JP5218338B2 - Information transmission system - Google Patents

Description

  The present invention relates to an information transmission system that transmits information using an information code.

  Currently, an information transmission method is widely used in which a mobile terminal such as a mobile phone reads a two-dimensional code so that the mobile terminal acquires various types of information. For example, if a WEB address is stored in a two-dimensional code, a portable terminal that reads the two-dimensional code can acquire the WEB address, and prompts the person who owns the portable terminal to access the WEB address. be able to.

JP 2008-48135 A

  By the way, since the standardized two-dimensional code that is widely used at present can be read by anyone with a reading device in general, it is difficult to use it so that only a specific person can read it. And there were restrictions on the service. For example, in the case of providing a service that provides useful specific information only to authorized persons, information transmission is performed such that the specific information to be provided is two-dimensionally encoded and then read by the portable terminal of the target person (permitted person). Although a method is conceivable, such a two-dimensional code can be easily deciphered even by an unauthorized third party, and there is a problem that the above service cannot be performed appropriately.

  On the other hand, as a method for solving such a problem, a partially private code having a public area and a private area (an area where encrypted data encrypted based on an encryption key is recorded) is used. A method of recording specific information in a private area of a partially private code can be considered. In this case, if a decryption key that can decrypt the private area is given to the target person (authorized person) to whom the information is to be provided, only the target person can acquire the specific information, and there is no decryption key. It becomes possible to restrict information acquisition of three parties (that is, those who are not permitted). However, when this method is used, there has been a problem of how to obtain and manage an encryption key by a target person (permitted person) who should provide information.

  The present invention has been made to solve the above-described problems, and can selectively provide specific information to an authorized person using a partially private code provided with a private area, and can also be used by an information user. It is an object to provide an information transmission system that makes it easy to obtain and manage a decryption key required for reading a partially private code, and that allows an information user to easily read a partially private code that has read authority And

The invention of claim 1 is a code generation means capable of generating a partially private code having a server, a public area, and a private area in which encrypted data encrypted based on an encryption key is recorded; An imaging unit capable of imaging the partially private code, and when the partially private code is imaged by the imaging unit, decrypts the data in the public area and the decryption corresponding to the encryption key The present invention relates to an information transmission system including a portable terminal provided with a decrypting means for decrypting data in the private area on the condition that a key is acquired.
In this information transmission system, the server includes issuing means for issuing the decryption key corresponding to the encryption key of the partially private code generated by the code generating means, and the portable terminal Each time the decryption key issued by the means is given to the portable terminal, the obtaining means for obtaining the decryption key, and a storage means for accumulating the decryption key obtained by the obtaining means ing.
Further, the decryption means attempts to decrypt the private area using each decryption key stored in the storage means when decrypting the partially private code, and any of the stored decryption keys However, when corresponding to the encryption key of the private area in the partially private code, the decryption result of the private area is output.

In addition, the mobile terminal, among the plurality of decryption keys stored in the storage means, the success key with a track record of successful decryption of the private area in the mobile terminal, the order before the unsuccessful key The order determination means determines the use order of the plurality of decryption keys stored in the storage means, and the decryption means is configured to determine the order determination means when decrypting the partially private code. The decryption keys stored in the storage means are sequentially used in accordance with the order of use determined by.

The invention of claim 2 is further characterized in that the server classifies and manages a plurality of portable terminals for each type, and sets a unique encryption key for each type classified by the management unit. And the code generating means records each encrypted data encrypted based on each unique encryption key set by the setting means in a plurality of the private areas, respectively. Some private code is generated.

According to a third aspect of the present invention, when the decrypting means decrypts each encrypted data in each private area of the partially private code, the decrypting means attempts to decrypt using each decryption key stored in the storage means sequentially. The decryption result is output only for the encryption data corresponding to any one of the decryption keys stored in the storage means among the plurality of encryption data recorded in the plurality of private areas. .

According to a fourth aspect of the present invention , at least the address data of a specific access destination and the encryption data required for access to the specific access destination are encrypted in the encrypted data of the partially private code It has a configuration.

According to a fifth aspect of the present invention, the partially private code is recorded with the first information to which a specific index is attached in the public area, and the second information having a corresponding index corresponding to the specific index in the private area. It is configured to record information. Further, the decoding means has output replacement means for replacing the first information with the second information and outputting when the decoding of the second information is successful.

In addition, the second information having the corresponding index is recorded in each private area, and each corresponding index in each private area has a priority. And when the plurality of pieces of the second information are successfully decoded, the output replacement means includes the corresponding index having a high priority among the plurality of pieces of the second information that have been successfully decoded. Instead of the first information, the second information is preferentially output.

According to a sixth aspect of the present invention, the issuing means includes distribution means for distributing the decryption key used for decoding the partially private code generated by the code generation means to a distribution target terminal. The acquisition means includes reception means for sequentially receiving the decryption key every time the decryption key is distributed from the distribution means of the server to the mobile terminal, and the storage means The decryption key received by the receiving means is sequentially stored.

The invention of claim 7 further includes a two-dimensional code generating means for generating a two-dimensional code in which the decryption key issued by the issuing means is recorded as data, and the two-dimensional code generated by the two-dimensional code generating means. Card creation means for creating a card with a two-dimensional code to be attached to the card medium and to be given to the holder of the portable terminal is provided. Then, the acquisition unit of the mobile terminal decodes the captured two-dimensional code when the two-dimensional code attached to the card with the two-dimensional code is captured by the imaging unit. Card decoding means for obtaining a decryption key is provided.

The invention of claim 8 is configured such that the two-dimensional code generation means generates the two-dimensional code with a structure including an identification number as data, and the decoding means of the portable terminal is recorded in the two-dimensional code. When the identification number matches a registered number registered in advance, the decryption key acquired from the two-dimensional code is validated.

The invention of claim 9 attaches the two-dimensional code generated by the two-dimensional code generating means and the two-dimensional code generating means for generating a two-dimensional code using the decryption key issued by the issuing means as data. A receipt creation means for creating a receipt for the product in the configuration is provided. The acquisition unit of the portable terminal decodes the captured two-dimensional code by decoding the captured two-dimensional code when the two-dimensional code attached to the receipt is captured by the imaging unit. It has a receipt decoding means to obtain.

Further, the mobile terminal generates a decryption key recording code generating means for generating an information code recording the decryption key held by the mobile terminal, and a display for displaying the information code generated by the decryption key recording code generating means Means. The two-dimensional code generation means includes reading means for reading the information code displayed on the display means, and the information code read by the reading means as the two-dimensional code to be attached to the receipt. The partial secret code having the decryption key as the encryption key is generated, and the receipt creation unit is configured to attach the partial private code generated by the two-dimensional code generation unit. The receipt is created. Further, the decryption key to be used in the other partial private code is recorded in the private area of the partial private code generated by the two-dimensional code generation means.

The invention of claim 10 is characterized in that the server classifies and manages a plurality of mobile terminals for each type, and classifies each mobile terminal so as to belong to a plurality of types by the management means. Setting means for setting a unique encryption key for each type. In addition, the code generation means is configured to perform a second operation based on two or more unique encryption keys respectively defined for two or more types or two or more cipher data that can be decrypted by the two or more unique encryption keys. Second encryption key generating means for generating two encryption keys, and the encrypted data encrypted based on the second encryption key generated by the second encryption key generating means The partially private code is generated with a configuration of recording in the public area. The portable terminal further includes second decryption key generation means for generating a second decryption key based on two or more decryption key elements, and the decryption means performs encryption based on the second encryption key. When decrypting the partial private code, the decryption result of the private area is obtained when the second decryption key generated by the second decryption key generation means corresponds to the second encryption key. It is configured to output.

In the information transmission system according to the first aspect of the present invention, code generation means capable of generating a partially private code (information code having a public area and a private area in which encrypted data is recorded), and this partially private code A mobile terminal that uses a code as a reading target code, and the mobile terminal decrypts the data in the private area on the condition that the data in the public area is decrypted and the decryption key corresponding to the encryption key is acquired. There is no. In this system, since information transmission is performed using a partially private code that can prevent information leakage of some data, the partial data can be transmitted to the mobile terminal with high confidentiality through the information code.
On the other hand, when the mobile terminal is allowed to read a partially private code, the mobile terminal needs to have a decryption key corresponding to the encryption key. However, in the present invention, the issuing means provided in the server A decryption key corresponding to the encryption key of the private code is issued, and on the mobile terminal side, every time the decryption key issued by the issuing means is given to the mobile terminal, the decryption key Is acquired and stored in the storage means. In this way, since the decryption key to be given to the mobile terminal can be stored on the mobile terminal side, the decryption key can be centrally managed in the mobile terminal, and the management burden can be suppressed.
On the premise of such a configuration, the mobile terminal side attempts to decrypt the private area using each decryption key stored in the storage means when decrypting a part of the private code. When the decryption key corresponds to the encryption key of the private area, the decryption result of the private area is output. In this way, the decryption key is centrally managed and a special burden is imposed on the necessary decryption key (for example, preparation work or search operation of the decryption key) when decrypting some private codes. It can be used quickly without being accompanied, and the convenience of the user can be effectively enhanced.

In addition, since a decryption key (success key) that has already been successfully decrypted and has a high possibility of successful decryption can be preferentially used, the possibility of successful decryption is increased and processing is faster. It is easy to be done.

According to the invention of claim 2 , a plurality of types of encrypted data can be managed by a single partially private code, and the encrypted data corresponding to the types can be provided with high security to various types of target persons. In addition, each type of target person can easily obtain the encryption data of the type to which he belongs as long as the decryption key corresponding to the encryption data of the type to which he belongs is acquired and stored in his portable terminal in advance. Can be deciphered quickly. Therefore, the convenience of both the data provider and the data user can be enhanced effectively.

According to the invention of claim 3 , the user can quickly select all types that can be decrypted by the user's own portable terminal from among a plurality of types of encrypted data (that is, the type in which the decryption key is stored in the own portable terminal). And it becomes easy to decipher.

According to the invention of claim 4 , only an authorized mobile terminal can easily access a specific access destination, and a highly convenient system in which only a specific person can easily acquire useful information is obtained. .

According to the invention of claim 5 , when the decryption key corresponding to the encryption key is not stored in the portable terminal, only the first information is output, and the decryption key corresponding to the encryption key is stored Can output the first information replaced with the second information. Therefore, a person who has a decryption key corresponding to the encryption key can smoothly acquire special information (second information) without being aware of the first information.

In addition , when a plurality of decryption keys are accumulated in the mobile terminal and a plurality of private data to which the corresponding index is attached can be decrypted by the mobile terminal, the highest priority information among them can be output. . Therefore, information with higher priority can be provided to a person who can decrypt a plurality of non-public data (second information) to which a corresponding index is attached, and the convenience of the information user can be further enhanced.

According to the sixth aspect of the present invention, a decryption key can be smoothly provided to a portable terminal (distribution target terminal) to which a decryption key is to be provided without using a special medium. In addition, on the mobile terminal side, the decryption key can be acquired without much load.

According to the seventh aspect of the present invention, the encryption key can be passed to the portable terminal that is to obtain the encryption key through the card (card with two-dimensional code). For those who have not obtained a card with a two-dimensional code and cannot obtain a decryption key, the use of the private area can be restricted, and the use of the private area can be restricted to the card (two-dimensional code). Can be managed by the presence or absence of attached cards).

