JP5341160B2 - GAME DEVICE, GAME SYSTEM, AND AUTHENTICATION CONTROL DEVICE - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a game machine that makes an appropriate inquiry according to a situation. <P>SOLUTION: An authentication control part of the game machine includes: a storage means for storing identification information of a predetermined device; and an authentication means for acquiring identification information of the predetermined device transmitted by the predetermined device, and authenticating the predetermined device, on the basis of the acquired identification information and the identification information stored in the storage means. If authentication fails in the authentication means, the identification information transmitted by the predetermined device is transmitted to the authentication device for authenticating the predetermined device, and an inquiry for authentication of the predetermined device is made to an authentication device. When authentication in the authentication means is successful, no inquiry is made. <P>COPYRIGHT: (C)2013,JPO&amp;INPIT

Description

The present invention relates to a gaming device , a gaming system , and an authentication control device .

  Examples of such gaming devices include gaming machines such as pachinko machines, pachislot machines, card game machines, and peripheral devices (card units, etc.) installed and used together with the gaming machines. Such a gaming apparatus is generally equipped with a control unit (for example, an IC chip) that performs predetermined processing.

  Here, Patent Document 1 discloses a technique in which authentication for detecting unauthorized replacement of a control unit is performed by an authentication device outside the gaming device.

JP 2010-162425 A

  However, with the technique described in Patent Document 1, an authentication inquiry to the authentication apparatus is always made at the time of authentication, and it is difficult to make an appropriate inquiry according to the situation.

The present invention has been made based on such a background, and its object is to provide a gaming device , a gaming system , and an authentication control device capable of making an appropriate inquiry according to the situation. Is to provide.

(1) In order to achieve the above object, a gaming apparatus according to the present invention includes:
A gaming device (for example, card unit 20 or the like) including an authentication control unit (for example, security chip 22 or the like) for authenticating a predetermined device (for example, payout control chip 11 or the like),
The predetermined device is mounted on the gaming device or other gaming device (pachinko machine 10),
The authentication control unit
Storage means for storing identification information of the predetermined device (for example, a storage unit 22b for storing chip information);
Authentication means (for example, authenticating the predetermined apparatus based on the acquired identification information and the identification information stored in the storage means, acquiring the identification information of the predetermined apparatus transmitted by the predetermined apparatus) A processing unit 22a) for collating the chip information transmitted in step C29;
If the authentication by the authentication unit is unsuccessful, the identification information transmitted by the predetermined device is transmitted to an authentication device that authenticates the predetermined device (for example , the key management center server 310). An inquiry is made to the authentication device based on the identification information, and if the authentication by the authentication means is successful, the inquiry is not made. a processing or step G5, G6 processing unit 22a that performs processing of) the step E6, was closed,
The identification information transmitted by the inquiry means is sent to the authentication device via a predetermined intermediate device (for example, the host server 510) that can authenticate the predetermined device (for example, step C33).
The inquiry means sends an inquiry for authentication of the predetermined device based on the identification information according to the content of the authentication failure by the authentication means (for example, when no chip information is stored in the storage unit 22b). (For example, steps F6 to F7) for the intermediate device, not the authentication device,
It is characterized by that.
(2) In the gaming device of (1) above,
When the level specifying information specifying the level of authentication by the authentication unit is supplied (for example, control information), the inquiry unit authenticates the predetermined device based on the identification information corresponding to the authentication level. (See steps H1 to H3, for example)
You may do it.
(3) In order to achieve the above object, a gaming system according to the present invention comprises:
(1) or (2) gaming device;
A gaming system comprising the authentication device (eg, key management center server 310).
The gaming device transmits the identification information to the authentication device, and makes an inquiry to the authentication device for authentication of the predetermined device based on the identification information.
A gaming system characterized by that.
(4) In order to achieve the above object, an authentication control apparatus according to the present invention includes:
Authentication that is mounted on a gaming device (for example, card unit 20) and authenticates a predetermined device (for example, payout control chip 11) mounted on the gaming device or other gaming device (pachinko machine 10). A control device (for example, a security chip 22),
Storage means for storing identification information of the predetermined device (for example, a storage unit 22b for storing chip information);
Authentication means (for example, authenticating the predetermined apparatus based on the acquired identification information and the identification information stored in the storage means, acquiring the identification information of the predetermined apparatus transmitted by the predetermined apparatus) A processing unit 22a) for collating the chip information transmitted in step C29;
If the authentication by the authentication unit is unsuccessful, the identification information transmitted by the predetermined device is transmitted to an authentication device that authenticates the predetermined device (for example, the key management center server 310). An inquiry is made to the authentication device based on the identification information, and if the authentication by the authentication means is successful, the inquiry is not made. And a processing unit 22a) that performs the processing of step E6 or the processing of steps G5 and G6,
The identification information transmitted by the inquiry means is sent to the authentication device via a predetermined intermediate device that can authenticate the predetermined device (for example, step C33).
The inquiry means sends an inquiry for authentication of the predetermined device based on the identification information according to the content of the authentication failure by the authentication means (for example, when no chip information is stored in the storage unit 22b). (For example, steps F6 to F7) for the intermediate device, not the authentication device,
It is characterized by that.

According to the above configurations (1) to (4) , when the authentication by the authentication unit is successful, the authentication device is not inquired for authentication, and when the authentication is unsuccessful, the authentication device is inquired for authentication. Therefore, since it is possible to prevent an inquiry to the authentication apparatus when an inquiry to the authentication apparatus that has been successfully authenticated by the authentication unit is unnecessary, an inquiry suitable for the situation can be made. Furthermore, since it is possible to make an inquiry to the intermediate apparatus according to the contents of the authentication failure, an appropriate inquiry according to the situation can be made.
According to the configuration of (2) above, the inquiry destination can be adjusted by external designation, so that an appropriate inquiry is made according to the situation.

( 5 ) In order to achieve the above object, the gaming device according to the reference example is:
A gaming device (for example, card unit 20 or the like) including an authentication control unit (for example, security chip 22 or the like) that authenticates a predetermined device (for example, CU control unit 21 or the like),
The predetermined device is mounted on the gaming device or other gaming device (pachinko machine 10),
The authentication control unit
Storage means for storing identification information (eg, authentication information C1) of the predetermined device and authentication information (eg, encryption key C2) for authenticating the predetermined device;
Authentication means for performing communication using the authentication information with the predetermined device and authenticating the predetermined device based on the communication status (for example, in the case where encryption communication cannot be performed using the encryption key C2 in step D9) A processing unit 22a) to be identified;
When the authentication by the authentication unit fails, the identification information stored in the storage unit is transmitted to an authentication device that authenticates the predetermined device (for example, the upper server 510, the key management center server 310, etc.). An inquiry unit (for example, an encryption key) that makes an inquiry about authentication of the predetermined device based on the identification information to the authentication device and does not make the inquiry when the authentication unit succeeds in authentication. A processing unit 22a) that shifts to the first mode when encryption communication cannot be performed using C2.
It is characterized by that.

  According to the above configuration, when the authentication by the authentication unit is successful, the authentication inquiry is not performed. When the authentication fails, the authentication unit is inquired for authentication. Since the inquiry to the authentication apparatus when the inquiry to the authentication apparatus is unnecessary is prevented, it is possible to make an appropriate inquiry according to the situation.

( 6 ) In the gaming device , gaming system , and authentication control device according to any one of (1) to ( 5 ) above,
The identification information transmitted to the authentication device is transmitted to the authentication device via a predetermined intermediate device (for example, the upper server 510).
When the authentication by the authentication unit is a failure due to the fact that the identification information is not stored in the storage unit, the inquiry unit authenticates the predetermined device to the predetermined intermediate device (for example, To determine whether or not the chip information is stored, see step F8) (see, for example, steps F5 and F6),
You may do it.

  According to the above configuration, since an inquiry for authentication can be made to the intermediate apparatus according to the content of the authentication failure, an appropriate inquiry according to the situation can be made.

( 7 ) In the gaming device , gaming system , and authentication control device according to any one of (1) to ( 6 ) above,
In the case where level specifying information (for example, control information) specifying the level of authentication by the authentication unit is supplied from the authentication device, the inquiry unit performs authentication of the authentication unit according to the authentication level. The identification information is transmitted to the inquiry destination specified based on the result, and an inquiry for authentication of the predetermined device is performed based on the identification information (see, for example, steps H1 to H3).
You may do it.

  According to the above configuration, since the inquiry destination can be adjusted by designation from the outside, an appropriate inquiry is made according to the situation.

( 8 ) In the gaming apparatus , gaming system , and authentication control apparatus according to any one of (1) to ( 7 ) above,
The identification information transmitted to the authentication device is encrypted by the inquiry means, transmitted to the authentication device via a predetermined intermediate device in an encrypted state, and decrypted by the authentication device ( For example, see steps C31 to C33),
You may do it.

  According to the above configuration, since the identification information remains encrypted in the intermediate device, the risk of leakage of the identification information can be reduced.

( 9 ) In the gaming device , gaming system , and authentication control device according to any one of (1) to ( 8 ),
The identification information stored in the storage means has the same content as the identification information stored in the authentication device (eg, chip information is stored in the case of collation OK in step C37).
You may do it.

  According to the above configuration, it is ensured that the identification information stored in the storage unit is legitimate, so that the accuracy of authentication using the identification information can be ensured.

It is a block diagram which shows the structure of the game system which concerns on one Embodiment of this invention. It is a block diagram which shows the structure of the card unit and pachinko machine in one Embodiment of this invention. It is a block diagram which shows the structure of the key management center server which comprises the game system of FIG. It is a block diagram which shows the structure of the chip maker computer which comprises the game system of FIG. It is a block diagram which shows the structure of the lighter for communication control IC which comprises the game system of FIG. It is a block diagram which shows the structure of the lighter for security chips which comprises the game system of FIG. It is a block diagram which shows the structure of the high-order server which comprises the game system of FIG. It is a figure which shows an example of the operation | movement flow of each apparatus at the time of manufacture of a card unit. It is a figure which shows an example of the operation | movement flow of each apparatus at the time of manufacture of a card unit. It is a figure which shows an example of the operation | movement flow of each apparatus at the time of manufacture of a card unit. It is a figure which shows an example of the operation | movement flow of each apparatus at the time of manufacture of a card unit. It is a figure which shows an example of the operation | movement flow of each apparatus at the time of the operation | movement confirmation of a card unit. It is a figure which shows an example of the operation | movement flow of each apparatus at the time of game hall installation of a pachinko machine and a card unit. It is a figure which shows an example of the operation | movement flow of each apparatus at the time of game hall installation of a pachinko machine and a card unit. It is a figure which shows an example of the operation | movement flow of each apparatus at the time of game hall installation of a pachinko machine and a card unit. It is a figure which shows an example of the operation | movement flow of each apparatus at the time of game hall installation of a pachinko machine and a card unit. It is a figure which shows an example of the operation | movement flow of each apparatus in normal time. It is a figure which shows an example of the relationship between the conditions of the mode of a security chip, and the process performed. It is a figure which shows an example of the operation | movement flow for demonstrating the inquiry destination of chip | tip information. It is a figure which shows an example of the operation | movement flow for demonstrating the inquiry destination of chip | tip information. It is a figure which shows an example of the operation | movement flow for demonstrating the inquiry destination of chip | tip information. It is a figure which shows an example of the operation | movement flow for demonstrating the inquiry destination of chip | tip information. It is a figure which shows an example of the operation | movement flow for demonstrating delivery of control information.

  Embodiments of the present invention will be described in detail with reference to the drawings.

(Embodiment)
(Configuration of gaming system 1)
As shown in FIG. 1, the gaming system 1 according to this embodiment includes a pachinko machine 10, a card unit 20, a key management center server 310, a chip maker computer 110, a communication control IC writer 610, and a security chip. (SC) writer 650 (hereinafter referred to as SC writer 650) and a host server 510. The pachinko machine 10 and the card unit 20 are examples of gaming devices.

