the above-mentioned. Game machines. A jackpot reach command that is applied to the gaming machine according to claim 1 and designates a variation pattern for performing a reach effect among variation patterns selected at the time of a jackpot, and authentication data for authenticating that the player is valid Is an authentication method for authenticating the main control unit in a gaming machine comprising an output based on the jackpot reach command and a peripheral unit that controls execution of pre-processing or post-processing of the effect. And
A connected device authentication step for authenticating a device connected to the data processing means, and an output step for outputting information relating to a command executed by the data processing means to the outside;
An input step of inputting information relating to the command from the output means;
An access control step for controlling access to the storage means by the data processing device based on information relating to the instruction input in the input step;
An acquisition step in which the authentication unit acquires the authentication data via the peripheral unit;
Using the authentication data acquired in the acquisition step, the peripheral unit determines whether the main control unit is valid after the stage based on the jackpot reach command or the period in which the pre-processing or post-processing is executed. And an authentication step that is determined by the authentication unit provided in a subsequent stage . The authentication method according to claim 13 , further comprising a notification signal output step of outputting a signal for notifying the authentication result when the main control unit is determined not to be valid in the authentication step. A program for causing a computer to execute each step of the authentication method according to claim 13 or 14 .

Images