According to the invention of claim 8 , the decryption key in the two-dimensional code can be used only by the portable terminal in which the identification number recorded in the two-dimensional code is registered, and the card ( When the card with the two-dimensional code is lost, the decryption key is not easily abused.

According to the invention of claim 9 , a person who has acquired a receipt with a two-dimensional code can acquire a decryption key, which improves convenience for those who have purchased goods or who have received services. System can be constructed.

In addition , it is possible to construct a system in which a decryption key used for decrypting a partially private code (other partially private code) is transmitted by another partially private code attached to the receipt. Furthermore, only a specific mobile terminal (a mobile terminal that has provided a decryption key) can decrypt a private area of a partially private code attached to the receipt, and other mobile terminals can decrypt this private area. Therefore, when the decryption key is transmitted by the receipt, the decryption key is hardly leaked to a third party, and the security can be further improved.

According to the invention of claim 10 , special information corresponding to a combination of types can be provided with high confidentiality to persons belonging to a plurality of specific types, and the degree of freedom of information provision and the convenience of information users are further enhanced. be able to.

FIG. 1 is an explanatory diagram schematically illustrating an information transmission system according to the first embodiment of the present invention. 2A is a block diagram schematically illustrating the configuration of a server used in the information transmission system of FIG. 1, and FIG. 2B is a diagram of a code issuing device used in the information transmission system of FIG. It is a block diagram which illustrates the composition roughly. FIG. 3 is a block diagram schematically illustrating the configuration of a mobile terminal used in the information transmission system of FIG. FIG. 4 is a flowchart illustrating a code issuing process performed in the information transmission system of FIG. FIG. 5 (a) is an explanatory diagram conceptually illustrating a partially private code used for information transmission, and FIG. 5 (b) is recorded in the partially private code of FIG. 5 (a). It is explanatory drawing explaining the data content and index content about public data and non-public data. 6A is an explanatory diagram illustrating the data configuration of the partially private code of FIG. 5, and FIG. 6B is an explanatory diagram illustrating the public data recorded in the public area. (C) is explanatory drawing which illustrates the encryption data recorded on a non-public area | region. FIG. 7A is an explanatory diagram conceptually illustrating customer management data recorded in the server, and FIG. 7B conceptually illustrates a data configuration of a decryption key stored in the mobile terminal. FIG. 7C is an explanatory diagram illustrating another example of the data structure of the decryption key. FIG. 8 is a flowchart illustrating a two-dimensional code reading process performed by the information transmission system of FIG. FIG. 9A is an explanatory diagram conceptually illustrating a partially private code used in the information transmission system according to the second embodiment, and FIG. 9B is a diagram illustrating each non-public code in FIG. 9A. It is explanatory drawing explaining the corresponding | compatible relationship between the encryption key and data content in a public area. FIG. 10 is an explanatory diagram for conceptually explaining a public area and data of each private area in the partially private code of FIG. 9A. FIG. 11A is an explanatory diagram for conceptually explaining the information transmission system according to the third embodiment, and FIG. 11B shows a card issuing device used in the information transmission system of FIG. It is a block diagram illustrated. FIG. 12A is an explanatory diagram conceptually illustrating the information transmission system according to the fourth embodiment, and FIG. 12B is a receipt issuing device used in the information transmission system of FIG. FIG. FIG. 13 is a flowchart illustrating the flow of receipt issuing processing performed in the information transmission system according to the fourth embodiment. FIG. 14 is a flowchart illustrating the flow of the receipt issuing process performed in the first modification of the fourth embodiment. FIG. 15A illustrates an example of a public area, each data recorded in each private area, and an index attached to each data in the partially private code used in the second modification of the fourth embodiment. FIG. 15B is an explanatory diagram for explaining an encryption key used for each private area of the partially private code. FIG. 16 is an explanatory diagram conceptually illustrating customer management data recorded in the server in the second modification. FIG. 17 is a flowchart illustrating a two-dimensional code reading process performed by the information transmission system according to the second modification.

[First embodiment]
Hereinafter, an information transmission system according to a first embodiment of the present invention will be described with reference to the drawings.
(overall structure)
First, the overall configuration of the information transmission system 1 will be described with reference to FIG. FIG. 1 is an explanatory diagram schematically illustrating the information transmission system 1 according to the first embodiment. The information transmission system 1 shown in FIG. 1 is configured as a system that transmits information from a provider (for example, a company that provides various services) to an information user who has a portable terminal. The mobile terminal 10 has a configuration.

  In the example of FIG. 1, a plurality of servers 2 (a first server 2a, a second server 2b, and a third server 2c) are provided. Each of the servers 2 is configured as shown in FIG. 2A, for example, and is configured to be able to communicate with a mobile terminal 10 described later via a communication network such as the Internet. These servers 2 are configured as, for example, a personal computer, and are configured as a control unit 3 composed of a CPU or the like, a display unit 4 composed of a liquid crystal monitor or the like, a storage unit 5 composed of ROM, RAM, HDD, etc., a mouse, a keyboard, or the like. And a communication unit 7 configured as a communication interface. 1 shows an example in which three servers 2 (first server 2a, second server 2b, and third server 2c) are connected to the communication network, the number of servers is the same as that shown in FIG. It is not limited to, For example, one may be sufficient and multiple other than three may be sufficient.

  The code issuing device 30 is configured as a device that generates a two-dimensional code. For example, as shown in FIG. 2B, a control unit 31 including a CPU, a storage unit 34 including a ROM, a RAM, an HDD, and the like. An operation unit 35 configured as a key, a touch panel, and the like, a communication unit 36 configured as a communication interface, and the like are provided. Further, in the example of FIG. 2B, a printing unit 32 configured by a known printer or the like, a display unit 32 configured as a liquid crystal monitor, and the like are provided. The code issuing device 30 may be connected to the server 2 so as to be communicable (for example, connected via a LAN or the Internet), or may be independent from the server 2 in a configuration incapable of communicating.

  The mobile terminal 10 is configured as a mobile communication device (for example, a mobile phone) having an information processing function. As shown in FIG. 3, a control unit 11 including a CPU, a light receiving sensor (for example, a C-MOS) From an image pickup unit 12 configured as a camera having an area sensor, a CCD area sensor, etc., a display unit 13 configured by a liquid crystal display, an operation unit 14 configured by various operation keys, a ROM, a RAM, a nonvolatile memory, and the like And a communication unit 16 configured as a communication interface for performing communication via a communication network such as the Internet. In addition, in FIG. 1, although the single portable terminal 10 is illustrated typically, the number of the portable terminals 10 connected to a communication network is not specifically limited, A system with the structure by which many portable terminals 10 are connected. Can be built.

(Some private code issuance processing)
Next, a process for issuing a partially private code C (code issuing process) will be described. FIG. 4 is a flowchart illustrating a code issuance process performed in the information transmission system 1 according to this embodiment.
The code issuing process shown in FIG. 4 is a process for generating and issuing a partially private code C as shown in FIG. 5A. In this embodiment, the code issuing process is performed by, for example, the code issuing device 30 shown in FIG. . In this process, first, data to be recorded in the public area Ca (public data) is acquired (S1), and data (non-public data) to be recorded in the private area Cb is acquired (S2). The data acquisition method in S1 and S2 may be any method by which the code issuing device 30 can acquire public data and non-public data. For example, when an operator inputs data to be recorded in the public area Ca or data to be recorded in the non-public area Cb using the operation unit 35 (FIG. 2B), these are made public data and private. It may be acquired as data, or may be a method of acquiring public data and non-public data (for example, receiving data from the server 2) by communication with the outside.

  The data contents of the public data and the non-public data are various. In FIG. 5A, as an example, data of a predetermined access destination (general URL) is used as the public data. Address data (specific URL) of a specific access destination different from a predetermined access destination and password data (password) necessary for access to the specific access destination are used. Data other than these data may be added as public data or private data, or other data may be used as public data or private data instead of these data. In the present embodiment, data indicating that the private area Cb exists in the partial private code C (whether or not there is a private area) in a form subsequent to the public area data (public data). “Confidential identifier” (see FIG. 6 (a)), which is a reference data for the determination of the above, is recorded in an area other than the non-public area (specifically, an area read after the public area). Thus, it is possible to smoothly determine whether or not a non-public area exists when the public area is read, and smoothly shift to reading the non-public area.

  After obtaining the public data and the non-public data in S1 and S2, a process for obtaining an encryption key necessary for generating encrypted data, which will be described later, is performed (S3). In the present embodiment, the encryption key can be acquired by various methods. For example, the code generation device 30 itself may generate the encryption key, or may acquire data serving as the encryption key from the outside. The content of the encryption key is not particularly limited. For example, a random number generated by a random number generation program may be used as the encryption key, or input information arbitrarily input by the operator may be used as the encryption key. Good.

  After obtaining the encryption key in S3, a process for generating encrypted data is performed (S4). In the present embodiment, a known common key cryptosystem is used, and the secret data acquired in S2 is encrypted using the encryption key obtained in S3 as a common key to generate encrypted data.

  After the process of S4, a process for generating a partially private code C as shown in FIG. 5A is performed (S5). In this process, the public data (unencrypted data) obtained in S1 is recorded in the public area Ca, and the encrypted data generated in S4 is recorded in the private area Cb. Code C is generated.

  Some areas are private areas (areas that can be read on the condition that a decryption key corresponding to the encryption key is obtained), and other areas are public areas (can be read without using the decryption key corresponding to the encryption key) The method for generating the partial private code C as a region and the specific configuration of the partial private code C to be generated are disclosed in, for example, Japanese Unexamined Patent Application Publication Nos. 2009-9547 and 2008-299422. The technique can be suitably used. FIG. 6A illustrates a data configuration of a partially private code C when the techniques of these publications are used, and among these, “disclosure code” includes each of the codes as shown in FIG. Disclosure data (for example, public data such as the above general URL) is encoded in accordance with JIS basic specifications (JISX0510: 2004). The secret code is obtained by encoding each encrypted data as shown in FIG. 6 (c) (for example, encrypted encrypted data such as the specific URL and password) in accordance with JIS basic specifications (JISX0510: 2004). It is.

In the methods disclosed in Japanese Patent Application Laid-Open Nos. 2009-9547 and 2008-299422, the secret code recorded in the non-public area includes the decryption key and the decryption key check data that can specify the decryption key. In this embodiment, the data structure may be the same, or the decryption key and the decryption key check data may not be included in the private area. In addition, the method for generating the partial private code C and the specific configuration of the generated partial private code C are not limited to this example, and the encrypted data is recorded in a partial area and the other area is recorded. As long as it is a method capable of generating a two-dimensional code in which non-encrypted data is recorded, it may be generated by a method other than the method described in these publications.
In the present embodiment, the control unit 31 that executes the processing of FIG. 4 corresponds to an example of a “code generation unit”, and has a function of generating a partially private code C.