  The key management center server 310, the chip maker computer 110, the communication control IC writer 610, the SC writer 650, and the host server 510 are connected to a network N such as the Internet. Can communicate. In order to prevent information leakage, at least a part of each of the above devices may be connected to a predetermined device as a communication partner with a dedicated line and communicate with the predetermined device via the dedicated line.

  The host server 510 and the card unit 20 are installed in a game hall 500 (such as a pachinko parlor), and are connected to each other via a local network or the like in the game hall 500. For example, one host server 510 is installed in the game hall 500. A plurality of card units 20 are connected to the pachinko machine 10 so as to be communicable with each other, and a plurality of card units 20 are installed in the game hall 500. The card unit 20 and the pachinko machine 10 are connected to each other in a one-to-one relationship so that they can communicate with each other, and a plurality of the card units 20 and the pachinko machines 10 are installed in the game hall 500.

  The communication control IC writer 610 and the SC writer 650 are communicably connected to each other via a local network in the card unit maker 600.

(Pachinko machine 10)
The pachinko machine 10 is arranged at a predetermined position for each model or the like on the game island in the pachinko parlor (amusement hall 500). In the present embodiment, the pachinko machine 10 is a so-called CR pachinko machine (a so-called sealed pachinko machine may be used). A player plays a game with the pachinko machine 10. In a game played with the pachinko machine 10, the player drives the pachinko ball, which is a game medium, into the game area of the pachinko machine 10 and plays the game.

  The enclosed pachinko machine is a gaming machine that plays a game by circulating and using pachinko balls enclosed in the pachinko machine 10, and refers to a pachinko machine that does not pay out prize balls using the pachinko balls. In a sealed pachinko machine, a player uses a prepaid recording medium in which valuable information such as a pachinko ball lending amount is recorded, for example, a card-like recording medium such as a magnetic card (hereinafter also simply referred to as a card). The card is inserted into the card unit 20 arranged along the outer frame of the ten, and the necessary number of pachinko balls is subtracted from the card (converted into number-of-ball information) to lend a game. The enclosed pachinko machine increases or decreases the number of balls held by the number-of-balls information according to the winning of a pachinko ball at a winning opening, the entering of an out opening, or the like. The basic rule for this increase / decrease is the same as the increase / decrease of the ball of a general pachinko machine. At the end of the game, the player operates the checkout button to record the ball count information indicating the number of possessed balls currently acquired on the card (at this time, the ball count information is converted into the card count) This card may be discharged out of the card unit 20. Note that the number of possession balls may be managed by the host server 510. In this case, for example, instead of recording the number-of-balls information on the card, the card unit 20 transmits the number-of-balls information and card identification information for identifying the card to the upper server 510. For example, the upper server 510 may store the number of possession information and the card identification information for identifying the card in association with each other, and manage the number of possession for each card. The card unit 20 may use not only prepaid cards but also cash or cash and prepaid cards in combination.

  The pachinko machine 10 is configured to include a game board that constitutes the game area by attaching a game nail, a winning opening, a display device, and the like, and a housing that houses the game board (not shown). As shown in FIG. 1, a payout control chip 11 and a main control chip 13 are provided.

  The main control chip 13 is mounted on the control board on the game board side of the pachinko machine 10 and mainly controls the progress of the game. The payout control chip 11 is mounted on a control board on the housing side of the pachinko machine 10, and mainly controls payout of prize balls (in the case of an encapsulated type, addition / subtraction of the number of balls, etc.).

  As shown in FIG. 2, the payout control chip 11 includes a processing unit 11a including a CPU (Central Processing Unit) and a RAM (Random Access Memory), and a nonvolatile storage device such as a ROM (Read Only Memory). For example, it is configured by a one-chip microcomputer or the like that includes a storage unit 11b and a communication unit 11c including an input / output port. The ROM may be a writable ROM such as an EPROM (hereinafter, the same applies to the ROM). Note that the RAM is basically volatile, but may appropriately include a non-volatile one (hereinafter, the same applies to the RAM).

  The storage unit 11b stores predetermined information in addition to the program. The communication unit 11c is used when the processing unit 11a communicates (sends or receives information) with the outside of the payout control chip 11. The processing unit 11a is a part that performs predetermined processing in accordance with a program stored in the storage unit 11b. For example, the processing unit 11a exchanges information regarding the lending of pachinko balls with the card unit 20 (communication control IC 23) (in particular, when not encapsulated), or exchanges information regarding increase / decrease of the number of balls held (especially encapsulated). The ball lending process (visitor ball lending process, member-unit ball lending process, member fraction ball lending process, etc.) and the like are performed by performing the above (in the case of a formula) via the communication unit 11c. In addition, the processing unit 11a performs processing described later. Note that the processing unit 11a performs processing using information stored in the storage unit 11b and information received via the communication unit 11c.

  As shown in FIG. 2, the main control chip 13 includes a processing unit 13a including a CPU and a RAM, a storage unit 13b including a non-volatile storage device such as a ROM, and a communication unit 13c including an input / output port. For example, a one-chip microcomputer or the like.

  The storage unit 13b stores predetermined information in addition to the program. The communication unit 13c is used when the processing unit 13a performs communication (information transmission or reception) with the outside of the main control chip 13. The processing unit 13a is a part that performs a predetermined process in accordance with a program stored in the storage unit 13b. For example, the processing unit 13a causes each unit of the pachinko machine 10 to perform an effect operation related to a game performed by the pachinko machine 10 (for example, opening / closing a winning opening of the game board and displaying an image on a display device). Further, the processing unit 13a communicates with the payout control chip 11 via the communication unit 13c, for example, to increase the number-of-balls information when a winning occurs (especially in the case of a sealed type), the payout control chip 11 The number of pachinko balls to be paid out (especially when it is not encapsulated) and the processing described below are performed. Note that the processing unit 13a performs processing using information stored in the storage unit 13b and information received via the communication unit 13c.

(Card unit 20)
The card unit 20 is arranged corresponding to the pachinko machine 10 (for example, adjacent to the left side of the pachinko machine 10), and both are communicably connected. The card unit 20 manages ball lending (especially when the pachinko machine 10 is not enclosed), manages the card balance, and manages the number of balls recorded on the card (especially when the pachinko machine 10 is enclosed). Etc. The card unit 20 includes various lamps such as a usable display lamp indicating whether or not it is usable, a card insertion slot, a card reader / writer for reading a card inserted into the card insertion slot, etc. .). As shown in FIG. 2, the card unit 20 includes a CU control unit 21, a security chip 22, a communication control IC 23, and a security board 24. The security chip 22 and the communication control IC 23 are mounted on the security board 24.

  As shown in FIG. 2, the communication control IC 23 includes a processing unit 23a including a CPU and a RAM, a storage unit 23b including a nonvolatile storage device such as a ROM, a communication unit 23c including an input / output port, and the like. For example, a one-chip microcomputer.

  The storage unit 23b stores predetermined information in addition to the program. The communication unit 23c is used when the processing unit 23a performs communication (information transmission or reception) with the outside of the communication control IC 23. The processing unit 23a performs predetermined processing described later according to a program stored in the storage unit 23b. Note that the processing unit 23a performs processing using information stored in the storage unit 23b and information received via the communication unit 23c.

  As shown in FIG. 2, the security chip 22 includes a processing unit 22a including a CPU and a RAM, a storage unit 22b including a non-volatile storage device such as a ROM, a communication unit 22c including an input / output port, and the like. For example, a one-chip microcomputer.

  The storage unit 22b stores predetermined information in addition to the program. The communication unit 22c is used when the processing unit 22a communicates with the outside of the security chip 22. The processing unit 22a performs a predetermined process according to the program stored in the storage unit 22b. For example, the processing unit 22a performs a process described later. Further, the processing unit 22a performs a base abnormality check using information transmitted from the pachinko machine 10, for example. Note that the processing unit 22a performs processing using information stored in the storage unit 22b and information received via the communication unit 22c.

  Here, the base abnormality will be described. In the pachinko industry, there is a rate of appearance in the normal gaming state, which is called the base. The base B is calculated by, for example, an equation B = (OUT−out of special award) / (IN−in special award IN) × 100.

  Here, IN is the result of counting the number of balls that have been shot into the pachinko machine 10, and is counted by a ball counter that is provided in the island facility and attached to the ball ball tank installed for each pachinko machine 10. Aggregated based on results. OUT is the result of counting the number of prize balls that have been paid out, and is counted based on the prize ball signal output from the pachinko machine 10. The special prize IN is a result of counting the number of hit balls during the special prize (big hit), and is totaled based on the detection result of the hit ball detecting switch during the output of the big hit signal output from the pachinko machine 10. The special prize OUT is a result of counting the number of prize balls during the special prize, and is totaled based on the prize ball signal during the output of the jackpot signal output from the pachinko machine 10. When the pachinko machine 10 according to the present embodiment is a so-called enclosed pachinko machine, IN and special prize IN indicate information on the number of possessed balls consumed by driving, and OUT and special prize OUT are possessed balls acquired by winning or the like. Indicates number information.

  A high value of the base B means that it is easy to win a prize in a normal game, in other words, a ball holding is good. Thus, the base B is a value useful for knowing the operating status of the pachinko machine 10, and the administrator of the game hall 500 often performs nail adjustment while referring to the value of the base B. For example, it is possible to adjust the game nail so that the base B is high, or to adjust the game nail slightly because the base B is low. Further, the value of the base B is a value within a substantially constant range except for the case immediately after the end of the big hit game. In this way, since the value of the base B does not suddenly increase, if the value of the base B suddenly increases, a problem has occurred in the pachinko machine 10 itself or fraudulent activity (base abnormality) ) May have been performed.

  On the security board 24, a communication control IC 23, a security chip 22 and the like are mounted, and in particular, a predetermined electronic circuit is provided so that the communication control IC 23 and the security chip 22 can execute processing described later. For example, the security board 24 can communicate with the communication control IC 23 and the security chip 22, the communication control IC 23 and the pachinko machine 10 can communicate with each other, or the security chip 22 and the CU control unit 21 can communicate with each other. An appropriate electronic circuit is provided.

  As shown in FIG. 2, the CU control unit 21 includes a processing unit 21a including a CPU and a RAM, a storage unit 21b including a non-volatile storage device such as a ROM, and a communication unit 21c including an input / output port. For example, a predetermined control board. Note that at least a part of the processing unit 21a, the storage unit 21b, and the communication unit 21c may be appropriately configured by a one-chip microcomputer.

  The storage unit 21b stores predetermined information in addition to the program. The communication unit 21c is used when the processing unit 21a communicates with the outside of the CU control unit 21. The processing unit 21a performs predetermined processing according to the program stored in the storage unit 21b. For example, the processing unit 21a exchanges information regarding the lending of pachinko balls with the pachinko machine 10 (payout control chip 11) through the communication unit 21c, the security chip 22, and the communication control IC 23, thereby performing the above-described ball operation. Perform lending processing (operation related to games). In addition, the processing unit 21a controls a card reader / writer to read / write information from / to the card, turn on a lamp, etc. The processing related to the game is appropriately performed by transmitting the obtained sales information or the like, and the processing described later is performed. Specifically, the processing unit 21a performs reading and writing of, for example, card balance, stored ball information indicating a pachinko ball stored, and a member ID for identifying a player. When the pachinko machine 10 in the present embodiment is a so-called encapsulated pachinko machine, the processing unit 21a reads and writes the frequency of the card-like recording medium in addition to the above-described reading and writing (to information on increase / decrease in the number of balls information) (Including conversion). The processing unit 21a performs processing using information stored in the storage unit 21b and information received via the communication unit 21c.

(Key management center server 310)
The key management center server 310 is, for example, a general server computer, and is installed outside the game hall 500 (outside the pachinko store) and operated by the key management center 300 (for example, operated by a predetermined card unit manufacturer 600). Are managed (see FIG. 1).

  As shown in FIG. 3, the key management center server 310 includes a storage unit 312, a control unit 311, an input / output unit 313, and a system bus 314 that connects the units to each other.

  The storage unit 312 includes a nonvolatile storage device such as a ROM, a magnetic disk (such as a hard disk), and a semiconductor memory. The storage unit 312 stores information necessary for the control unit 311 to perform processing, a program, and the like.

  The input / output unit 313 includes a communication unit including a serial interface connected to the outside such as the network N. Also, the input / output unit 313 is an audio output such as a display unit configured by a monitor or the like that is controlled by the control unit 311 to display a predetermined screen, or a buzzer that is controlled by the control unit 311 and outputs predetermined information as audio. An operation input unit including a keyboard, a mouse, and the like that receives an input operation from an employee belonging to the key management center 300 and supplies an operation signal corresponding to the received operation to the control unit 311 good.

  The control unit 311 includes a CPU, a RAM, and the like. The control unit 311 performs the processing described later in accordance with the program stored in the storage unit 312 and using information stored in the storage unit 312 and information received via the communication unit. The control unit 311 controls the display unit, the audio output unit, and the like, and performs processing according to an operation signal supplied from the operation unit (that is, an operation by an employee or the like).

(Chip maker computer 110)
The chip maker computer 110 is, for example, a general computer, is installed outside the amusement hall 500, and is managed by the chip maker 100 (see FIG. 1).

  As shown in FIG. 4, the chip maker computer 110 includes a storage unit 112, a control unit 111, an input / output unit 113, and a system bus 114 that connects the units to each other.

  The storage unit 112 includes a nonvolatile storage device such as a ROM, a magnetic disk (such as a hard disk), and a semiconductor memory. The storage unit 112 stores information, programs, and the like necessary for the control unit 111 to perform processing.

  The input / output unit 113 includes a communication unit including a serial interface connected to the outside such as the network N. Further, the input / output unit 113 is an audio output such as a display unit configured by a monitor or the like that is controlled by the control unit 111 and displays a predetermined screen, or a buzzer that is controlled by the control unit 111 and outputs predetermined information as audio. An operation input unit configured by a keyboard, a mouse, or the like that receives an input operation from an employee or the like belonging to the chip maker 100 and supplies an operation signal corresponding to the received operation to the control unit 111 may be provided.

  The control unit 111 includes a CPU and a RAM. The control unit 111 performs a process described later according to a program stored in the storage unit 112, and using information stored in the storage unit 112, information received via the communication unit, and the like. In addition, the control unit 111 controls the display unit, the audio output unit, and the like, and performs a process according to an operation signal (that is, an operation by an employee or the like) supplied from the operation unit.

(Communication control IC lighter 610)
The communication control IC writer 610 is, for example, a reader / writer that reads / writes information, is shipped from the chip maker 100, and is delivered and installed in the card unit maker 600 outside the game hall 500 (see FIG. 1). . The communication control IC writer 610 performs processing for writing various information in a storage unit (ROM or the like) of the communication control IC 23.

  As shown in FIG. 5, the communication control IC writer 610 includes a storage unit 612, a control unit 611, an input / output unit 613, a writing / reading unit 615, and a system bus 614 that interconnects the units. I have.

  The storage unit 612 includes a nonvolatile storage device such as a ROM, a magnetic disk (such as a hard disk), and a semiconductor memory. The storage unit 612 stores information, programs, and the like necessary for the control unit 611 to perform processing.

  The input / output unit 613 includes a communication unit including a serial interface connected to the outside such as a network N and a local network. Further, the input / output unit 613 is a sound output such as a display unit configured by a monitor or the like that is controlled by the control unit 611 to display a predetermined screen, or a buzzer that is controlled by the control unit 611 and outputs predetermined information as a sound. An operation input unit composed of a keyboard, a mouse, etc. that accepts input operations from employees belonging to the chip unit, chip maker 100, card unit maker 600, etc., and supplies operation signals corresponding to the accepted operations to the control unit 611 You may prepare.

  The writing / reading unit 615 reads / writes information with the communication control IC 23 (storage unit 23b (ROM, etc.)) under the control unit 611.

  The control unit 611 includes a CPU and a RAM. The control unit 611 performs a process described later according to a program stored in the storage unit 612, using information stored in the storage unit 612, information received via the communication unit, and the like. The control unit 611 controls the display unit, the audio output unit, and the like, and performs processing according to an operation signal supplied from the operation unit (that is, an operation by an employee or the like). The control unit 611 reads and writes various information with respect to the communication control IC 23 via the writing / reading unit 615.

(SC lighter 650)
The SC writer 650 is, for example, a reader / writer that reads / writes information. The SC writer 650 is manufactured by the card unit maker 600 or shipped from another maker and delivered to the card unit maker 600 outside the playground 500. Are installed (see FIG. 1). The SC writer 650 performs processing for writing various types of information in a storage unit (ROM or the like) of the security chip 22.

  As shown in FIG. 5, the SC writer 650 includes a storage unit 652, a control unit 651, an input / output unit 653, a writing / reading unit 655, and a system bus 654 that interconnects the units. Yes.

  The storage unit 652 includes a nonvolatile storage device such as a ROM, a magnetic disk (such as a hard disk), and a semiconductor memory. The storage unit 652 stores information, programs, and the like necessary for the control unit 651 to perform processing.

  The input / output unit 653 includes a communication unit including a serial interface connected to the outside such as the network N and a local network. Also, the input / output unit 653 is an audio output such as a display unit configured by a monitor or the like that is controlled by the control unit 651 to display a predetermined screen, or a buzzer that is controlled by the control unit 651 and outputs predetermined information as audio. Input unit configured with a keyboard, a mouse, or the like that accepts input operations from the card unit maker 600 or employees belonging to other manufacturers, and supplies operation signals corresponding to the received operations to the control unit 651 May be provided.

  The writing / reading unit 655 reads / writes information with the communication control IC 23 (storage unit 23b (ROM, etc.)) under the control unit 651.

  The control unit 651 includes a CPU and a RAM. The control unit 651 performs a process described later according to a program stored in the storage unit 652 and using information stored in the storage unit 652 and information received via the communication unit. In addition, the control unit 651 controls the display unit, the audio output unit, and the like, and performs a process according to an operation signal supplied from the operation unit (that is, an operation by an employee or the like). The control unit 651 reads / writes various information from / to the security chip 22 via the writing / reading unit 655.

(Upper server 510)
The host server 510 is, for example, a general server computer, installed at a predetermined location (for example, a management office) of the game hall 500, and a plurality of card units 20 and a plurality of pachinko machines installed in the game hall 500. It is an on-site management device that manages each machine 10 (see FIG. 1). The host server 510 is connected to the key management center server 310 and a plurality of card units 20 installed in the game hall 500 so that they can communicate with each other. The host server 510 controls, for example, the card unit 20 in addition to counting sales information and the like transmitted from each card unit 20. The host server 510 is installed, for example, for each pachinko parlor (for each game hall 500).

  As shown in FIG. 7, the upper server 510 includes a storage unit 512, a control unit 511, an input / output unit 513, and a system bus 514 that connects the units to each other.

  The storage unit 512 includes a nonvolatile storage device such as a ROM, a magnetic disk (such as a hard disk), and a semiconductor memory. The storage unit 512 stores information, programs, and the like necessary for the control unit 511 to perform processing.

  The input / output unit 513 includes a communication unit including a serial interface connected to the outside such as a network N and a local network. Also, the input / output unit 513 is an audio output such as a display unit configured by a monitor or the like that displays a predetermined screen under the control of the control unit 511, or a buzzer that outputs audio of predetermined information under the control of the control unit 511. An operation input unit configured by a keyboard, a mouse, or the like that receives an input operation from an employee working in the game department 500 and supplies an operation signal corresponding to the received operation to the control unit 511 may be provided.

  The control unit 511 includes a CPU, a RAM, and the like. The control unit 511 performs the later-described processing and the above-described processing using the information stored in the storage unit 512, information received via the communication unit, and the like according to the program stored in the storage unit 512. In addition, the control unit 511 controls the display unit, the audio output unit, and the like, and performs a process according to an operation signal (that is, an operation by an employee or the like) supplied from the operation unit.

(Operation of game system 1)
Next, the operation of each device at the time of manufacture of the card unit 20, the operation of each device at the confirmation of the operation of the card unit 20, the operation of each device when the pachinko machine 10 and the game unit 500 are installed, the pachinko machine 10 and The operation of each device after the game unit 500 is installed in the card unit 20 will be described with reference to the drawings. The algorithm of encryption communication performed using various encryption keys such as encryption keys A1 and A2, encryption keys C1 to C3, secret keys A and B, and delivery keys A and B, which will be described later, is arbitrary. It is. For example, a common key encryption method such as a DES (Data Encryption Standard) method or an AES (Advanced Encryption Standard) method is used.

  Further, in the collation (an example of authentication) described below, when both pieces of information to be collated indicate the same content (for example, both pieces of information are the same information (for example, numerical values match)) If the same thing is identified), the collation result is collation OK (also simply referred to as “OK” or “successful collation”) (an example of successful authentication), and the same contents are not indicated (for example, When the two pieces of information are different information (for example, when the same information is not identified because the numerical values do not match), the collation result is referred to as collation NG (also simply referred to as NG. (Also called authentication failure).

  In addition, transmission / reception of information (including various notifications, various requests, and the like) between the devices described below (including the CU control unit 21, the security chip 22, the communication control IC 23, the payout control chip 11, the main control chip 13, and the like). ) Is performed via a communication unit included in each device. Furthermore, the following steps may be performed by an appropriate method and timing, for example, a user such as an employee who operates each device operates the operation input unit. Information stored in the storage unit or the like by each device is also stored in the storage unit by an appropriate method such as an operation on the operation input unit.

  In the drawings referred to below, information surrounded by a solid line indicates information stored in advance, and information surrounded by a broken line indicates information newly stored. The underlined information indicates information encrypted with a predetermined encryption key. An arrow indicates the direction of information supply. Further, when the arrow line extends to the information, the information is formally stored in the storage unit of the supply destination device (for example, it is stored so that it can be used in the subsequent processing, the RAM If the arrow line stops at the device, the information is not officially stored in the storage unit (that is, it is temporarily stored in the RAM). Yes.)

  The order of the steps can be changed as appropriate as long as there is no situation where the steps cannot be executed. When a plurality of pieces of information are encrypted with the same key, basically, each piece of information is individually encrypted. However, a plurality of pieces of information can be encrypted together as appropriate.

(At the time of manufacturing the card unit 20)
The operation of each device when the card unit 20 is manufactured will be described with reference to FIGS. The card unit 20 is manufactured by the operation of the gaming system 1 described below. The card unit 20 is manufactured by the card unit manufacturer 600, but the communication control IC 23 is manufactured by the chip manufacturer 100 and shipped to the card unit manufacturer 600. The security chip 22 is manufactured by the chip manufacturer 100 or another manufacturer and used by the card unit manufacturer 600. The card unit manufacturer 600 manufactures the security board 24, mounts the communication control IC 23 and the security chip 22, manufactures the CU control unit 21, and manufactures the card unit 20 on which these are mounted.

  As shown in FIG. 8, the chip manufacturer 100 manufactures a communication control IC writer 610 and ships it to the card unit manufacturer 600 (step A1). The chip manufacturer computer 110 registers various information about the communication control IC writer 610 shipped in step A1 in the key management center server 310 (step A2). The chip manufacturer 100 ships the communication control IC 23 to which the communication control IC writer 610 shipped in step A1 writes information to the card unit manufacturer 600 (step A3). The chip manufacturer computer 110 registers information about the communication control IC writer 610 shipped in step A3 in the key management center server 310 (step A4).