  After the partially private code C is generated in S5, as shown in FIG. 4, a process for issuing the partially private code is performed (S6). In the present embodiment, the code issuing device 30 includes a printing unit 31, and the partially private code C can be distributed by printing the partially private code C generated in S4 on a print target medium such as paper. Is formed. The printed partially private code C may be finally distributed in any form, and may be a part of a distribution medium such as a magazine, a flyer, or a card. The method for issuing the partially private code C is not limited to this method, and any method may be used as long as the mobile terminal 10 can acquire the image data of the partially private code C. For example, a method may be used in which an image of the partially private code C generated in S5 is attached to an email and distributed to a large number of mobile terminals 10.

(Decryption key issuance process)
Next, decryption key issuing processing will be described. This process is a process of distributing the decryption key of the partially private code C issued by the code issuing process to a specific mobile terminal 10, and is performed by the server 2 in the information transmission system 1 according to the present embodiment. .

  For example, as shown in FIG. 7A, address data of each customer's mobile terminal 10 is registered in the server 2 in advance, and the server 2 is a customer who should provide private data based on these address data. The decryption key is distributed to. In this embodiment, in S4 of the above-described code issuing process (FIG. 4), encrypted data is generated by a known common key encryption method, and the server 2 generates a partially private code C in S4. The same data (that is, the encryption key itself) as the encryption key used at the time of distribution is distributed as a decryption key.

  For example, in the case of the above-described code issuance processing, when the encryption key is transmitted from the server 2 to the code issuance device 30 and the code issuance device 30 generates a part of the secret code C, it is transmitted. An encryption key may be distributed as a decryption key. In addition, when the code issuing device 30 itself generates an encryption key during the above-described code issuing processing, the server 2 acquires the encryption key by some method (for example, from the code issuing device 30 to the server 2). Or the encryption key generated by the code issuing device 30 is acquired by a method such as an operator inputting it into the server 2) and the acquired encryption key is distributed as a decryption key. Good.

When the decryption key is distributed from the server 2 to the specific mobile terminal 10, it is necessary to select a terminal to be distributed from among the registered mobile terminals 10, and there are various selections of such distribution target terminals. Can be done in any way. For example, all mobile terminals whose addresses are registered in the server 2 may be distribution target terminals, or only a specific type of mobile terminal may be a distribution target terminal. When distributing a decryption key to a specific type of mobile terminal, if each customer is stratified into a plurality of types as shown in FIG. 7A, the decryption key is provided in the decryption key issuing process. By selecting the power type, customers belonging to that type can be selected and the decryption key can be distributed.
In the present embodiment, the control unit 3 and the communication unit 7 of the server 2 correspond to an example of “issuing means” and “distributing means”, and the encryption of the partially private code C generated by the “code generating means”. It has a function of issuing and distributing a decryption key corresponding to the encryption key.

(Decryption key storage process)
Next, decryption key accumulation processing will be described.
This accumulation process is performed in the mobile terminal 10 that has received the decryption key from the server 2. The mobile terminal 10 that has received the decryption key receives the decryption key and sequentially stores it in the storage unit 15. Processing is performed to store. For example, when the decryption key is distributed from the server 2 to the mobile terminals 10 of all customers registered in the server 2, the storage process is performed in the mobile terminals 10 of each customer, and each of the mobile terminals 10 The decryption key is stored in the storage unit 15. When the decryption key is distributed from the server 2 to the mobile terminal 10 of a specific type (for example, type A), the storage process is performed in the mobile terminal 10 of the specific type, and the mobile phone of the specific type The decryption key is stored in the storage unit 15 of the terminal 10.

FIG. 7B conceptually illustrates how various decryption keys distributed as described above are accumulated in the storage unit 15 of the mobile terminal 10. In this example, a plurality of types of decryption keys are stored in the storage unit 15 of the mobile terminal 10, but these decryption keys may be delivered from a single server 2 (that is, Each mobile terminal 10 may store only a decryption key distributed from a single server 2), or may be distributed from a plurality of servers 2 (that is, each mobile terminal 10 includes a plurality of servers). It is also possible to store the decryption key distributed from (1).
In the present embodiment, the control unit 11 and the communication unit 16 correspond to an example of “acquisition unit” and “reception unit”, and each time the decryption key is distributed from the server 2 to the mobile terminal 10, the decryption key is transmitted. Has a function of sequentially receiving.
The control unit 11 and the storage unit 15 correspond to an example of “accumulation unit” and have a function of sequentially accumulating the decryption keys acquired by the “acquisition unit” and “reception unit”.

(2D code reading process)
Next, a two-dimensional code reading process will be described. FIG. 8 is a flowchart illustrating a two-dimensional code reading process.
This reading process is executed by the mobile terminal 10 when a predetermined operation (external operation) is performed on the operation unit 14 of the mobile terminal 10, for example. First, a process of imaging a two-dimensional code (S10). This imaging process is a process in which the imaging unit 12 captures an image of a two-dimensional code arranged in the imaging area of the imaging unit 12, and generates and stores image data of the captured two-dimensional code. In the present embodiment, the imaging unit 12 corresponds to an example of an “imaging unit”.

  As shown in FIG. 8, the decoding process is performed after the process of S10 (S11). This process is a process of decoding an area other than the private area by a known decoding method. When a two-dimensional code having no private area is to be read, in S11, the data area is entirely decoded, When a partially private code C as shown in FIG. 5A is to be read, areas other than the private area are decoded in S11.

  After the decoding process in S11, a process for determining whether or not a private area exists is performed (S12). In this process, based on the decoding result in S11, it is determined whether or not reference data indicating that a non-public area exists in the area behind the public area is recorded. For example, when a part of the secret code has a data structure as shown in FIG. 6A and a specific “secret identifier” is used as the reference data, the two-dimensional code acquired in S10 is displayed in the area behind the public area. Then, it is determined whether or not this specific “confidential identifier” exists, and if it does not exist, it is determined that there is no private area and the process proceeds to No in S12. In this case, the result of the decoding process performed in S11 is output to the display unit 13 or the like (S23), and the reading process ends.

  On the other hand, if a specific “secret identifier” (reference data) exists in the area behind the public area, the process proceeds to Yes in S12, and a process of reading the decryption key from the storage unit 15 is performed (S13). In this embodiment, the order of use of the decryption keys when a plurality of decryption keys are stored in the storage unit 15 is determined by a predetermined method. In S13, according to the set use order, The one with the highest priority is read out. Various methods can be used as a method for setting the order of use of the decryption keys. In this embodiment, as a representative example, the order of use is set as shown in FIG. 7B or FIG. 7C. . In these methods, among the plurality of decryption keys stored in the storage unit 15 of the mobile terminal 10, a success key that has been successfully decrypted in the private area in the mobile terminal 10 is obtained as an unsuccessful key ( The order of use of the plurality of decryption keys stored in the storage unit 15 is determined by a method that precedes the order of the decryption keys that have not been successfully decrypted in the private area in the mobile terminal 10.

  For example, in the example of FIG. 7B, the number of successful decoding of each decryption key in the mobile terminal 10 in association with each decryption key stored in the mobile terminal 10 (the number of times the private area has been successfully decoded). And the order of priority is set so that the decryption key having a higher number of successful decodes at the mobile terminal 10 is placed higher. In this case, in S13, a decryption key that has not been used yet after the start of the reading process (FIG. 8) (that is, if there is a decryption key that has already been read in S13 in the read process) ) And the decryption key having the highest number of successes is read out.

Further, in another example shown in FIG. 7C, among the plurality of decryption keys stored in the mobile terminal 10, the decryption key used when the private area was successfully decoded in the mobile terminal 10 last time (previous success). The priority is determined so that the decryption key having the highest number of successful decoding in the portable terminal 10 is ranked higher. In this case, when the previous success key (decryption key 2 in the example of FIG. 7C) is not used in the process of S13, the previous success key with the highest priority is read in the process of S13. It becomes. On the other hand, when the previous successful key has already been used in the process of S13, the decryption key that has not been used in the reading process (FIG. 8) is referred to, and the decryption key having the highest number of successes is read out. It will be.
In the present embodiment, the control unit 11 that executes the reading process of FIG. 8 corresponds to an example of “usage order determining unit”, and among the plurality of decryption keys stored in the storage unit 15 (storage unit), the mobile unit A function of determining a use order of a plurality of decryption keys stored in the storage unit 15 in a manner in which a success key having a history of successful decryption of a private area in the terminal 10 is set in an order ahead of an unsuccessful key. Have.

  After the process of S13, a process for decoding the secret area and decrypting the encrypted data is performed (S14). In this process, after the data code recorded in the non-public area (the secret code obtained by encoding the encrypted data) is decoded by a known method, the decoded data is read by the decryption key (decryption key) read in S13. Decrypt using. In the present embodiment, the decryption algorithm (decryption algorithm) used in the mobile terminal 10 corresponds to the encryption algorithm used in the code issuing device 30, and the encryption key acquired in S3 of FIG. If the decryption key (decryption key) read in S13 matches, the encrypted data in the private area can be decrypted.

  In the present embodiment, the control unit 11 that executes the process of S14 corresponds to an example of a “decoding unit”, and when the private code C is partially imaged by the imaging unit 12 (imaging unit), the public area It functions to decrypt the data of the private area Cb on the condition that the data of Ca is decrypted and the decryption key corresponding to the encryption key is acquired. Specifically, an attempt is made to decrypt the private area Cb using each decryption key stored in the storage unit 15 (accumulation means) (more specifically, according to the use order determined by the “order determination means”) When each decryption key stored in the unit 15 (storage means) is sequentially used to try to decrypt the private area Cb), and any one of the stored decryption keys corresponds to the encryption key of the private area Cb In addition, it has a function of outputting the decryption result of the private area Cb.

  After S14, it is determined whether or not the decoding is successful in S14 (S15). If the decoding is successful in S14, the process proceeds to Yes in S15, and the data (decoded data) decoded in S14 is stored in the storage unit 15 (S16). And the process which updates a decoding performance is performed (S17). For example, when a decryption key is registered as shown in FIG. 7B, in the process of S17, the decryption key used for decryption in the immediately preceding S14 (that is, the decryption key that has been successfully decrypted). Update the registration data to increment the number of successes. If the decryption key is registered as shown in FIG. 7C, the number of successes of the decryption key used for decryption (ie, the decryption key that has been successfully decrypted) is incremented in the immediately preceding S14. At the same time, the registration data is updated so that the decryption key is changed to the previous success key.

  If the decryption is not successful in S14 (S15: No), or after the process of S17 is completed, it is determined whether or not all the decryption keys stored in the storage unit 15 have been used (S18). If an unused decryption key remains during the process of S18, the process proceeds to No in S18, and the processes after S13 are performed for the unused decryption key. On the other hand, if all the decryption keys are already used in the process of S18, the process proceeds to Yes in S18, and it is determined whether or not there is a decryption key to be deleted in the storage unit 15 ( S19).

  Various methods can be used for setting the decryption key to be deleted, and it may be a method of deleting a decryption key that has not been used for a certain period of time. A method of deleting a decryption key having a low value or a decryption key having an old acquisition time may be used. The former will be described as a representative example. In S19, it is determined whether or not there is a decryption key that has not been used for a certain period of time in the decryption keys stored in the storage unit 15. If it exists, Yes in S19. Then, the corresponding decryption key is deleted (S20). On the other hand, if there is no decryption key that has not been used for a certain period, the process proceeds to No in S19, and in this case, no deletion process is performed.