  Here, information stored in the storage unit 612 of the communication control IC writer 610, the storage unit 112 of the chip maker computer 110, and the storage unit 23b of the communication control IC 23 will be described. Such information includes manufacturer information A, authentication information A1, delivery key A, write key, permission information B, permission information A, operation control information, version information A2, encryption key A1, version information A1, secret key. A, authentication information A2, and the like. Although not shown, the storage unit 612 of the communication control IC writer 610, the storage unit 112 of the chip maker computer 110, and the storage unit 23b of the communication control IC 23 also have programs and information necessary for executing processing as appropriate. It shall be remembered.

  The manufacturer information A includes a predetermined numerical value assigned to each chip manufacturer 100 that manufactures the communication control IC lighter 610. The manufacturer information A is stored in each of the storage unit 612 of the communication control IC writer 610, the storage unit 112 of the chip maker computer 110, and the storage unit 23b of the communication control IC 23.

  The authentication information A1 is information for authenticating the communication control IC writer 610. For example, identification information for identifying the communication control IC writer 610 (for example, unique identification information for each communication control IC writer 610). It is. The authentication information A1 includes a predetermined numerical value. The authentication information A1 is stored in the storage unit 612 of the communication control IC writer 610 and the storage unit 112 of the chip maker computer 110, respectively.

  The delivery key A is a key for encryption communication used when encrypting or decrypting information transmitted / received in encryption communication. The delivery key A is stored in the storage unit 612 of the communication control IC writer 610 and the storage unit 112 of the chip maker computer 110, respectively.

  The write key is a key for encrypted communication used when encrypting or decrypting information transmitted / received in encrypted communication. The write key is stored in each of the storage unit 23 b of the communication control IC 23 and the storage unit 612 of the communication control IC writer 610.

  The permission information B and the permission information A are information (for example, numerical values) that allow the communication control IC 23 to perform a predetermined process by being set in the communication control IC 23 at a predetermined timing. is there. The permission information B is set in the communication control IC 23 after the card unit 20 is installed in the game hall 500. The permission information A is set in the communication control IC 23 before the card unit 20 is shipped from the card unit manufacturer 600 (when the operation is confirmed). The permission information B and the permission information A are stored in the storage unit 112 of the chip maker computer 110.

  The operation control information specifies conditions under which the communication control IC writer 610 can perform a predetermined operation (for example, writing information to the communication control IC 23). For example, when the operation control information has the first content (for example, “1”), the communication control IC writer 610 can perform a predetermined operation regardless of whether or not it can communicate with the key management center server 310. it can. On the other hand, for example, when the operation control information has the second content (for example, “2”), the communication control IC writer 610 can perform a predetermined operation only when it can communicate with the key management center server 310. The operation control information is stored in the storage unit 112 of the chip maker computer 110. In the present embodiment, the operation control information is the second content, and the communication control IC writer 610 can perform a predetermined operation only when it can communicate with the key management center server 310.

  The version information A2 is recorded as version information (version number of the first version, the second version, etc.) of the encryption key A2 generated later. The version information A2 is recorded as the latest version information about the encryption key A2 at that time (step A2). The version information A2 is stored in the storage unit 112 of the chip maker computer 110.

  The encryption key A1 is a key for encryption communication used when encrypting or decrypting information transmitted / received in encryption communication. The encryption key A1 is stored in the storage unit 112 of the chip maker computer 110.

  The version information A1 is information (version number such as the first version, the second version, etc.) indicating the version of the encryption key A1. The version information A1 is stored in the storage unit 112 of the chip maker computer 110.

  The secret key A is a key for encryption communication used when encrypting or decrypting information transmitted / received in encryption communication. The secret key A is stored in the storage unit 23b of the communication control IC 23 and the storage unit 112 of the chip maker computer 110.

  The authentication information A2 is information for authenticating the communication control IC 23. For example, identification information for identifying the communication control IC 23 (for example, a plurality of communication control ICs 23 in which information is written by one communication control IC writer 610 ( Unique identification information) for each of a plurality of communication control ICs 23) shipped in step A3. The authentication information A2 includes a predetermined numerical value. The authentication information A2 is stored in the storage unit 612 of the communication control IC writer 610 and the storage unit 112 of the chip maker computer 110, respectively.

  Permission information B, permission information A, operation control information, delivery key A, version information A2, encryption key A1, version information A1, maker information A, authentication information A1, authentication, stored in the storage unit 112 of the chip maker computer 110 The information A2 and the secret key A are stored in association with each other for each communication control IC writer 610.

  Various types of information registered in step A2 are permission information B, permission information A, operation control information, delivery key A, version information A2, encryption key A1, version information A1, manufacturer information A, and authentication information A1. . In step A2, the control unit 111 transmits various information including the authentication information A1 of the communication control IC writer 610 shipped in step A1 to the key management center server 310. The control unit 311 of the key management center server 310 When the information transmitted by the control unit 111 is received, the received information is associated with each other and stored in the storage unit 312. The above transmission is performed based on, for example, an operation (an operation for instructing transmission of the above-described various information) to the chip maker computer 110 by an employee of the chip maker 100. In the above transmission, the permission information B is encrypted with the secret key A and registered in the storage unit 312 of the key management center server 310 while being encrypted. As appropriate, the chip maker computer 110 and the key management center server 310 may hold a key, encrypt the various types of information, transmit the information to the key management center server 310, and decrypt the information by the key management center server 310.

  Information about the communication control IC 23 registered in step A4 is authentication information A2. In step A4, the control unit 111 transmits the authentication information A2 of the communication control IC 23 shipped in step A3 to the key management center server 310 together with the authentication information A1 associated with the authentication information A2. The control unit 311 of the management center server 310 receives the authentication information A1 and the authentication information A2 transmitted by the control unit 311 and associates them with various types of information including the authentication information A1 stored in the storage unit 312 in step A2. The received authentication information A2 is stored in the storage unit 312. The above transmission is performed based on, for example, an operation (an operation for instructing transmission of the above-described various information) to the chip maker computer 110 by an employee of the chip maker 100. As appropriate, the chip maker computer 110 and the key management center server 310 may hold a key, encrypt each of the above information, transmit the information to the key management center server 310, and decrypt it by the key management center server 310.

  Each information registered in steps A2 and A4 is also stored in the storage unit 312 in association with other information stored in the storage unit 312 of the key management center server 310. The other information includes an encryption key C1, shipping information, date / time, update information, delivery key B, manufacturer information B, authentication information B1, version information C, encryption key C3, and operation mode. These pieces of information are performed at an appropriate timing based on, for example, an operation (an operation for registering the above information) on the key management center server 310 by an employee of the key management center 300 based on a request from the card unit manufacturer 600 or the like. .

  The encryption key C1 is a key for encryption communication used when encrypting or decrypting information transmitted / received in encryption communication.

  The shipping information stores the shipping destination of the communication control IC writer 610 in step A1, the shipping destination of the communication control IC 23 in step A3, that is, authentication information A1 stored in association with the shipping information. Information for identifying the shipping card unit maker 600 of the communication control IC 23 storing the communication control IC writer 610 and the authentication information A2 and includes, for example, a predetermined numerical value.

  The date and time is information representing the current date and time (it may be up to the date and may not include the time). For example, the control unit 111 refers to a calendar unit (not shown) included in the control unit 111, acquires the current date and time, and updates the acquired date and time in real time.

  The update information is information that is the basis for generating the encryption key A2. The update information is composed of a predetermined numerical value, for example. The contents of the update information correspond to the contents (for example, the version number) of the version information A2. For this reason, the version information A2 is information indicating the version (for example, the version number) of the encryption key A2 (and update information) generated thereafter. The update information is updated at an appropriate timing based on, for example, an operation (an operation to update the update information) on the key management center server 310 by an employee of the key management center 300. In this case, the version indicated by the version information A2 is also updated. For example, the version information A2 is updated to the version number of the new update information.

  The delivery key B is a key for encrypted communication used when encrypting or decrypting information transmitted / received in encrypted communication.

  The manufacturer information B is information for identifying a manufacturer that manufactures the security board 24, and includes, for example, a predetermined numerical value. In this embodiment, since the security board 24 is manufactured by the card unit manufacturer 600, the manufacturer information B is information for identifying the card unit manufacturer 600.

  The authentication information B1 is information used for authentication of the SC writer 650. For example, the authentication information B1 is identification information for identifying the SC writer 650 (for example, unique identification information for each SC writer 650). The authentication information B1 includes a predetermined numerical value.

  The version information C is information (version number of the first version, the second version, etc.) indicating the version of the security chip 22 or the security board 24.

  The encryption key C3 is a key for encryption communication used when encrypting or decrypting information transmitted / received in encryption communication.

  The operation mode is information that defines the operation of the security chip 22 (the processing content of the processing unit 22a). When the operation mode is stored in the storage unit 22b, the processing unit 22a of the security chip 22 performs processing according to the operation mode (that is, various processes described later).

  The control unit 311 of the key management center server 310 uses the permission information B (information as encrypted) and the encryption key C1 stored in the storage unit 312 at a predetermined timing (for example, the key management center 300 When the employee performs an operation on the key management center server 310 (operation for updating the update information) or the like), the control unit 311 of the upper server 510 is transmitted from the key management center server 310. The permission information B (information as encrypted) and the encryption key C1 are stored in the storage unit 312 (step A99). The permission information B is stored in the storage unit 312 in an encrypted state. Note that the permission information B (information as encrypted) and the encryption key C1 are stored in the storage unit 512 of the upper server 510 using an information storage medium (for example, a CD-ROM (Compact Disc Read Only Memory)). The permission information B (information that remains encrypted) is inserted from the information storage medium by being inserted into a reading device (for example, a CD drive or the like and provided in the input / output unit 513) of the host server 510. Alternatively, the encryption key C1 may be read and stored in the storage unit 512, for example. The host server 310 in which the permission information B is stored is a host server installed in the game hall 500 of the shipping destination of each card unit 20 manufactured by mounting each communication control IC 23 shipped in step A3. In the present embodiment, it is assumed that all the card units 20 each mounted with each communication control IC 23 manufactured using one communication control IC writer 610 are installed in one game hall 500.

  As shown in FIG. 9, the SC writer 650 and the security chip 22 are manufactured by another manufacturer and delivered to the card unit manufacturer 600, or manufactured by the card unit manufacturer 600 itself. In the storage unit 652 of the SC writer 650, authentication information B1 (corresponding to the authentication information B1 registered in the key management center server 310), delivery key B (registered in the key management center server 310). Stored in the distribution key B). When the security board 24 is manufactured in the card unit maker 600 and the security chip 22 and the communication control IC 23 are mounted on the security board 24, the processes after step A5 are performed. The communication control IC writer 610 and the SC writer 650 are connected so as to communicate with each other. Although not shown, the storage unit 652 of the SC writer 650 and the storage unit 22b of the security chip 22 appropriately store necessary programs and information for executing processing.

  In step A5, the control unit 611 of the communication control IC writer 610 transmits the authentication information A1 and the manufacturer information A stored in the storage unit 612 to the key management center server 310 together with a verification request. When the control unit 311 of the key management center server 310 receives the authentication information A1 and the manufacturer information A together with the verification request, the authentication information A1 and the manufacturer information A stored in the storage unit 312 and the received authentication information A1 and manufacturer information A are collated. When this collation is NG (when collation for at least one piece of information is NG), the control unit 311 notifies the communication control IC writer 610 that the collation is NG, and the input / output unit 313. Etc., through a predetermined notification process (for example, display of verification NG on the display unit included in the input / output unit 313, sounding a buzzer included in the input / output unit 313, etc.) Same for processing). Upon receiving the above notification, the control unit 611 includes a predetermined notification process (for example, display of verification NG on the display unit included in the input / output unit 613, and input / output unit 613 via the input / output unit 613). The following is the same for a predetermined notification process performed by the control unit 611).

  When the collation in step A5 is OK (when all the collations are OK), in step A6, the control unit 311 of the key management center server 310 stores the encryption key A1, version stored in the storage unit 312. Information A1, shipping information, operation control information, and date / time are transmitted to the communication control IC writer 610. The control unit 611 of the communication control IC writer 610 receives the information transmitted from the key management center server 310, Store in the storage unit 612 (information registration). When the information registration in step A6 is completed, the control unit 611 of the communication control IC writer 610 transmits a message to that effect to the SC writer 650 as appropriate. The date and time is fixed when step A6 is performed.

  In step A5, the control unit 611 of the communication control IC writer 610 may send the authentication information A1 and the manufacturer information A encrypted with the delivery key A. In this case, for example, the key management center server 310 manages information stored in the storage unit 312 for each communication address of the communication control IC writer 610, and the control unit 311 determines which delivery based on the communication address. It is determined whether the information is decrypted with the key A, decrypted with the determined delivery key A, and the above verification is performed based on the authentication information A1 and the manufacturer information A corresponding to the delivery key A used for decryption. . Alternatively, the control unit 311 attempts to decrypt with all the delivery keys A stored in the storage unit 312, and based on the authentication information A1 and the manufacturer information A corresponding to the delivery key A that has been decrypted, The above verification may be performed.

  In step A 6, the control unit 311 of the key management center server 310 sends the encryption key A 1, version information A 1, shipping information, operation control information, and date / time encrypted using the delivery key A stored in the storage unit 312. Also good. In this case, the control unit 611 of the communication control IC writer 610 decrypts each piece of information received from the key management center server 310 with the delivery key A stored in the storage unit 612 and then stores it in the storage unit 612 (information registration). ).

  In step A 7, the control unit 651 of the SC writer 650 that has received the end of information registration from the communication control IC writer 610 uses the authentication information B 1 stored in the storage unit 652 together with the verification request and the key management center. Send to server 310. When receiving the authentication information B1 together with the verification request, the control unit 311 of the key management center server 310 compares the authentication information B1 stored in the storage unit 312 with the received authentication information B1. When the collation is NG, the control unit 311 notifies the SC writer 650 that the collation is NG, and performs a predetermined notification process via the input / output unit 313 or the like. Upon receiving the above notification, the control unit 651 receives a predetermined notification process (for example, display of verification NG on the display unit included in the input / output unit 653, and input / output unit 653 via the input / output unit 653). The same is true for a predetermined notification process performed by the control unit 651).

  When the collation in step A7 is OK, in step A8, the control unit 311 of the key management center server 310 stores the encryption key C1, date / time, manufacturer information B, version information C, permission stored in the storage unit 312. The information A, the encryption key C3, and the operation mode are transmitted to the SC writer 650, and the control unit 651 of the SC writer 650 receives the information transmitted from the key management center server 310 and stores it in the storage unit 652. (Information registration). When the information registration in step A8 ends, the control unit 651 of the SC writer 650 sends a message to that effect to the communication control IC writer 610 as appropriate.

  In step A7, the controller 651 of the SC writer 650 may send the authentication information B1 encrypted with the delivery key B. In this case, the key management center server 310 manages information stored in the storage unit 312 for each communication address of the SC writer 650, for example, and the control unit 311 determines which delivery key based on the communication address. It is determined whether the information is to be decrypted with B, decrypted with the determined delivery key B, and the above verification is performed based on the authentication information B1 corresponding to the delivery key B used for decryption. Alternatively, the control unit 311 attempts to decrypt with all the delivery keys B stored in the storage unit 312 and performs the above collation based on the authentication information B1 corresponding to the decrypted delivery key B. Also good.

  In step A8, the control unit 311 of the key management center server 310 performs encryption key C1, encryption key A1, version information A1, shipping information, date and time, manufacturer information B, version information C, permission information A, encryption key C3, The operation mode may be sent after being encrypted with the delivery key B stored in the storage unit 312. In this case, the control unit 651 of the SC writer 650 decrypts each piece of information received from the key management center server 310 with the delivery key B stored in the storage unit 652 and stores it in the storage unit 652 (information registration).

  In step A9, the control unit 611 of the communication control IC writer 610 that has received the end of information registration from the SC writer 650 reads the manufacturer information A from the communication control IC 23 via the write / read unit 615, and reads the manufacturer. The information A and the manufacturer information A stored in the storage unit 612 are collated. At this time, the manufacturer information A is encrypted and transmitted by the processing unit 23a of the communication control IC 23 with the write key stored in the storage unit 23b, and the control unit 611 of the communication control IC writer 610 receives it. The maker information A may be decrypted with the write key of the storage unit 612 and the verification may be performed. When this collation is NG, the control unit 611 performs a predetermined notification process via the input / output unit 613 or the like. If this verification is OK, the control unit 611 of the communication control IC writer 610 reads the authentication information A2 from the communication control IC 23 via the writing / reading unit 615, and stores the read authentication information A2. Stored in the unit 612. In this way, information registration of the authentication information A2 is performed (step A10). At this time, the authentication information A2 is encrypted and transmitted by the processing unit 23a of the communication control IC 23 with the write key stored in the storage unit 23b, and the control unit 611 of the communication control IC writer 610 The received manufacturer information A may be decrypted with the write key of the storage unit 612 and stored in the storage unit 612.

  When step A10 is completed, in step A11, the control unit 611 of the communication control IC writer 610 causes the authentication information A1, encryption key A1, version information A1, shipping information, and authentication information A2 stored in the storage unit 612. Is transmitted to the SC writer 650. When the control unit 651 of the SC writer 650 receives the authentication information A1, the encryption key A1, the version information A1, the shipping information, and the authentication information A2 transmitted from the communication control IC writer 610, the control unit 651 stores them in the storage unit 652. (Information registration).

  When step A11 ends, in step A12, the control unit 651 of the SC writer 650 automatically generates authentication information C1 based on the manufacturer information B, date and time, and authentication information A1 stored in the storage unit 612. . For example, the control unit 651 generates the authentication information C1 by performing a logical operation on the manufacturer information B, the date and time, and the authentication information A1. In addition, the control unit 651 may include a random number generation circuit, and may perform a logical operation on the random number generated by the random number generation circuit, the manufacturer information B, the date and time, and the authentication information A1 to generate the authentication information C1. .

  Here, the authentication information C1 is information for authenticating the security board 24. For example, identification information for identifying the security board 24 (for example, a plurality of communication control ICs 23 shipped in step A3 are respectively mounted). Unique identification information for each of the plurality of security boards 24). Since the security board 24, the security chip 22, and the CU control unit 21 are mounted in the same card unit 20, for example, the identification information for identifying the security board 24 includes the security chip 22, the CU control unit. It is also identification information for identifying 21. In this manner, the authentication information C1 is also information for authenticating the security chip 22 and the CU control unit 21. The authentication information C1 includes a predetermined numerical value.

  When step A12 ends, in step A13, the control unit 651 of the SC writer 650 automatically generates authentication information B2 and authentication information C2 based on the authentication information C1 generated in step A12. For example, the control unit 651 includes a random number generation circuit, performs a logical operation on the random number generated by the random number generation circuit and the authentication information C1, and separately generates the authentication information B2 and the authentication information C2.

  Here, the authentication information B2 is information for authenticating the security chip 22. For example, identification information for identifying the security chip 22 (for example, a plurality of security chips 22 to which information is written by one SC writer 650). (Identification information unique to each of the security chips 22 paired with the plurality of communication control ICs 23 shipped in step A3 (mounted on the same security board 24)). The authentication information B2 includes a predetermined numerical value.

  Here, the authentication information C2 is information for authenticating the security board 24. For example, identification information for identifying the security board 24 (for example, a plurality of communication control ICs 23 shipped in step A3 are respectively mounted). Unique identification information for each of the plurality of security boards 24). Since the security board 24, the security chip 22, and the CU control unit 21 are mounted in the same card unit 20, for example, the identification information for identifying the security board 24 includes the security chip 22, the CU control unit. It is also identification information for identifying 21. In this way, the authentication information C2 is also information for authenticating the security chip 22 and the CU control unit 21. The authentication information C2 includes a predetermined numerical value (a numerical value is different from the authentication information C1).

  When step A13 ends, in step A14, the control unit 651 of the SC writer 650 transmits the authentication information B2 stored in the storage unit 652 to the communication control IC writer 610. Upon receiving the authentication information B2 transmitted from the SC writer 650, the control unit 611 of the communication control IC writer 610 stores it in the storage unit 612 (information registration).

  In steps A11 and A14, the communication control IC writer 610 and the SC writer 650 have keys as appropriate, and the information transmitted by the communication control IC writer 610 (or SC writer 650) is encrypted with this key. The SC writer 650 (or communication control IC writer 610) may decrypt the received information with the key and store it in the storage unit 652 (or storage unit 612).

  When step A14 is completed, in step A15, the control unit 611 of the communication control IC writer 610 passes through the writing / reading unit 615 to authenticate information A1, encryption key A1, version information A1, shipping information, and the like. The authentication information B2 is written in the communication control IC 23 (information registration). The control unit 611 of the communication control IC writer 610 encrypts each piece of information with the write key stored in the storage unit and supplies the encrypted information to the communication control IC 23. The processing unit 23a of the communication control IC 23 decrypts the supplied information with the write key stored in the storage unit 23b, and decrypts the authentication information A1, the encryption key A1, the version information A1, and the shipping information. And the authentication information B2 are stored in the storage unit 23b. As a result, the above writing is performed. At the time of writing, the control unit 611 of the communication control IC writer 610, together with the above information, stores a program for executing the processing described later (in this case, an operation of an employee of the card unit manufacturer 600, etc. 652 may be stored in the security chip 22 (the above encryption is also performed as appropriate).

  On the other hand, the control unit 651 of the SC writer 650 generates the secret key B after performing the process of step A14 (step A16). The secret key B is automatically generated, for example. For example, the control unit 651 includes a random number generation circuit, performs a logical operation based on the random number generated by the random number generation circuit, and generates the secret key B. The secret key B may be generated at an appropriate timing based on, for example, an operation (an operation for registering the secret key B) on the SC writer 650 by an employee of the card unit manufacturer 600. The control unit 651 may generate a secret key B by performing a logical operation on the information (for example, date and time) stored in the storage unit 652 and the random number generated by the random number generation circuit.

  The secret key B is a key for encryption communication used when encrypting or decrypting information transmitted / received in encryption communication.

  When the control unit 651 of the SC writer 650 performs the process of step A16, as step A16.5, the permission information A, the manufacturer information B, the authentication information A1, and the encryption are transmitted via the writing / reading unit 655. Key A1, version information A1, shipping information, authentication information A2, authentication information B2, encryption key C3, authentication information C1, authentication information C2, encryption key C1, and version information C And the date and time, the operation mode, and the secret key B are written in the security chip 22 (information registration). At the time of this writing, the control unit 651 of the SC writer 650, together with the above information, a program for executing processing described later (in this case, the information is stored in the storage unit 652 by an operation of an employee of the card unit manufacturer 600) May be stored in the security chip 22. Note that a common key is set between the SC writer 650 and the security chip 22 (for example, stored in the storage unit 652 and the storage unit 22b at the time of manufacture), and at the time of writing, the SC writer is used. The control unit 651 of 650 encrypts the information and the like with the set key and supplies the encrypted information to the security chip 22, and the processing unit 22a of the security chip 22 stores the supplied information in the storage unit 22b. Decrypted with the key and decrypted, permission information A, manufacturer information B, authentication information A1, encryption key A1, version information A1, shipping information, authentication information A2, authentication information B2, encryption key C3, authentication Information C1, authentication information C2, encryption key C1, version information C, date and time, operation mode, secret key B, and the like may be stored in the storage unit 22b.