After that, whether or not each data in the public area (each public data) decoded in S11 has data whose index matches the data in each private area (each private data) decoded in S16. Is determined (S21).
In the present embodiment, a part or all of each public data recorded in the public area has an index that can identify the type of each public data, and a part of each private data recorded in the private area. Alternatively, an index that can identify the type of each private data is attached to all of them. In S21, it is determined whether or not the public data recorded in the public area includes data whose index matches that of any private data in the private area. For example, the public data 1, the public data 2, the private data 1, and the private data 2 as shown in FIG. 5B are recorded in the partially private code C in FIG. If the same index is assigned to each data 1, the process proceeds to Yes in S21. In this case, the public data 1 corresponds to an example of “first information with a specific index”, and the non-public data 1 corresponds to an example of “second information with a corresponding index corresponding to a specific index”. To do.

When the process proceeds to Yes in S21, the public data and the private data with the same index are deleted (S22), and the remaining public data and private data are output to the display unit 13 or the like. (S23). For example, in the case of FIG. 5B, the public data 1 is the address data (general URL) of the predetermined access destination, and the non-public data 1 is the address data (specific URL) of the specific access destination. If the same index (index A in FIG. 5B) is attached, the general URL is deleted in S22, and the general URL is output in a form replaced with the specific URL.
In the present embodiment, the control unit 11 that executes the processing of FIG. 8 corresponds to an example of “output replacement unit”.

  On the other hand, if there is no data in the public area whose index matches the data in the private area, the process proceeds to No in S21, and the public area data (public data) decoded in S11, and Any data (private data) decrypted in S16 is output to the display unit 13 or the like.

(Main effects of the first embodiment)
The information transmission system 1 according to the present embodiment includes a “code generation unit” capable of generating a partial private code C (an information code having a public area and a private area in which encrypted data is recorded), and a part thereof And a portable terminal 10 that uses the private code C as a reading target code, and the portable terminal 10 decrypts the data in the public area Ca and obtains a decryption key corresponding to the encryption key as a condition. It is configured to decrypt the data. In this system, since information transmission is performed using a partially private code C that can prevent information leakage of some data, it is possible to transmit some data to the mobile terminal 10 with high confidentiality through the information code. it can.

  On the other hand, when the portable terminal 10 is allowed to read a partially private code C, the portable terminal 10 needs to have a decryption key corresponding to the encryption key. In the present invention, the “issue” provided in the server 2 The decryption key corresponding to the encryption key of a part of the private code C is issued by the “means”, and the decryption key issued by the “issuing means” is the mobile terminal 10 side. The decryption key is acquired every time it is given to 10 and stored in the storage unit 15 (storage means). In this way, since the decryption key to be given to the mobile terminal 10 can be stored on the mobile terminal 10 side, the decryption key can be centrally managed in the mobile terminal 10 and the management burden can be reduced. it can.

  On the premise of such a configuration, the mobile terminal 10 side decrypts the private area Cb using each decryption key stored in the storage unit 15 (storage means) when partially decoding the private code C. If any decryption key that has been attempted and stored corresponds to the encryption key of the private area Cb, the decryption result of the private area Cb is output. In this way, the decryption key is centrally managed, and a special burden is imposed on the necessary decryption key when decrypting the part of the private code C (for example, decryption key preparation work or search work). It can be used quickly without accompanying the user, and the convenience for the user can be enhanced effectively.

  Further, in the present embodiment, the mobile terminal 10 is provided with “order determination means”, and among the plurality of decryption keys stored in the storage unit 15 (storage means), the mobile terminal 10 stores the private area Cb. The order of use of the plurality of decryption keys stored in the storage unit 15 (accumulation means) is determined in such a manner that the success keys with a successful decryption are ordered before the unsuccessful keys. When decrypting the partial secret code C, the decryption keys stored in the storage unit 15 (accumulation unit) are sequentially used according to the order of use determined by the “order determination unit”. In this way, since a decryption key (success key) that has already been successfully decrypted and has a high probability of being successfully decrypted can be preferentially used, the possibility of successful decryption is increased and processing is facilitated. Will be done more quickly.

  In the present embodiment, as shown in FIG. 5A, at least address data (specific URL) of a specific access destination and password data (password) necessary for access to the specific access destination are encrypted. Thus, the encrypted data of a part of the private code C is configured. In this way, only the authorized mobile terminal 10 can easily access a specific access destination, and a highly convenient system can be obtained in which only a specific person can easily obtain useful information.

  Further, in the present embodiment, as shown in FIG. 5B, the public data 1 (first information with a specific index) with the index A is recorded in the public area Ca of the partially private code C. In the private area Cb, private data 1 (second information) with the same index A (corresponding index corresponding to a specific index) is recorded. The “decoding means” has “output replacement means” for replacing the first information with the second information when the decoding of the second information is successful. Thus, when the decryption key corresponding to the encryption key is not stored in the mobile terminal 10, only the first information is output, and when the decryption key corresponding to the encryption key is stored, The first information can be replaced with the second information and output. Therefore, a person who has a decryption key corresponding to the encryption key can smoothly acquire special information (second information) without being aware of the first information.

  Further, in the present embodiment, the server 2 is provided with “distribution means” for distributing a decryption key used for decryption of the partially private code C to the distribution target terminal, and the “acquisition means” of the mobile terminal 10 is: Each time a decryption key is distributed from the “distribution means” of the server 2 to the mobile terminal 10, the decryption key is sequentially received and stored. If it does in this way, a decryption key can be smoothly given without using a special medium with respect to the portable terminal 10 (delivery object terminal) which should give a decryption key. In addition, on the mobile terminal 10 side, the decryption key can be acquired without much load.

[Second Embodiment]
Next, a second embodiment will be described. FIG. 9A is an explanatory diagram conceptually illustrating a partially private code C2 used in the information transmission system according to the second embodiment, and FIG. 9B is a diagram illustrating each part of FIG. 9A. It is explanatory drawing explaining the corresponding | compatible relationship between the encryption key and data content in a non-public area | region. FIG. 10 is an explanatory diagram for conceptually explaining the public area and the data of each private area in the partially private code C2 of FIG. 9A.

  Since the information transmission system according to the second embodiment uses the same hardware configuration (FIGS. 1 to 3) as that of the first embodiment, detailed description of the hardware configuration is omitted, and FIGS. Refer to FIG. Further, the code issuing process and the two-dimensional code reading process are basically performed in the same flow as in FIGS. 4 and 8, and the specific contents of some processes are different from those in the first embodiment. Therefore, these processes will be described with reference to FIGS. 4 and 8, and different contents will be mainly described. The registration contents of customer data (FIG. 7 (a)) and decryption key issuance processing, or decryption key storage contents (FIG. 7 (b) (c)) and decryption key storage processing are the first embodiment. Therefore, the detailed description is omitted and only a part of the description is supplemented.

  In the present embodiment, as shown in FIG. 9A, a partially private code C2 including a plurality of private areas Cb1 to Cb4 is used as the partially private code. This partially private code C2 is also generated and issued by the code issuing device 30 shown in FIG. 1 by the same code issuing process (FIG. 4) as in the first embodiment.

  Also in the present embodiment, as shown in FIG. 4, first, data (public data) to be recorded in the public area Ca is acquired (S1), and data to be recorded in the private areas Cb1 to Cb4 (a plurality of private areas). Data) is acquired (S2). The data acquisition method in S1 and S2 is the same as that in the first embodiment, and any method can be used as long as the code issuing device 30 can acquire public data and private data.

  The data contents of the non-encrypted data (public data) and the encrypted data (non-public data) recorded in the partial private code C2 are various. In FIG. 9A, as an example, the non-encrypted data (public data) Data of a predetermined access destination (general URL) is used as data), and address data (specific URL) of a specific access destination different from the predetermined access destination is used as private data of each of the private areas Cb1 to Cb4. ) And password data (password) necessary for access to a specific access destination. Data other than these data may be added as public data or private data, or other data may be used as public data or private data instead of these data. Further, as in the first embodiment, data indicating that the private area Cb exists in the partial private code C (determining whether or not there is a private area) in the area behind the public area. (Reference data as a reference) is included, it is possible to appropriately determine whether or not there is a non-public area when the public area is read, and it is possible to smoothly shift to reading the non-public area. In addition, if a separator that separates the data of the private areas Cb1 to Cb4 is included, each private area can be reliably distinguished by recognizing each separator.

  After obtaining the public data and the private data in S1 and S2, processing for obtaining an encryption key is performed (S3). Also in the present embodiment, as in the first embodiment, the encryption key can be acquired by various methods. Hereinafter, a method of acquiring each encryption key used for each of the private areas Cb1 to Cb4 from the server 2 is a representative example. Will be described as follows.

For example, as shown in FIG. 7A, when the server 2 has management data for managing a plurality of portable terminals 10 classified by type, the server 2 assigns a unique encryption key for each classified type. By performing a process of setting and transmitting the set unique encryption key to the code issuing device 30, it is possible to pass the unique encryption key for each type to the code issuing device 30. Specifically, for example, the server 2 generates a first encryption key corresponding to the type A (for example, generated by external generation, automatic generation using a random number, etc.) and the second encryption corresponding to the type B. If a process of transmitting a key, a third encryption key corresponding to type C, and a fourth encryption key corresponding to type D, and transmitting these encryption keys to the code issuing device 30 is performed, code issuance The device 30 can acquire each unique encryption key assigned to the types A, B, C, and D.
In this case, the control unit 3 and the storage unit 5 that store and use data as shown in FIG. 7A correspond to an example of “management means”. The control unit 3 corresponds to an example of “setting means”, and functions to set a unique encryption key for each type classified by the “management means”.

  After acquiring each encryption key as described above, the code issuing device 30 performs a process of generating each encrypted data (S4). Also in this embodiment, a known common key cryptosystem is used, and each private data acquired in S2 is encrypted and recorded in each private area using each encryption key obtained in S3 as a common key. Each encryption data to be generated is generated. For example, when generating each encryption data as shown in FIG. 9A, the first private data to be recorded in the first private area (hereinafter also referred to as the first area) Cb1 (in FIG. 9A) The specific URL 1, password 1, and other data) are encrypted with the first encryption key assigned to the type A (see FIG. 7A), and similarly, the second private area (hereinafter referred to as the first data) Second private data (also referred to as area 2) to be recorded in Cb2 (specific URL 2, password 2, and other data in FIG. 9A) is encrypted with the second encryption key assigned to type B, and third data The third encryption in which the third private data (specific URL 3, password 3, and other data in FIG. 9A) to be recorded in the private area (hereinafter also referred to as the third area) Cb3 is assigned to the type C Encrypted with the encryption key The fourth encryption in which the fourth private data (specific URL 4, password 4 and other data in FIG. 9A) to be recorded in the private area (hereinafter also referred to as the fourth area) Cb4 is assigned to the type D Encrypt with encryption key.

  And the process which produces | generates the partial private code C2 as shown to Fig.9 (a) is performed (S5). In this process, the public data (unencrypted data) obtained in S1 is recorded in the public area Ca, and the encrypted data generated in S4 is recorded in the private areas Cb1 to Cb4. A partially private code C2 is generated. The present embodiment is different from the first embodiment in that the private area is subdivided into a plurality of areas, but the method itself for generating a partially private code based on the public data and the encrypted data is the first. This is the same as the embodiment. Note that after the partially private code C2 is generated in S5, an issue process similar to that of the first embodiment is performed (S6).