  After step A15, the control unit 611 of the communication control IC writer 610, through the writing / reading unit 615, performs authentication information A1, encryption key A1, version information A1, shipping information, and authentication information B2. Are written in the communication control IC 23 (information registration). The control unit 611 of the communication control IC writer 610 encrypts each piece of information with the write key stored in the storage unit and supplies the encrypted information to the communication control IC 23. The processing unit 23a of the communication control IC 23 decrypts the supplied information with the write key stored in the storage unit 23b, and decrypts the authentication information A1, the encryption key A1, the version information A1, and the shipping information. And the authentication information B2 are stored in the storage unit 23b. As a result, the above writing is performed.

  When step A15 ends, in step A17, the control unit 611 of the communication control IC writer 610 stores the authentication information A1, authentication information A2, and authentication information B2 stored in the storage unit 612. To the key management center server 310.

  When step A16.5 ends, in step A18, the control unit 651 of the SC writer 650 causes the authentication information B2, authentication information C2, authentication information C1, and encryption stored in the storage unit 652 to be encrypted. The key C2 and the secret key B are transmitted to the key management center server 310.

  In step 18.5, the control unit 311 of the key management center server 310 receives the authentication information A1, the authentication information A2, and the authentication information B2 transmitted from the communication control IC writer 610 in step A17. When the authentication information B2, the authentication information C2, the authentication information C1, the encryption key C2, and the secret key B transmitted from the SC writer 650 in step A18 are received, they are stored in the storage unit 312. The authentication information A2 and the authentication information A2 transmitted from the communication control IC writer 610 are collated, and if the collation is OK, the authentication information A2 (verification OK) stored in the storage unit 312. The authentication information A1, the authentication information B2, the authentication information C2, the authentication information C1, the encryption key C2, and the secret key B are officially registered in association with the authentication information A2). Formally stored in the storage unit 312 so as to be used in processing described later.). The control unit 311 of the key management center server 310 includes the authentication information B2 transmitted from the SC writer 650 that transmitted the same authentication information B2 as the authentication information B2 transmitted from the communication control IC writer 610, Authentication information C2, authentication information C1, encryption key C2, and secret key B are formally registered. That is, the communication information IC writer 610 and the SC writer 650 that are paired are specified by the authentication information B2, and each information is formally registered.

  The control unit 311 of the key management center server 310 notifies the communication control IC writer 610 and the SC writer 650 of the completion of formal registration after the formal registration is completed. Upon receiving the formal registration completion, the control unit 611 of the communication control IC writer 610 and the control unit 651 of the SC writer 650 each perform step A15, step A16, and 16.5 with a plurality of security boards 24 (step A3). Are set so as to be able to be performed on the communication control ICs 23 and the security 22 of the remaining security boards 24 among the security boards 24) for the communication control ICs 23 shipped in (1). When Steps A16 and 16.5 are performed on the communication control IC 23 and the security 22 of the security board 24, the security board 24 on which the communication control IC 23 and the security 22 on which the above information is written is mass-produced. Become. For each communication board 24 and each security board 24, the processes after step A9 are repeated to mass-produce the security board 24 on which the communication control IC 23 and the security board 22 on which the above information is written are mounted. Also good. In this case, the information officially registered in step A18 is updated as needed with the same information.

  In step A18.5, if the collation is NG, the communication control IC writer 610 and the SC writer 650 indicating the collation NG (the same authentication information as the authentication information B2 transmitted by the communication control IC writer 610). Notifying the SC writer 650) that transmits B2, and performing a predetermined notification process via the input / output unit 313 or the like. The control unit 611 of the communication control IC lighter 610 and the control unit 651 of the SC lighter 650 that have received the notification perform predetermined notification processing via the input / output unit and the like, respectively.

  In step A15, the control unit 611 of the communication control IC writer 610 encrypts the authentication information A1, the authentication information A2, and the authentication information B2 using the delivery key A stored in the storage unit 612. It is possible to send it. In this case, for example, the key management center server 310 manages information stored in the storage unit 312 for each communication address of the communication control IC writer 610, and the control unit 311 determines the communication address in step A18.5. Based on the above, it is determined which delivery key A is used to decrypt the information, and with the determined delivery key A, the authentication information A1, the authentication information A2, and the authentication information B2 are decrypted, and the above verification Or formal registration. Alternatively, in step A18.5, the control unit 311 attempts to decrypt all the delivery keys A stored in the storage unit 312 and performs the above verification on the authentication information A2 corresponding to the decrypted delivery key A. The formal registration may be performed on the decrypted information.

  In step A16.5, the control unit 651 of the SC writer 650 stores the authentication information B2, the authentication information C2, the authentication information C1, the encryption key C2, and the secret key B. The encrypted data may be sent using the delivery key B stored in 652. In this case, for example, the key management center server 310 manages information stored in the storage unit 312 for each communication address of the SC writer 650, and the control unit 311 determines the communication address in step A18.5. Thus, it is determined which delivery key B is used to decrypt the information, and with the determined delivery key B, authentication information B2, authentication information C2, authentication information C1, encryption key C2, and secret key B And the above-mentioned formal registration may be performed. Alternatively, in step A18.5, the control unit 311 attempts to decrypt all the delivery keys B stored in the storage unit 312 and associates them with the authentication information A2 corresponding to the decrypted delivery key B. Thus, the formal registration may be performed on the decrypted information.

  In step A18, the control unit 651 of the SC writer 650 may transmit the authentication information A2 stored in the storage unit 652 to the key management center server 310 together with the authentication information B2. In this case, the control unit 311 of the key management center server 310 collates the authentication information A2 stored in the storage unit 312 with the authentication information A2 transmitted from the communication control IC writer 610, and collates OK. If so, the authentication information A1 and the authentication information B2 are officially registered in association with the authentication information A2 (authentication information A2 for verification OK) stored in the storage unit 312, and the key management center. The control unit 311 of the server 310 collates the authentication information A2 stored in the storage unit 312 with the authentication information A2 transmitted from the SC writer 650. The authentication information C2, the authentication information C1, the encryption key C2, and the secret key B are officially registered in association with the stored authentication information A2 (verification OK authentication information A2). Good.

  Part of the information registered in step A11 (for example, encryption key A1, version information A1, shipping information) may be registered in step A8. That is, information (for example, encryption key A1, version information A1, shipping information) may be transmitted directly from the key management center server 310 to the SC writer 650 instead of via the communication control IC writer 610 to perform information registration.

  Further, at least a part (for example, date and time) of the information registered in step A8 may be registered in step A11. That is, information (for example, date and time) is not directly transmitted from the key management center server 310 to the SC writer 650 and information is registered, but information (for example, date and time) is transmitted from the communication control IC writer 610 to register information. Information registration may be performed via the communication control IC writer 610.

  The card unit manufacturer 600 manufactures each part of the card unit 20 such as the case of the card unit 20 and the CU control unit 21 separately from these processes, and each part of the manufactured case, the CU control unit 21 and the like. The card unit 20 is manufactured by combining the communication control IC 23 in which information is written by the above process and the security substrate 24 on which the security chip 22 is mounted.

  As described above, in this embodiment, the communication control IC 23 and the communication control IC writer 610 are manufactured by the chip maker 100, and shipped and delivered to the card unit maker 600. The security chip 22 and the SC writer 650 are manufactured by the card unit manufacturer 600 or other manufacturers (particularly other than the chip manufacturer 100) and used by the card unit manufacturer 600. That is, the manufacturer of the communication control IC 23 and the communication control IC lighter 610 is different from the manufacturer of the security chip 22 and the SC lighter 650. On the other hand, as will be described later, since the security chip 22 and the communication control IC 23 are authenticated using the mutual authentication information, it is necessary to have the mutual authentication information. Assuming that the authentication information A2 used for authentication of the communication control IC 23 is read from the communication control IC 23 by the SC writer 650 and written to the security chip 22 by using the SC writer 650, the manufacturer of the communication control IC 23 (chip manufacturer). 100) needs to disclose the specification of reading / writing information to / from the communication control IC 23 to another manufacturer who is the manufacturer of the SC writer 650 (card unit manufacturer 600 or another manufacturer). Disclosure of specifications causes a problem from the viewpoint of information leakage. Further, considering that the communication control IC writer 610 generates authentication information B2 used for authentication of the security chip 22 instead of the SC writer 650 and writes it to the security chip 22 and the SC writer 650, the security chip. 22 manufacturer (the card unit manufacturer 600 or another manufacturer), the information writing specification and authentication information for the security chip 22 with respect to another manufacturer which is the manufacturer (chip manufacturer 100) of the communication control IC writer 610. It becomes necessary to disclose the generation logic of B2, etc., and disclosing the specification to other manufacturers causes a problem from the viewpoint of information leakage. Therefore, in the above embodiment, two writers (communication control IC writer 610 and SC writer 650) are prepared. The communication control IC writer 610 cannot read / write information from / to the security chip 22, and the SC The writer 650 is prevented from reading and writing information with respect to the communication control IC 23. Specifically, the authentication information A2 is read by the communication control IC writer 610 (step A10), the communication control IC writer 610 transmits to the SC writer 650 (step A11), and the SC writer 650 performs security. The data was written on the chip 22 (step A16.5). The authentication information B2 is generated by the SC writer 650 (step A13), transmitted to the communication control IC writer 610 (step A14), and the communication control IC writer 610 writes to the communication control IC 23. (Step A15). With such a configuration, the above disclosure is not necessary, and in this embodiment, the risk of information leakage can be reduced or eliminated.

  Further, each of the communication control IC writer 610 and the SC writer 650 has a part of information to be written in the communication control IC 23 and the security chip 22 after successful authentication (step A5 or step A7) by the key management center server 310. Is obtained from the key management center server 310 (step A6 or step A8). That is, each of the communication control IC writer 610 and the SC writer 650 acquires information to be written after external authentication, and writes the acquired information in the communication control IC 23 and the security chip 22. When the IC writer 610 and the SC writer 650 are valid, the writing information is supplied and the writing is permitted. For this reason, the risk of information leakage can be reduced or eliminated even if either the communication control IC writer 610 or the SC writer 650 is replaced. In particular, since the information to be written is supplied to the communication control IC writer 610 and the SC writer 650 for the first time after successful external authentication, the information to be written to the replaced communication control IC writer 610 and SC writer 650 is supplied. The information to be written is prevented from being read from the communication control IC writer 610 or the SC writer 650 before being delivered to the chip maker 600, thereby reducing or eliminating the risk of information leakage. be able to.

  As a modification, the communication control IC writer 610 and the SC writer 650 may authenticate each other. For example, the storage unit 612 of the communication control IC writer 610 and the storage unit 652 of the SC writer 650 have authentication information (for example, common information, and authentication information A1 and B1 may be used). When the authentication is successful (verification is OK), the process of step A11 may be performed. This can further reduce or eliminate the risk of information leakage due to replacement of the communication control IC writer 610 and the SC writer 650.

(Operation check of card unit 20)
Next, the operation of each device in checking the operation of the card unit 20 will be described with reference to FIG. In the card unit manufacturer 600, an operation check is performed to check whether or not the processing in the card unit 20 is normally performed at a predetermined stage in the manufacture of the card unit 20 such as after the card unit 20 is manufactured. Here, the card unit 20 (communication control IC 23) is connected to the test pachinko machine 10 (see FIG. 2 for the configuration), and the operation is confirmed.

  For example, when the power of the card unit 20 (including those in the middle of manufacture) is first turned on, when connected to the test pachinko machine 10, when the card for normal operation is not inserted into the card unit 20, etc. The CU control unit 21 performs an operation check operation. In the storage unit 21b of the CU control unit 21, manufacturer information B (the same content as the manufacturer information B stored in the security chip 22) and a unified store code are stored in advance (during manufacture). Stored).

  The unified store code includes identification information (for example, unique information for each gaming hall 500) for identifying the gaming hall 500 to which the card unit 20 is shipped, and this information may be any appropriate information.

  In the operation check of the card unit 20, first, the CU control unit 21 communicates with the security chip 22 and collates the manufacturer information B with each other (step B1). For example, the processing unit 21 a of the CU control unit 21 transmits the manufacturer information B stored in the storage unit 21 b to the security chip 22. The processing unit 22a of the security chip 22 receives the manufacturer information B transmitted from the CU control unit 21, and collates the received manufacturer information B with the manufacturer information B stored in the storage unit 22b. If this verification is NG, the processing unit 22a of the security chip 22 stops the subsequent processing. If this collation is OK, the processing unit 22a of the security chip 22 transmits the manufacturer information B stored in the storage unit 22b to the CU control unit 21. The processing unit 21a of the CU control unit 21 receives the manufacturer information B transmitted from the security chip 22, and collates the received manufacturer information B with the manufacturer information B stored in the storage unit 21b. If this collation is NG, the processing unit 21a of the CU control unit 21 stops the subsequent processing. If this verification is OK, mutual authentication is successful, and the processing unit 21a of the CU control unit 21 makes a connection request to the security chip 22 (transmission of the unified store code stored in the storage unit 21b) ( Step B2).

  When the processing unit 22a of the security chip 22 receives the unified store code from the processing unit 21a of the CU control unit 21, the processing unit 22a holds the unified store code and performs mutual authentication (encryption authentication) based on the encryption key C1 stored in the storage unit 22b. ), But since the encryption key C1 is not stored in the storage unit 21b of the CU control unit 21, mutual authentication fails (step B3). In this mutual authentication, for example, the success or failure of the authentication is determined based on whether the processing unit 22a and the processing unit 21a can normally perform encrypted communication using the encryption key C1. If the encrypted communication can be performed, the authentication is successful, and if the encrypted communication cannot be performed, the authentication fails. In such authentication, for example, a MAC (Message Authentication Code) is used. In addition, HMAC (Keyed-Hashing for Message Authentication code) etc. may be used.

  If authentication fails in step B3, the processing unit 22a of the security chip 22 transmits the encryption key C3 stored in the storage unit 22b to the CU control unit 21, and the processing unit 21a of the CU control unit 21 receives the received encryption key. The key C3 is held (for example, temporarily stored in the RAM; the same applies hereinafter). (Step B4).

  After step B4, the processing unit 21a of the CU control unit 21 and the processing unit 22a of the security chip 22 use the respective encryption keys C3 that are held or stored in the storage unit 22b, and use the encryption key C3. Mutual authentication (encryption authentication) based on the above is performed (step B5). In this mutual authentication, for example, the success or failure of the authentication is determined based on whether the processing unit 22a and the processing unit 21a can perform encrypted communication using the encryption key C3. That is, since this mutual authentication is the same as the mutual authentication based on the encryption key C1, the detailed description is as described above.

  When the mutual authentication fails, the processing unit 21a and the processing unit 22a stop the subsequent processing. When the mutual authentication is successful, the processing unit 22a of the security chip 22 performs the process of step B6.

  In step B6, the processing unit 22a of the security chip 22 transmits a request for the authentication information A2 to the communication control IC 23. Upon receiving the request from the security chip 22, the processing unit 23a of the communication control IC 23 stores the request in the storage unit 23b. The stored authentication information A2 is transmitted to the security chip 22. When receiving the authentication information A2 transmitted from the communication control IC 23, the processing unit 22a of the security chip 22 collates the received authentication information A2 with the authentication information A2 stored in the storage unit 22b.

  When the verification of the authentication information A2 fails (including the case where the authentication information A2 is not transmitted to the security chip 22 for a certain period of time; the same applies to verification hereinafter), the processing unit 22a of the security chip 22 Cancel the process.

  On the other hand, when the verification of the authentication information A2 is successful, the process of step B7 is performed. In the process of step B7, the processing unit 22a of the security chip 22 transmits the authentication information B2 stored in the storage unit 22b to the communication control IC 23 together with the verification request, and the processing unit 23a of the communication control IC 23 When the authentication information B2 and the verification request are received, the verification information B2 stored in the storage unit 23b and the received authentication information B2 are verified, and if the verification is NG, the subsequent processing is stopped. To do. On the other hand, when the collation is OK, the processing unit 23a of the communication control IC 23 notifies the security chip 22 to that effect.

  When the verification of the collation OK is performed by the processing unit 23a of the communication control IC 23, the process of step B8 is performed. When receiving the verification OK notification from the communication control IC 23, the processing unit 22a of the security chip 22 transmits the authentication information A1, shipping information, and version information A1 stored in the storage unit 22b to the communication control IC 23 together with the verification request. When the processing unit 23a of the communication control IC 23 receives the authentication information A1, the shipping information, and the version information A1 from the security chip 22, the authentication information A1, the shipping information, and the version information A1 stored in the storage unit 23b. The received authentication information A1, shipping information, and version information A1 are collated. If the collation is NG (if any of the above information is NG), the subsequent processing is stopped. On the other hand, when the collation is OK (when all the collations in the above information are OK), the processing unit 23a of the communication control IC 23 notifies the security chip 22 to that effect.

  When the verification of the collation OK is performed by the processing unit 23a of the communication control IC 23, the process of step B9 is performed. That is, the processing unit 22a of the security chip 22 and the processing unit 23a of the communication control IC 23 start encryption communication using the encryption key A1 stored in each storage unit.

  When the encrypted communication is started, the processing unit 22a of the security chip 22 encrypts the permission information A stored in the storage unit 22b with the encryption key A1 (stored in the storage unit 22b), and stores it in the communication control IC 23. Then, the processing unit 23a of the communication control IC 23 decrypts the permission information A with the encryption key A1 (stored in the storage unit 22b) and holds it. By this holding, the permission information A is set in the communication control IC 23 (step B10). With this setting, the communication control IC 23 can perform the processing after step B11 for the first time. In step B10, the processing unit 23a of the communication control IC 23 notifies the communication control IC 23 that the permission information A is held.

  When the processing unit 22a of the security chip 22 receives the notification that the permission information A is held from the communication control IC 23, it requests the communication control IC 23 for chip information (step B11). Similarly to the permission information A, the request for the chip information may be encrypted and decrypted with the encryption key A1.

  In this embodiment, the chip information includes chip information of the payout control chip 11 and chip information of the main control chip 13. The chip information of the payout control chip 11 is identification information for identifying the payout control chip 11. In the present embodiment, the chip information includes a unique numerical value for each payout control chip 11. The chip information of the main control chip 13 is identification information for identifying the main control chip 13. In the present embodiment, the chip information includes a unique numerical value for each main control chip 13. The chip information of the payout control chip 11 is stored in advance in the storage unit 11b of the payout control chip 11, and the chip information of the main control chip 13 is stored in advance in the storage unit 11b of the main control chip 13.

  When receiving the request for chip information from the security chip 22, the processing unit 23a of the communication control IC 23 acquires the chip information (step B12). For example, the processing unit 23a of the communication control IC 23 communicates with the payout control chip 11 of the test pachinko machine 10, and transmits a request for chip information. When receiving the request, the processing unit 11a of the payout control chip 11 issues a chip information transmission request to the main control chip 13 of the test pachinko machine 10. When receiving the request, the processing unit 13 a of the main control chip 13 transmits the chip information of the main control chip 131 stored in the storage unit 13 b to the payout control chip 11. When receiving the chip information of the main control chip 13, the processing unit 11 a of the payout control chip 11 communicates the chip information of the payout control chip 11 stored in the storage unit 11 b together with the received chip information of the main control chip 13. It returns to the control IC 23. Thereby, the processing unit 23a of the communication control IC 23 receives the chip information to acquire the chip information. The chip information is held in the processing unit 23a.

  The processing unit 23a of the communication control IC 23 generates a chip number from the chip information acquired in Step B12 (Step B13). For example, the processing unit 23a performs a logical operation on the chip information and a predetermined value set in advance or predetermined information stored in the storage unit 23b to generate a chip number. The chip number is generated for each chip information of the payout control chip 11 and chip information of the main control chip 13, for example. The chip number and chip information are held in the processing unit 23a.

  The processing unit 23a of the communication control IC 23 encrypts the held chip information and chip number with the encryption key A1 stored in the storage unit 23b and transmits it to the security chip 22, and the processing unit 22a of the security chip 22 When the chip information and the chip number are received, it is decrypted and held with the encryption key A1 stored in the storage unit 22b (step B14).

  Next, the processing unit 22a of the security chip 22 automatically generates and holds a chip inquiry number from the held chip number or the like (step B14.5). The chip inquiry number is generated, for example, by performing a logical operation on the chip number and the current date and time (for example, the processing unit 22a specifies the current date and time by referring to a calendar unit (not shown)) (necessary). Depending on the authentication information C2 or the like may be used).

  Next, the processing unit 22a of the security chip 22 encrypts the held chip information and the chip inquiry number with the secret key B stored in the storage unit 22b, and encrypts the chip information and the chip inquiry number. Is encrypted with the encryption key C3 stored in the storage unit 22b together with the chip number held by the processing unit 22a, and transmitted to the CU control unit 21 (step B15).

  The processing unit 21a of the CU control unit 21 decrypts the chip information, the chip inquiry number, and the chip number from the security chip 22 with the encryption key C3 stored in the storage unit 21b, and holds the decrypted information. (The chip information and the chip inquiry number remain encrypted with the secret key B.) A notification that there is no chip information is returned to the security chip 22 (step B16).

  Next, when receiving the notification that there is no chip information from the CU control unit 21, the processing unit 22a of the security chip 22 transmits authentication OK information to the communication control IC 23 in order to continue the subsequent processing. When receiving the authentication OK information from the security chip 22, the processing unit 23a of the control IC 23 holds this information (step B17). By this holding, the processing unit 23a can generate the following session key.

  Next, the processing unit 22a of the security chip 22 transmits a request for the session key to the communication control IC 23 (step B18). When the processing unit 23a of the communication control IC 23 receives the request for the session key from the security chip 22, A key is automatically generated (step B18.5). For example, the processing unit 22a includes a random number generation circuit, and generates a session key based on the random number generated by the random number generation circuit. For example, the session key may be generated by performing a logical operation on the random number and predetermined information (for example, information stored in the storage unit 23b).

  The processing unit 23a of the communication control IC 23 holds the generated session key and notifies the generated chip key to the security chip 22 (step B19). When the processing unit 22a of the security chip 22 receives the session key from the communication control IC 23, the processing unit 22a and the processing unit 23a transmit and receive information (business message etc.) for processing related to the game. At the time of this transmission / reception, the processing unit 22a and the processing unit 23a perform encrypted communication by encrypting and decrypting information to be transmitted / received with a session key (step B20).

  The operation check of the card unit 20 can be efficiently performed by the series of processes as described above. It should be noted that the card unit 20 performs a normal operation (processing related to a game) even after a certain period of time has elapsed from the start of the operation check of the card unit 20 due to a verification NG, a mutual authentication failure, or the like. Therefore, it can be seen that the card unit 20 is malfunctioning. Note that the information held in each processing unit is lost (cleared) or deleted as appropriate when the power is turned off after the operation is confirmed. In addition, the unified store code stored in the CU control unit 21 is also lost or deleted.