  Also in the present embodiment, the control unit 31 that executes the processing of FIG. 4 corresponds to an example of “code generation unit”, and has a function of generating a part of the secret code C2. More specifically, the above-described “setting unit” Has a function of generating a part of the private code C2 in a configuration in which each encrypted data encrypted based on each unique encryption key set in step S1 is recorded in a plurality of private areas Cb1 to Cb4. .

  Next, decryption key issuing processing will be described. Also in the present embodiment, each encrypted data is generated by a known common key encryption method in S4 of the above-described code issuing process (FIG. 4), and the server 2 generates a partially private code C2 in S4. The same data (that is, the encryption key itself) as each encryption key used at the time is distributed as a decryption key.

  As described above, when a unique encryption key is assigned to each type classified as shown in FIG. 7A, the unique encryption key assigned to each type is distributed to the address of the mobile terminal 10 belonging to each type. That's fine. For example, the unique encryption key assigned to type A is delivered to the address of the customer belonging to type A, and the unique encryption key assigned to type B is similarly delivered to the address of the customer belonging to type B. It is sufficient to issue a decryption key.

Next, the reading process performed in this embodiment will be described.
Also in the present embodiment, the reading process is performed in the same flow as in FIG. 8, and the same processes as in the first embodiment are performed for S10 to S13.
After the process of S13, each private area | region Cb1-Cb4 (FIG. 9 (a)) is decoded, and the process which decodes the encryption data of each private area | region Cb1-Cb4 is performed (S14). In this process, after the data code (the secret code obtained by encoding the encrypted data) recorded in each of the private areas Cb1 to Cb4 is decoded by a publicly known method, the decoded data is read by the decryption key read in S13. Decrypt using (decryption key). Also in this embodiment, the decryption algorithm (decryption algorithm) used in the mobile terminal 10 corresponds to the encryption algorithm used in the code issuing device 30, and the decryption key (decryption key) read in S13. ) Matches the encryption key of any one of the private areas Cb1 to Cb4, the encrypted data in the private area can be decrypted.

In this embodiment, the processes of S13 to S17 are performed for all the decryption keys, and only the area that can be decrypted by the decryption key stored in the storage unit 15 (that is, the encryption that can be decrypted by the stored decryption key). Only the area including the digitized data) is decrypted. For example, when each encrypted data of the non-public areas Cb1 and Cb2 is accumulated in the storage unit 15 as decrypted data, and other encrypted data of the non-public areas Cb3 and Cb4 are not accumulated, In the read process (FIG. 8), only the private areas Cb1 and Cb2 are decrypted.
In the present embodiment, the control unit 11 that executes the processing of FIG. 8 corresponds to an example of “decoding means”, and when the encrypted data in the private areas Cb1 to Cb4 of the partially private code C2 is decrypted. In addition, each decryption key stored in the storage unit 15 (storage unit) is sequentially used for decryption, and the storage unit 15 (storage unit) among the plurality of encrypted data respectively recorded in the plurality of private areas Cb1 to Cb4. Only the encrypted data corresponding to one of the decryption keys stored in (1) is output as a decryption result.

  Thereafter, the processes of S19 and S20 are performed in the same manner as in the first embodiment, and the public data recorded in the public area Ca has the same index type as the private data in any of the private areas Cb1 to Cb4. Processing for determining whether there is data to be performed is performed (S21). In the present embodiment, as shown in FIG. 10, an index that can identify the type of each public data is attached to a part or all of each public data recorded in the public area Ca, and the private areas Cb1 to Cb4 are assigned. An index that can identify the type of each private data is attached to a part or all of each private data to be recorded. Furthermore, in the example of FIG. 10, a plurality of indexes A0, A1, and A2 belong to the first index type, and a plurality of indexes B1 and B2 belong to a different second index type. Since the public data 01 stored in the public area Ca and the private data 11 and 21 in the private areas Cb1 and Cb2 have the same index type, the process proceeds to Yes in S21, and the data in the public area (public Data 01) is deleted. Also, the numerical part of each index A1, A2 (corresponding index) corresponding to the index A0 (specific index) of the public area indicates the priority, and the higher the number, the higher the priority. In the present embodiment, when there are a plurality of corresponding indexes (index A1, A2 in FIG. 10) corresponding to the same index type as the specific index of the public area (index A0 in FIG. 10) as shown in FIG. Of these, data other than the index with the highest priority (private data 11 in the example of FIG. 10) is also deleted. In S23, only the secret data to which the highest priority index is assigned among the corresponding indexes (only the secret data 21 in the example of FIG. 10) is output.

  As a specific usage, there is an example in which the indexes A0, A1, and A2 are indexes of a specific company. In this case, for example, the index A0 is an index attached to public data (for example, a general URL) to be given to general members of the specific company, and the index A1 is private data (for example, to be given to specific members of the specific company) This is an index attached to a specific URL 1) that provides information more advantageous than a general URL, and the index A2 is private data (from the specific URL 1) that should be given to a special member of the specific company (a member who should benefit from the specific member). Also, it is preferable to use an index attached to a specific URL 2) from which advantageous information is obtained. In this way, a general URL is given to those who cannot decrypt the private area, and a specific URL 1 more advantageous than the general URL is given to those who can decrypt only the private area Cb1, and the private areas Cb1, Cb2 Those who can decipher any of these can be given a more advantageous specific URL 2.

  In the present embodiment, the control unit 11 corresponds to an example of “output replacement means”, and a plurality of non-public data (to which a corresponding index corresponding to a specific index (specific index attached to public data)) is attached ( When the decoding of the second information) is successful, the second information to which the corresponding index having a high priority is attached among the plurality of second information that has been successfully decoded is the public data (first information) with the specific index attached. ) Is preferentially output.

(Main effects of the second embodiment)
In the present embodiment, in the server 2, a “management unit” that classifies and manages a plurality of mobile terminals 10 for each type, and a “setting” that sets a unique encryption key for each type classified by the “management unit”. Means ”, and the“ code generation means ”stores each encrypted data encrypted based on each unique encryption key set by the“ setting means ”in a plurality of private areas Cb1 to Cb4. A part of the private code C2 is generated with a recording structure.
In this way, a plurality of types of encrypted data can be managed by a single partially private code C2, and encrypted data corresponding to the types can be provided with high security to various types of target persons. In addition, each type of target person labors the encryption data of the type to which he belongs as long as the decryption key corresponding to the encryption data of the type to which he belongs has been acquired and stored in the mobile terminal 10 in advance. Can be deciphered quickly. Therefore, the convenience of both the data provider and the data user can be enhanced effectively.

  Further, when decrypting each encrypted data in each of the private areas Cb1 to Cb4 of the partially private code C2, the decryption is attempted by sequentially using the decryption keys stored in the storage unit 15 (storage means). Of the plurality of pieces of encrypted data recorded in the non-public areas Cb1 to Cb4, only the encrypted data corresponding to any one of the decryption keys stored in the storage unit 15 (storage means) is output. In this way, the user can quickly and easily select all types that can be decrypted by his / her mobile terminal 10 from among a plurality of types of encrypted data (that is, the types in which the decryption key is stored in his / her mobile terminal 10). Can be deciphered.

  Also, as shown in FIG. 10, non-public data 11 and 21 (second information) with corresponding indexes A1 and A2 corresponding to the specific index A0 are recorded in a plurality of non-public areas, respectively. Furthermore, priority is set for each corresponding index A1, A2 of each private area, and when the private data 11, 21 (second information) has been successfully decrypted, the private data 11 that has been successfully decrypted. , 21, the private data 21 with the corresponding index A <b> 2 having a high priority is preferentially output instead of the public data 01 (first information) with the specific index A <b> 0. In this way, when a plurality of decryption keys are stored in the mobile terminal 10 and a plurality of private data with corresponding indexes can be decrypted, the highest priority information among them can be output. . Therefore, information with higher priority can be provided to a person who can decrypt a plurality of non-public data (second information) to which a corresponding index is attached, and the convenience of the information user can be further enhanced.

[Third Embodiment]
Next, a third embodiment will be described. FIG. 11A is an explanatory diagram for conceptually explaining the information transmission system according to the third embodiment, and FIG. 11B shows a card issuing device used in the information transmission system of FIG. It is a block diagram illustrated. In the third embodiment, only a part of the hardware configuration, the decryption key issuance process, and the decryption key accumulation process are different from the first embodiment, and the rest are the same as in the first embodiment. Therefore, in the following, these different points will be described mainly. The same parts as those of the first embodiment will be denoted by the same reference numerals as those of the first embodiment, and detailed description thereof will be omitted. FIGS. Reference is made to these drawings.

  First, the hardware configuration of the information transmission system according to the present embodiment will be described. The information transmission system according to the present embodiment is different from the first embodiment in that the card issuing device 200 is provided in terms of hardware, and other hardware configurations (configurations in FIGS. 2 and 3) are different. This is the same as the first embodiment.

  The card issuing device 200 is configured as an information processing device as shown in FIG. 11B, for example. In this example, the control unit 201 composed of a CPU, a storage unit 204 composed of ROM, RAM, HDD, etc., various keys And an operation unit 205 configured as a touch panel, a communication unit 206 configured as a communication interface, and the like. Furthermore, in the example of FIG. 11B, a printing unit 202 configured by a known printer or the like, a display unit 203 configured as a liquid crystal monitor, or the like is provided. Further, the card issuing device 200 in FIG. 11B is connected to the server 2 so as to be communicable (for example, connected via a LAN or the Internet).

  Next, decryption key issuing processing will be described. In the first embodiment, the decryption key held by the server 2 is distributed from the server 2 to each mobile terminal 10, but in the third embodiment, the card issuing device 200 acquires the decryption key held by the server 2, The card issuing device 200 performs two-dimensional encoding. The card issuing device 200 may acquire the decryption key by, for example, a configuration in which the card issuing device 200 receives the decryption key transmitted (issued) from the server 2 to the card issuing device 200. The decryption key may be input to the card issuing device 200 by some method (for example, information input by an operator). The server 2 issues a predetermined identification number together with the decryption key, and the card issuing device 200 acquires the decryption key and the identification number issued from the server 2 by receiving or inputting information. Then, a two-dimensional code Q (for example, QR code, data matrix code, maxi code, etc.) in which the obtained decryption key and identification number are recorded as data is generated by a known method, and this two-dimensional code Q is generated by the printing unit 202. Printing is performed on a card medium 211 made of paper, a resin plate, or the like. In this manner, a card with a two-dimensional code 210 in which the two-dimensional code Q is attached to the card medium 211 is formed.

  In the present embodiment, the control unit 201 of the card issuing device 200 corresponds to an example of “two-dimensional code generation means” and functions to generate a two-dimensional code Q in which a decryption key is recorded. In addition, the control unit 201 and the printing unit 202 of the card issuing device 200 correspond to an example of “card creation unit”, and attach the two-dimensional code Q generated by the “two-dimensional code generation unit” to the card medium, It functions to create a two-dimensional code card 210 to be given to the terminal holder.

  The two-dimensional code-added card 210 created as described above is a part of a customer registered as shown in FIG. 7A by a card distribution subject (for example, a company that manages the server 2). (Or all of them) by mail, store handing, etc.

  Further, the server 2 has the same identification number recorded in the two-dimensional code Q of the two-dimensional code card 210 with respect to the mobile terminal 10 of the specific customer (customer to whom the two-dimensional code card 210 is distributed). The mobile terminal 10 of the specific customer who has transmitted the registration number and is to be given the decryption key is maintained in a preparatory state in which the registration number is stored in the storage unit 15 (FIG. 3) in advance by receiving the registration number. The

  Next, decryption key accumulation processing will be described. In the present embodiment, decryption key storage processing is performed by performing a predetermined operation on the portable terminal 10 of the person who possesses the card with the two-dimensional code 210. In this accumulation process, the two-dimensional code Q attached to the card with two-dimensional code 210 is imaged by the imaging unit 12 (FIG. 3), and a known decoding process is performed on the obtained image data. By performing such processing, the portable terminal 10 of the person who possesses the card with the two-dimensional code 210 can acquire the decryption key and the identification number recorded in the two-dimensional code Q.

In the present embodiment, as described above, the registration number is transmitted from the server 2 to the portable terminal 10 to which the decryption key is to be given, and the identification number obtained by the decoding process performed in the portable terminal 10. Is stored in the storage unit 15 as a valid decryption key obtained from the two-dimensional code Q together with the identification number. On the other hand, when there is no registration number that matches the identification number, the decryption key acquired from the two-dimensional code Q is invalidated. There are various invalidation methods. For example, when there is no registration number that matches the identification number recorded in the two-dimensional code Q in the portable terminal 10 that has read the two-dimensional code Q, the two-dimensional code The decryption key recorded in Q may not be stored, or may be stored with data indicating that it is invalid in association with the decryption key recorded in the two-dimensional code Q. .
In the present embodiment, the control unit 11 of the mobile terminal 10 corresponds to an example of “acquisition unit” and “card decoding unit”, and the two-dimensional code Q attached to the card with the two-dimensional code is the imaging unit 12 (imaging unit). ) Functions to acquire a decryption key by decoding the captured two-dimensional code Q.

(Main effects of the third embodiment)
In the present embodiment, the “two-dimensional code generating unit” that generates the two-dimensional code Q in which the decryption key issued by the “issuing unit” is recorded as data, and the “two-dimensional code generating unit”. A “card creation means” is provided for attaching a two-dimensional code Q to the card medium 211 and creating a card 210 with a two-dimensional code to be given to the holder of the portable terminal 10. Then, the “acquiring means” of the mobile terminal 10 obtains the captured two-dimensional code Q when the two-dimensional code Q attached to the card with two-dimensional code 210 is imaged by the imaging unit 12 (imaging means). It has “card decoding means” for obtaining a decryption key by decoding. If it does in this way, an encryption key can be passed to a portable terminal 10 which should acquire an encryption key via a card | curd (card 210 with a two-dimensional code). For those who have not acquired the card with the two-dimensional code 210 and cannot acquire the decryption key, the use of the private area Cb (FIG. 5) can be restricted. Can be managed by the presence or absence of a card (card with two-dimensional code 210).

  Further, in the present embodiment, the two-dimensional code Q is generated with the configuration including the identification number as data, and the “decoding means” of the mobile terminal 10 is a registration in which the identification number recorded in the two-dimensional code Q is registered in advance. When it matches the number (the number delivered from the server 2 to the specific customer to whom the decryption key is to be given), the decryption key acquired from the two-dimensional code Q is validated. In this way, the decryption key in the two-dimensional code can be used only by the portable terminal 10 in which the identification number recorded in the two-dimensional code Q is registered, and the card (two-dimensional When the code-added card 210) is lost, the decryption key is not easily abused.

[Fourth Embodiment]
Next, a fourth embodiment will be described. FIG. 12A is an explanatory diagram conceptually illustrating the information transmission system according to the fourth embodiment, and FIG. 12B is a receipt issuing device used in the information transmission system of FIG. FIG.

(Representative example of the fourth embodiment)
First, a representative example of this embodiment will be described.
The representative example shown below differs from the first embodiment only in a part of the hardware configuration, the decryption key issuance process, and the decryption key storage process, and is otherwise the same as the first embodiment. Therefore, in the following, these different points will be described mainly. The same parts as those of the first embodiment will be denoted by the same reference numerals as those of the first embodiment, and detailed description thereof will be omitted. FIGS. Reference is made to these drawings.

  First, the hardware configuration of the information transmission system according to the present embodiment will be described. As shown in FIG. 12A, the information transmission system 1 according to the present embodiment is different from the first embodiment in that a receipt issuing device 300 is provided in terms of hardware. The hardware configuration (the configuration in FIGS. 2 and 3) is the same as that in the first embodiment. The receipt issuing apparatus 300 is configured as an information processing apparatus as shown in FIG. 12B, for example. In this example, a control unit 301 composed of a CPU or the like, a storage unit 304 composed of a ROM, RAM, HDD, etc. An operation unit 305 configured as a key, a touch panel, and the like, a communication unit 306 configured as a communication interface, and the like are provided. Further, in the example of FIG. 12B, a printing unit (receipt printing unit) 302 configured by a known printer, a display unit 303 configured as a liquid crystal monitor, a C-MOS area sensor, a CCD area sensor, etc. An imaging unit 307 configured as a camera equipped with a) is also provided. Also, the receipt issuing apparatus 300 in FIG. 12B is connected to the server 2 so as to be communicable (for example, connected via a LAN, the Internet, etc.).

  Next, decryption key issuing processing will be described. In the first embodiment, the decryption key held by the server 2 is distributed from the server 2 to each mobile terminal 10. However, in the fourth embodiment, the receipt issuing device 300 acquires the decryption key held by the server 2. The receipt issuing device 300 performs two-dimensional encoding. By issuing a receipt 310 on which the two-dimensional code Q is printed, a decryption key can be stored in the portable terminal 10 of a person who can obtain the receipt 310. Hereinafter, a specific flow of this process will be described.

  In this embodiment, the decryption key issuance process is performed as a receipt issuance process as shown in FIG. This process is, for example, a process performed at the receipt issuing device 300 provided at the payment place when purchasing a product. First, an information code attached to the product (for example, a bar on which a product name, a price, etc. are recorded). The code) is imaged by the imaging unit 307, and the information code is read (S101). Then, based on the read result, it is determined whether or not a decryption key should be given (S102). In the present embodiment, it is assumed that predetermined reference information (information used as a criterion for determining whether or not to provide a decryption key) is recorded in advance in an information code attached to a product to which a decryption key is to be assigned. In S102, it is determined whether or not such predetermined reference information is included in the information code read in S101. If it is not included, the process proceeds to No in S102 to make a known general information. Receipt issue processing is performed (S106).

  On the other hand, if it is determined in S102 that the predetermined reference information is included in the information code, the process proceeds to Yes in S102, accesses the server 2 (S103), and downloads the decryption key from the server 2 (S104). ). There are various download methods. For example, when there is an access from the receipt issuing device 300, a specific decryption key may be transmitted from the server 2 to the receipt issuing device 300. The configuration may be such that information related to the purchased product is transmitted to the server 2 and a decryption key corresponding to the product purchased from the server 2 is transmitted. In the present embodiment, the control unit 3 and the communication unit 7 of the server 2 correspond to an example of “issuing means”.

Then, a two-dimensional code Q (for example, QR code, data matrix code, maxi code, etc.) in which the obtained decryption key is recorded as data is generated by a known method, and this two-dimensional code Q and receipt data (purchase amount, etc.) ) Is printed on a paper medium or the like by the printing unit 302, and a receipt 310 is issued (S105).
In the present embodiment, the control unit 301 of the receipt issuing device 300 corresponds to an example of a “two-dimensional code generating unit”, and a two-dimensional code in which a decryption key issued by the “issuing unit” is recorded as data. It functions to generate Q. In addition, the control unit 301 and the printing unit 302 correspond to an example of “receipt creation unit”, and create the product receipt 310 with a configuration with the two-dimensional code Q generated by the “two-dimensional code generation unit”. To work.

  Next, a process for issuing a partially private code will be described. In the present embodiment, a partially private code C may be issued by the same method (see FIG. 4) as in the first embodiment using the same code issuing device 30 as in the first embodiment. 300 may function as a device that issues a partially private code C (that is, the receipt issuing device 300 may have the same function as the code issuing device 30 and the code issuing device 30 may be omitted). . When the receipt issuing device 300 functions as a device for issuing a partially private code C, a partially private code C may be attached to the receipt 310 to which the two-dimensional code Q is attached. A medium (a paper medium or the like) with a partly private code C attached may be printed.

Next, the decryption key storage process will be described. In the present embodiment, decryption key storage processing is performed by performing a predetermined operation on the portable terminal 10 of the person who has acquired the receipt 310. In this accumulation process, the two-dimensional code Q attached to the receipt 310 is imaged by the imaging unit 12 (FIG. 3), and a known decoding process is performed on the obtained image data. By performing such processing, the portable terminal 10 of the person who has the receipt 310 can acquire the decryption key recorded in the two-dimensional code Q, and the decryption key is stored in the storage unit 15 (storage means). I can leave.
In the present embodiment, the control unit 11 and the imaging unit 12 of the mobile terminal 10 correspond to an example of “acquiring unit”. The control unit 11 corresponds to an example of a “receipt decoding unit”, and when the two-dimensional code Q attached to the receipt 310 is imaged by the imaging unit 12 (imaging unit), the captured two By decoding the dimension code Q, the decryption key is obtained.

  In the present embodiment, the same reading process (FIG. 8) as in the first embodiment is performed. For example, in the case where a partial secret code C (FIG. 5) is attached to the receipt 310 together with the two-dimensional code Q, the reading process shown in FIG. 8 may be performed immediately after the decryption key storage process. Good. Alternatively, the decryption key storage process and the reading process (FIG. 8) may be performed at different times.

(Main effects of the fourth embodiment)
According to the present embodiment, the person who has acquired the receipt 310 with the two-dimensional code Q can acquire the decryption key, and the convenience of the person who has purchased the product or received the service is improved. System can be constructed.

(Modification 1 of 4th Embodiment)
In the information transmission system according to the representative example of the fourth embodiment, the decryption key issuing process may be changed as follows. FIG. 14 is a flowchart illustrating the flow of the decryption key issuing process in the first modification.
In this modified example 1, as a two-dimensional code Q to be attached to the receipt 310, a partially private code is generated with the decryption key of the information code read in S205 as an encryption key as a point provided with the processing of S205. This is different from the above representative example. Note that the processes of S201 to S204 are the same as the processes of S101 to S104, respectively, and the process of S207 is the same as the process of S106, and thus detailed description of these processes will be omitted.

  In the present embodiment, in the process of S205, the purchaser is prompted to display a later-described decryption key recording code (for example, information that requests to decipher the decryption key recording code is displayed on the display unit 303). The merchandise purchaser is requested to display the decryption key recording code on the display unit 13 of the mobile terminal 10. When the product purchaser performs a predetermined operation on the mobile terminal 10 in response to the request, a two-dimensional code (for example, QR code) in which any of the decryption keys stored in the storage unit 15 is recorded as data in the mobile terminal 10. A code, an information code such as a data matrix code and a maxi code) is generated by a known method, and this two-dimensional code (decryption key recording code) is displayed on the display unit 13. In the present embodiment, the control unit 11 corresponds to an example of “decryption key recording code generation unit”, and the display unit 13 corresponds to an example of “display unit”.

  Further, in the process of S205, the two-dimensional code (decryption key recording code) generated and displayed on the portable terminal 10 as described above is imaged by the imaging unit 307 and decoded, and recorded in the decryption key recording code. The decryption key (the decryption key already held by the mobile terminal 10) is acquired. In the present embodiment, the control unit 301 corresponds to an example of “reading unit” and functions to read an information code (decryption key recording code) displayed on the display unit 13 (display unit).

  In S206, as the two-dimensional code Q to be attached to the receipt 310, the data of the decryption key recording code read in S205 (the decryption key already possessed by the mobile terminal 10) is used as the encryption key and obtained in S204. A partially private code is generated with a configuration in which the decryption key is used as private data, and a receipt 310 is created with a configuration to which the generated partially private code is attached. In this example, the decryption key to be used in the other partial private code (that is, the partial private code C issued in the partial private code issuance process) is generated in S206. It is recorded as private data in the private area of the code (two-dimensional code Q), and only the mobile terminal 10 that provided the decryption key can decrypt the private area.

  In this way, the decryption key used for decrypting the partially private code C (the other partially private code issued in the process of issuing the partially private code) is added to the receipt 310. Can be constructed using a partial private code (partial private code (two-dimensional code Q) generated in S206). Furthermore, only a specific mobile terminal 10 (the mobile terminal 10 that provided the decryption key) can decrypt the private area of the partially private code (two-dimensional code Q) attached to the receipt 310, and other mobile terminals can Since this private area cannot be decrypted, when the decryption key is transmitted by the receipt 310, it becomes difficult for the decryption key to leak to a third party, and the security can be further improved.

(Modification 2 of 4th Embodiment)
Next, a second modification of the present embodiment will be described.
Modification 2 is different from the above representative example in the code issuance process, the reading process, the configuration of a partly private code, and the like. Since the hardware configuration is the same as that of the above representative example, FIGS. 12, 2, and 3 will be referred to as appropriate.

  The partially private code used in Modification 2 is provided with a plurality of private areas (six private areas in the example of FIG. 15), similarly to the partially private code C2 used in the second embodiment. In the second embodiment, it is generated and issued by a method similar to the method of generating and issuing a partially private code C2. Since the flow of the code issuing process is basically the same as that of the first and second embodiments, the following description will be given with reference to FIG.

  Also in the code issuance process of the modified example 2, as shown in FIG. 4, data (public data) to be recorded in the public area is acquired (S1), and data to be recorded in each private area (plural private data) (S2). The data acquisition method in S1 and S2 is the same as that in the first and second embodiments, and any method can be used as long as the code issuing device 30 can acquire public data and private data. It can be acquired by a method such as receiving the public data and the non-public data 1 to 6 shown in FIG. In the example of FIG. 15A, predetermined access destination data (general URL) is used as non-encrypted data (public data), and some private areas (first, second, third, fourth) are used. Element data A, B, C, and D, which are elements of the encryption key, are used as the secret data 1 to 4 recorded in the (region), respectively. Further, as the private data 5 and 6 recorded in the other private areas (fifth and sixth areas), the specific access destination address data (specific URL1, specific URL2) different from the predetermined access destination is specified. The password data (not shown) required for accessing the access destination is used.

  After obtaining the public data and the non-public data 1 to 6 (FIG. 15A) in S1 and S2, as shown in FIG. 4, processing for obtaining an encryption key is performed (S3). In the second modification, as shown in FIG. 16, the server 2 stores management data for classifying and managing the mobile terminals 10 of each customer for each type. Like a mobile terminal, a plurality of types can be assigned to each mobile terminal 10, and each mobile terminal 10 is configured to belong to a plurality of types. Then, the server 2 sets a unique encryption key for each type classified as shown in FIG. 16, and the code issuing device 30 obtains various unique encryption keys held by the server 2 (for example, (Acquired by receiving data from the server 2). For example, a unique encryption key (data 1) assigned to type A is acquired from the server 2 as an encryption key for encrypting the first private area (first area), and similarly, the first private area A unique encryption key (data 2) assigned to type B is acquired from the server 2 as an encryption key for encrypting the area (second area), and the third private area (third area) is encrypted. A unique encryption key (data 3) assigned to type C as an encryption key is acquired from server 2, and assigned to type D as an encryption key for encrypting the fourth private area (fourth area). The unique encryption key (data 4) is obtained from the server 2.

  Further, the code issuing device 30 generates and acquires a new encryption key by using a plurality of types of encryption keys and a decryption key recorded in the receipt 310. The decryption key to be recorded on the receipt 310 is given from the server 2 to the code issuing device 30 by data transmission or the like. The code issuing device 30 includes the secret data 1 (element data A) to be recorded in the first area, An encryption key for encrypting the fifth area (data 5: second cipher) with the secret data 2 (element data B) recorded in the second area and the decryption key (element data F) recorded in the receipt 310 Key). Similarly, the code issuing device 30 decodes the private data 3 (element data C) recorded in the third area, the private data 4 (element data D) recorded in the fourth area, and the receipt 310. An encryption key (data 6: second encryption key) for encrypting the sixth area is generated by the key (element data F). There are various methods for generating an encryption key using a plurality of private data and a decryption key for a receipt. These data may be arranged side by side to generate a new encryption key, and these data are multiplied together. A new encryption key may be generated.

  In the second modification, the control unit 3 and the control unit 5 of the server 2 correspond to an example of “management means”, and the control unit 3 corresponds to an example of “setting means”. In the second modification, the control unit 31 of the code issuing device 30 corresponds to an example of a “second encryption key generation unit”, and uses two or more unique encryption keys respectively defined for two or more types. Based on this, the second encryption key is generated.

  After each encryption key is generated as described above, each of the private data 1 to 6 is encrypted with each encryption key (data 1 to 6), and the encrypted data of each of the private data 1 to 6 is secondly stored. It is generated by the same method as in the embodiment (S4). Then, a partially private code formed by recording the encrypted data of the private data 1 to 6 in each private area is generated (S5). In this example, as shown in FIGS. 15A and 15B, the encrypted data obtained by encrypting the element data A with the data 1 (the encryption key assigned to the type A) is stored in the first non-public area (the first private area). Similarly, the encrypted data obtained by encrypting the element data B with the data 2 (encryption key assigned to the type B) is recorded in the second private area (second area), The encrypted data obtained by encrypting the element data C with the data 3 (encryption key assigned to the type C) is recorded in the third private area (third area), and the element data D is stored in the data 4 (type D). The encrypted data encrypted with the assigned encryption key) is recorded in the fourth private area (fourth area). In addition, the encrypted data obtained by encrypting the specific URL 1 and the password 1 corresponding to the specific URL 1 with the data 5 (the encryption key newly generated by the element data A, B, F) is the fifth private area (the fifth area). ) And the encrypted data obtained by encrypting the specific URL 2 and the password 2 corresponding thereto with the data 6 (the encryption key newly generated by the element data C, D, and F) is stored in the sixth non-public area ( (Sixth area). The partially private code generated in this way is issued by the same method as in the first and second embodiments (S6).

  Next, decryption key issuing processing will be described. In this embodiment, for example, a decryption key (data 1 to data 4 etc.) is distributed to various types of portable terminals registered in the server 2 by the same method as in the first embodiment or the third embodiment. It is like that. For example, the decryption key (data 1) assigned to the type A is distributed to the mobile terminal 10 belonging to the type A by the same method as that in the first embodiment or the third embodiment, and the mobile terminal belonging to the type B similarly. A decryption key (data 2) assigned to type B is distributed to 10 and a decryption key (data 3) assigned to type C is distributed to mobile terminals 10 belonging to type C and belongs to type D. The decryption key (data 4) assigned to the type D is distributed to the mobile terminal 10. Further, a decryption key (for example, element data F) is given to a person who has purchased a product at a store by the same method as in the representative example or the first modification (see FIGS. 13 and 14). . The decryption key issued in this way is stored in the storage unit 15 of the mobile terminal 10 in the same manner as in the first to third embodiments, the representative example, or the first modification.

  Next, a reading process performed in the second modification will be described. In the modified example 2, the reading process is performed in the flow as shown in FIG. 17, and the same processes as S10 to S18 (FIG. 8) performed in the second embodiment are performed for S310 to S318.

  In the second modification, when the process proceeds to Yes in S318 (that is, when all the decryption keys stored in the storage unit 15 are used), it is determined whether or not a new decryption key can be generated (S319). . Specifically, a plurality of element data (element data A, B, C, D in the example of FIG. 15A) necessary for generating a decryption key are obtained by the decryption process of S314 already performed, and It is determined whether or not predetermined decrypted data (element data F) recorded in the receipt 310 is accumulated in the storage unit 15. If these conditions are satisfied, the process proceeds to Yes in S319 and S314. A new decryption key (second decryption key) is generated based on the plurality of element data obtained in the above and the decryption data of the receipt 310 already stored (S320). The second decryption key is generated by the same method as the second encryption key generation method described above. For example, the second decryption key is multiplied by the decryption data of the receipt 310 to obtain the second decryption key. When the method of generating the encryption key is used, a new decryption key (second decryption key) is obtained by multiplying any two element data obtained in S314 and the decryption key obtained from the receipt 310. Generate.

  After a new decryption key (second decryption key) is generated in S320, the processes after S314 are performed using the new decryption key. Note that such a new decryption key (second decryption key) generation process (S320) is performed for all combinations of selecting two element data from the plurality of element data obtained in S314, for example. The processing from S313 onward is repeated for each combination of data. When such a method is used, for example, in the example of FIG. 15, the mobile terminal 10 that can decrypt the first area and the second area (that is, the customer 1 that belongs to both types A and B and is given the data 1 and 2, When the decryption key (element data F) of the receipt 310 is acquired in the second portable terminal 10), the fifth area can be decrypted by the portable terminal 10.

  On the other hand, in the process of S314, when a plurality of element data (element data A, B, C, D in the example of FIG. 15A) necessary for generating a new decryption key (second decryption key) cannot be obtained. Or, if the predetermined decryption data (element data F) recorded in the receipt 310 is not stored in the storage unit 15, or a new decryption key for all combinations of the plurality of element data obtained in S314 When the generation of the (second decryption key) is completed, the process proceeds to No in S319, and the processes after S321 are performed. In addition, the process of S321-S325 is the same as that of S19-S23 of FIG.

  In the second modification, the control unit 11 of the mobile terminal 10 corresponds to an example of “second decryption key generation means” and functions to generate the second decryption key based on two or more decryption key elements (element data). To do. In addition, the control unit 11 corresponds to an example of “decryption means”, and when decrypting a partially private code (see FIG. 15) encrypted based on the second encryption key, the “second decryption key generation” When the second decryption key generated by the means corresponds to the second encryption key, the decryption result of the private area is output.

  According to the second modification, special information corresponding to a combination of types can be provided to a plurality of persons belonging to a specific type with high confidentiality, and the degree of freedom of information provision and the convenience of information users can be further enhanced. Can do.

[Other Embodiments]
The present invention is not limited to the embodiments described with reference to the above description and drawings. For example, the following embodiments are also included in the technical scope of the present invention.

  In the above embodiment, the control unit 31 of the code issuing device 30 is configured as “code generation means” and the code issuing device 30 generates the partially secret codes C and C2. However, in any embodiment, However, the control unit 3 of the server 2 may function as “code generation means”. In this case, the server 2 generates partially private codes C and C2.

  In the third embodiment, an example in which the control unit 201 and the printing unit 202 of the card issuing device 200 function as “card creation means” has been described. However, the control unit 3 provided in the server 2 and a printing unit (not shown) It may function as a “creating means”. In this case, the card 2 with a two-dimensional code is created by the server 2.

  In the third embodiment, the control unit 201 of the card issuing device 200 functions as “two-dimensional code generation means”, and in the fourth embodiment, the control unit 301 of the receipt issuing device 300 functions as “two-dimensional code generation means”. However, in any of the embodiments, the control unit 3 of the server 2 can function as a “two-dimensional code generation unit”. In this case, the data (image data) of the two-dimensional code Q generated by the server 2 is transmitted from the server 2 to the card issuing device 200 and the receipt printing device 300, and these devices receive the data of the two-dimensional code Q. The two-dimensional code-added card 210 and the receipt 310 may be created.

DESCRIPTION OF SYMBOLS 1 ... Information transmission system 2 ... Server 3 ... Control part (Issuing means, management means, setting means, distribution means, 2nd encryption key generation means)
5. Storage unit (management means, setting means)
7. Communication unit (issuing means, distributing means)
DESCRIPTION OF SYMBOLS 10 ... Portable terminal 11 ... Control part (Decryption means, acquisition means, storage means, order determination means, output replacement means, reception means, card decoding means, decryption key recording code generation means, second decryption key generation means)
12 ... Imaging unit (imaging means)
13 ... Display section (display means)
15. Storage unit (accumulation means)
16. Communication unit (acquiring means, receiving means)
30 ... Code issuing device 31 ... Control unit (code generating means)
DESCRIPTION OF SYMBOLS 200 ... Card issuing apparatus 201 ... Control part (two-dimensional code production | generation means, card | curd preparation means)
202 ... printing section (card creation means)
300 ... Receipt issuing device 301 ... Control unit (two-dimensional code generation means, receipt creation means, reading means)
302 ... printing section (receipt creation means)
307 ... Imaging unit (reading means)
310 ... Receipt C ... Partially private code

Claims (10)

Server,
Code generating means capable of generating a partially private code having a public area and a private area in which encrypted data encrypted based on an encryption key is recorded;
An imaging unit capable of imaging the partially private code, and when the partially private code is imaged by the imaging unit, decrypts the data in the public area and the decryption corresponding to the encryption key A portable terminal comprising decryption means for decrypting the data in the private area under the condition of obtaining a key;
An information transmission system comprising:
The server
Issuing means for issuing the decryption key corresponding to the encryption key of the partially private code generated by the code generation means;
The portable terminal is
Acquisition means for acquiring the decryption key each time the decryption key issued by the issuing means is given to the mobile terminal;
Storage means for storing the decryption key acquired by the acquisition means;
With
The decrypting means tries to decrypt the private area using each decryption key stored in the storage means when decrypting the partially private code, and any one of the stored decryption keys is When corresponding to the encryption key of the private area in the partially private code, the decryption result of the private area is output ,
The portable terminal sets a success key with a track record of successful decryption of the non-public area in the portable terminal among the plurality of decryption keys stored in the storage means in an order before the unsuccessful key. An order determining means for determining a use order of the plurality of decryption keys stored in the storage means,
The decrypting means sequentially uses each decryption key stored in the storing means according to the order of use determined by the order determining means when decrypting the partially private code. Transmission system. The server
A management means for classifying and managing a plurality of portable terminals by type;
Setting means for setting a unique encryption key for each type classified by the management means;
With
The code generation means generates the partially private code in a configuration in which each encrypted data encrypted based on each unique encryption key set by the setting means is recorded in each of the plurality of private areas. The information transmission system according to claim 1 , wherein: The decoding means is
When decrypting each encrypted data of each private area of the partially private code, using each decryption key stored in the storage means in order,
The plurality of the encrypted data recorded in each of a plurality of the private area, claims and outputs the encrypted data only decode results corresponding to one of the decryption keys stored in said storage means Item 3. The information transmission system according to Item 2 . The encrypted data of the partially private code is obtained by encrypting at least address data of a specific access destination and password data necessary for access to the specific access destination. The information transmission system according to any one of claims 1 to 3 . Server,
Code generating means capable of generating a partially private code having a public area and a private area in which encrypted data encrypted based on an encryption key is recorded;
An imaging unit capable of imaging the partially private code, and when the partially private code is imaged by the imaging unit, decrypts the data in the public area and the decryption corresponding to the encryption key A portable terminal comprising decryption means for decrypting the data in the private area under the condition of obtaining a key;
An information transmission system comprising:
The server
Issuing means for issuing the decryption key corresponding to the encryption key of the partially private code generated by the code generation means;
The portable terminal is
Acquisition means for acquiring the decryption key each time the decryption key issued by the issuing means is given to the mobile terminal;
Storage means for storing the decryption key acquired by the acquisition means;
With
The decrypting means tries to decrypt the private area using each decryption key stored in the storage means when decrypting the partially private code, and any one of the stored decryption keys is When corresponding to the encryption key of the private area in the partially private code, the decryption result of the private area is output ,
In the partial private code, first information with a specific index is recorded in the public area, and second information with a corresponding index corresponding to the specific index is recorded in the private area. ,
The decoding means comprises output replacement means for replacing the first information with the second information and outputting the second information when the second information is successfully decoded;
The partially private code has a plurality of the private areas, and each private area is recorded with the second information with the corresponding index, and each private area has a corresponding correspondence. The index has a priority,
When the plurality of pieces of the second information are successfully decoded, the output replacement unit is configured to output the second information to which the correspondence index having a high priority is attached among the plurality of pieces of second information that have been successfully decoded. An information transmission system that outputs preferentially instead of the first information. The issuing means comprises distribution means for distributing the decryption key used for decrypting the partially private code generated by the code generation means to a distribution target terminal,
The acquisition means of the mobile terminal comprises receiving means for sequentially receiving the decryption key every time the decryption key is distributed from the distribution means of the server to the mobile terminal,
The storage means, information transmission system according to any one of claims 1 to 5, characterized in that sequentially storing the decryption key received by said receiving means. Two-dimensional code generation means for generating a two-dimensional code in which the decryption key issued by the issuing means is recorded as data;
Card creation means for attaching the two-dimensional code generated by the two-dimensional code generation means to a card medium and creating a card with a two-dimensional code to be given to a holder of the mobile terminal;
With
When the two-dimensional code attached to the card with the two-dimensional code is picked up by the image pickup means, the acquisition means of the portable terminal decodes the picked-up two-dimensional code to decode the decryption key The information transmission system according to any one of claims 1 to 6 , further comprising card decoding means for acquiring the information. The two-dimensional code generation means generates the two-dimensional code in a configuration including an identification number as data,
The decryption means of the mobile terminal validates the decryption key acquired from the two-dimensional code when the identification number recorded in the two-dimensional code matches a pre-registered registration number. The information transmission system according to claim 7 . Server,
Code generating means capable of generating a partially private code having a public area and a private area in which encrypted data encrypted based on an encryption key is recorded;
An imaging unit capable of imaging the partially private code, and when the partially private code is imaged by the imaging unit, decrypts the data in the public area and the decryption corresponding to the encryption key A portable terminal comprising decryption means for decrypting the data in the private area under the condition of obtaining a key;
An information transmission system comprising:
The server
Issuing means for issuing the decryption key corresponding to the encryption key of the partially private code generated by the code generation means;
The portable terminal is
Acquisition means for acquiring the decryption key each time the decryption key issued by the issuing means is given to the mobile terminal;
Storage means for storing the decryption key acquired by the acquisition means;
With
The decrypting means tries to decrypt the private area using each decryption key stored in the storage means when decrypting the partially private code, and any one of the stored decryption keys is When corresponding to the encryption key of the private area in the partially private code, the decryption result of the private area is output ,
Furthermore, a two-dimensional code generating means for generating a two-dimensional code using the decryption key issued by the issuing means as data,
A receipt creation means for creating a receipt of a product in a configuration with the two-dimensional code generated by the two-dimensional code generation means;
With
The acquisition unit of the mobile terminal acquires the decryption key by decoding the captured two-dimensional code when the two-dimensional code attached to the receipt is captured by the imaging unit. Having receipt decoding means,
The portable terminal is
Decryption key recording code generating means for generating an information code recording the decryption key held by the mobile terminal;
Display means for displaying the information code generated by the decryption key recording code generation means;
With
The two-dimensional code generation means includes reading means for reading the information code displayed on the display means, and the decoding of the information code read by the reading means as the two-dimensional code to be attached to the receipt. Generating the partially private code with a key as the encryption key;
The receipt creating means creates the receipt in a configuration with the partially private code generated by the two-dimensional code generating means,
Furthermore, the decryption key to be used in the other partial private code is recorded in the private area of the partial private code generated by the two-dimensional code generation means. Transmission system. Server,
Code generating means capable of generating a partially private code having a public area and a private area in which encrypted data encrypted based on an encryption key is recorded;
An imaging unit capable of imaging the partially private code, and when the partially private code is imaged by the imaging unit, decrypts the data in the public area and the decryption corresponding to the encryption key A portable terminal comprising decryption means for decrypting the data in the private area under the condition of obtaining a key;
An information transmission system comprising:
The server
Issuing means for issuing the decryption key corresponding to the encryption key of the partially private code generated by the code generation means;
The portable terminal is
Acquisition means for acquiring the decryption key each time the decryption key issued by the issuing means is given to the mobile terminal;
Storage means for storing the decryption key acquired by the acquisition means;
With
The decrypting means tries to decrypt the private area using each decryption key stored in the storage means when decrypting the partially private code, and any one of the stored decryption keys is When corresponding to the encryption key of the private area in the partially private code, the decryption result of the private area is output ,
The server
A plurality of the mobile terminals are classified and managed for each type, and management means capable of setting each mobile terminal to belong to a plurality of types;
Setting means for setting a unique encryption key for each type classified by the management means;
With
The code generation means is configured to generate a second cipher based on two or more unique encryption keys respectively defined for two or more types or two or more cipher data decipherable by the two or more unique encryption keys. Second encryption key generating means for generating an encryption key, and recording the encrypted data encrypted based on the second encryption key generated by the second encryption key generating means in the private area The partially private code is generated with a configuration to
The portable terminal is
Second decryption key generating means for generating a second decryption key based on two or more decryption key elements;
When the decrypting means decrypts the partially private code encrypted based on the second encryption key, the second decryption key generated by the second decryption key generating means is the second encryption key. An information transmission system for outputting a decryption result of the non-public area when corresponding to an encryption key.

Images