(When the pachinko machine 10 and the card unit 20 are newly installed in the game hall 500)
The card unit 20 manufactured by the card unit maker 600 and the pachinko machine 10 manufactured by the gaming machine maker are newly installed in the shipping arcade 500. At this time, the gaming system 1 authenticates the CU control unit 21 of the card unit 20, the security chip 22 (security board 24), the communication control IC 23, the payout control chip 11 of the pachinko machine 10, and the main control chip 13. For the operation. This operation will be described with reference to FIGS. In addition, the following process is performed about each of the several card unit 20 and the several pachinko machine 10 newly installed.

  The processing unit 21a of the CU control unit 21 is triggered when a card for normal operation is inserted into the card unit 20 and the card unit 20 is turned on (at this time, the pachinko machine 10 is also turned on) As shown in FIG. 13, a connection request for requesting connection with the upper server 510 is transmitted to the upper server 510 (step C1).

  Upon receiving the connection request from the processing unit 21a, the control unit 511 of the upper server 510 receives the permission information B (encrypted with the secret key A) stored in the storage unit 512 and the unified store code (as appropriate). And the encryption key C1 are transmitted to the CU control unit 21, and the processing unit 21a of the CU control unit 21 holds the received information (step C2). Thus, since the CU control unit 21 acquires the permission information B by establishing communication with the upper server 510, the permission information B is transmitted to the CU control unit 21 at an appropriate timing, so that security is ensured. Has been.

  Note that the CU control unit 21 and the control unit 511 may perform mutual authentication before transmission of the permission information B or the like in step C2. In this case, for example, authentication information is stored in advance in the storage unit 21b and the storage unit 512, and the CU control unit 21 and the control unit 511 are respectively the storage unit 21a and the storage unit 512. Mutual authentication is performed by exchanging and collating authentication information stored in. By performing the transmission only when mutual authentication is successful, security is ensured particularly for the transmission of an effective key (commercial).

  After step C2, the processing unit 21a of the CU control unit 21 communicates with the processing unit 22a of the security chip 22 and collates the manufacturer information B with each other (step C3). For example, the processing unit 21 a of the CU control unit 21 transmits the manufacturer information B stored in the storage unit 21 b to the security chip 22. The processing unit 22a of the security chip 22 receives the manufacturer information B transmitted from the CU control unit 21, and collates the received manufacturer information B with the manufacturer information B stored in the storage unit 22b. If this verification is NG, the processing unit 22a of the security chip 22 stops the subsequent processing. If this collation is OK, the processing unit 22a of the security chip 22 transmits the manufacturer information B stored in the storage unit 22b to the CU control unit 21. The processing unit 21a of the CU control unit 21 receives the manufacturer information B transmitted from the security chip 22, and collates the received manufacturer information B with the manufacturer information B stored in the storage unit 21b. If this collation is NG, the processing unit 21a of the CU control unit 21 stops the subsequent processing. If this collation is OK, the CU control unit 21 and the security chip 22 have succeeded in mutual authentication. Transmission of the unified store code that has been made) (step C4).

  When receiving the unified store code from the CU control unit 21, the processing unit 22a of the security chip 22 performs mutual authentication (encryption authentication) based on the encryption key C1 stored in the storage unit 22b (step C5). In this mutual authentication, for example, the success or failure of the authentication is determined based on whether the processing unit 22a and the processing unit 21a can normally perform encrypted communication using the encryption key C1. The processing unit 22a uses the encryption key C1 stored in the storage unit 22b, and the processing unit 21a performs processing using the held encryption key C1. If the encryption communication can be performed using the encryption key C1, the authentication is successful. If the encryption communication cannot be performed, the authentication fails. In such authentication, for example, MAC is used. HMAC or the like may be used.

  If the mutual authentication is unsuccessful, the processing unit 22a of the security chip 22 stops the processing. When the mutual authentication is successful, the processing unit 22a of the security chip 22 determines the board inquiry number based on the held unified store code, the date and time and the authentication information C2 stored in the storage unit 22b. Is generated and held (step C6). For example, the processing unit 22a includes a random number generation circuit and performs a logical operation on the random number generated by the random number generation circuit, the unified store code, the date and time, and the authentication information C2, and generates a board inquiry number, or a unified store A board inquiry number is generated by performing a logical operation on the code, date and time, and authentication information C2.

  Subsequent to step C6, the processing unit 22a of the security chip 22 encrypts the board inquiry number with the secret key B stored in the storage unit 22b, and stores the encrypted board inquiry number in the storage unit 22b together with the authentication information C1. Further encryption is performed with the stored encryption key C1, and the encrypted information is transmitted to the CU control unit 21 (step C7). In step C7, when the processing unit 21a of the CU control unit 21 receives the encrypted information, the processing unit 21a decrypts the received information with the encryption key C1 stored in the storage unit 21b, and decrypts the decrypted board inquiry number (secret). It remains encrypted with the key B.) and the authentication information C1.

  Subsequently, the processing unit 21a of the CU control unit 21 transmits the board inquiry number (which is still encrypted with the secret key B) and the authentication information C1 together with the information request to the upper server 510. When receiving the board inquiry number (which is still encrypted with the secret key B) and the authentication information C1 together with the information request, the control unit 511 holds the information (step C8).

  Subsequently, the control unit 511 of the upper server 510 transmits the board inquiry number (which is still encrypted with the secret key B) and the authentication information C1 together with the information request to the key management center server 310, and the key management. When the control unit 511 of the center server 310 receives the board inquiry number (which is still encrypted with the secret key B) and the authentication information C1 together with the information request, the board inquiry number is stored in the storage unit 312. Decryption is performed with the secret key B, and these pieces of information are held (step C9).

  Subsequently, the control unit 511 of the key management center server 310 searches whether the same information as the stored authentication information C1 is stored in the storage unit 512, and if the same information is not stored, To the upper server 510. When the processing unit 511 of the higher-level server 510 receives the information indicating that the information is not stored, the processing unit 511 performs predetermined notification processing (for example, verification NG to the display unit included in the input / output unit 513) via the input / output unit 513 or the like. , A buzzer included in the input / output unit 513, etc. The following is the same for a predetermined notification process performed by the control unit 511. When the same information is stored, the control unit 311 of the key management center server 310 appropriately stores the decrypted board inquiry number in the storage unit 312 in association with the retrieved authentication information C1. The retrieved authentication information C1, the board inquiry number, the authentication information C2, the version information C, the encryption key C2, which are stored in the storage unit 312 in association with the authentication information C1, The authentication information A1, shipping information, version information A2, and update information are transmitted to the upper server 510 (step C10). At this time, the control unit 311 encrypts the board inquiry number, the authentication information A1, the shipping information, the version information A2, and the update information with the secret key B stored in the storage unit 312. To send.

  When receiving the information from the key management center server 310, the control unit 511 of the upper server 510 holds these information and keeps the CU control as it is (the one encrypted with the secret key B remains encrypted). It transmits to the part 21 (step C11).

  When receiving the information from the upper server 510, the processing unit 21a of the CU control unit 21 holds the information, communicates with the processing unit 22a of the security chip 22, and collates the authentication information C2 with each other (step C12). ). For example, the processing unit 21 a of the CU control unit 21 transmits the stored authentication information C <b> 2 to the security chip 22. The processing unit 22a of the security chip 22 receives the authentication information C2 transmitted from the CU control unit 21, and collates the received authentication information C2 with the authentication information C2 stored in the storage unit 22b. If this collation is NG, the process is stopped. If this verification is OK, the processing unit 22a of the security chip 22 transmits the authentication information C2 stored in the storage unit 22b to the CU control unit 21. The processing unit 21a of the CU control unit 21 receives the authentication information C2 transmitted from the security chip 22, and collates the received authentication information C2 with the held authentication information C2. If this collation is NG, the process is stopped.

  If the verification is OK, the mutual authentication is successful, and the processing unit 21a of the CU control unit 21 communicates again with the processing unit 22a of the security chip 22 to verify the version information C with each other ( Step C13). For example, the processing unit 21 a of the CU control unit 21 transmits the held version information C to the security chip 22. The processing unit 22a of the security chip 22 receives the version information C transmitted from the CU control unit 21, and collates the received version information C with the version information C stored in the storage unit 22b. If this collation is NG, the process is stopped. If this collation is OK, the processing unit 22a of the security chip 22 transmits the version information C stored in the storage unit 22b to the CU control unit 21. The processing unit 21a of the CU control unit 21 receives the version information C transmitted from the security chip 22, and collates the received version information C with the held version information C. If this collation is NG, the process is stopped.

  If the verification is OK, the processing unit 21a of the CU control unit 21 encrypts the stored encryption key C2 with the encryption key C1 and transmits it to the security chip 22, and the processing unit of the security chip 22 Upon receiving the encryption key C2, 22a decrypts the received encryption key C2 with the encryption key C1 stored in the storage unit 22b and holds it. Thereafter, the processing unit 21a and the processing unit 22a start encryption communication using the encryption key C2 (step C14).

  Subsequently, the processing unit 21a of the CU control unit 21 holds the board inquiry number, the authentication information A1, the shipping information, the version information A2, the update information, which are kept in an encrypted state. The permission information B is further encrypted with the encryption key C2 and transmitted to the security chip 22 (step C15).

  When the processing unit 22a of the security chip 22 receives the information from the CU control unit 21, the processing unit 22a first decrypts it with the encryption key C2 stored in the storage unit 22b. The information, version information A2, and update information are decrypted with the secret key B stored in the storage unit 22b and held. Then, the processing unit 22a compares the decrypted board inquiry number with the held board inquiry number. If both are the same, the decrypted authentication information A1 and shipping information are further stored in the storage unit 22b. The stored authentication information A1 and shipping information are collated, and if all are collated, the encryption key A2 is generated and held based on the decrypted update information (step C16). For example, the current date (obtained by referring to a predetermined calendar part) is logically calculated in the update information to generate the encryption key A2. If the board inquiry numbers are not the same (the information transmitted together with the board inquiry number may not be genuine information), or if all of the above verifications are not OK, the processing unit 22a stops the process.

  Next, the processing unit 22a of the security chip 22 requests the communication control IC 23 for version information A2. The processing unit 23a of the communication control IC 23 transmits the version information A2 to the security chip 22 if the version information A2 is held or stored in the storage unit 23b. 22 to send. Here, the fact that it is not held or stored is transmitted. When the processing unit 22a of the security chip 22 receives from the communication control IC 23 that it is not held or stored, the encryption information A2 is not updated (the latest encryption information A2 is not held or stored). Is determined. Further, when the processing unit 22a of the security chip 22 receives the version information A2 transmitted from the communication control IC 23, if the received version information A2 is different from the decrypted version information A2, the encryption information A2 Is determined not to be updated. In this way, the processing unit 22a of the security chip 22 confirms the update of the version information A2 (Step C17). If both are the same, it is determined that the encryption information A2 has been updated (that is, the latest encryption information A2 is set in the communication control IC 23), and the processing unit 22a of the security chip 22 Processing from C21 is performed. In addition, from step C17 to step C24, the processing unit 22a of the security chip 22 and the processing unit 23a of the communication control IC 23 appropriately exchange information exchanged with the encryption key A1 stored in the respective storage units 22b and 23b. It shall be encrypted and decrypted.

  When it is determined in step C17 that the encryption information A2 has not been updated, the processing unit 22a of the security chip 22 transmits the decrypted update information and version information A2 to the communication control IC 23 (step C18).

  When receiving the update information and the version information A2 transmitted from the security chip 22, the processing unit 23a of the communication control IC 23 generates and holds the encryption key A2 based on the received update information (Step C19). For example, the encryption key A2 is generated with the same logic as the generation in step C16. As a result, the same encryption key A2 is generated by the communication control IC 23 and the security chip 22, so that encryption communication based on the encryption key A2 is realized. The version information A2 indicating the version of the encryption key A2 is also shared by the communication control IC 23 and the security chip 22. For example, the encryption key A2 is generated by performing a logical operation on the update information and the current date (obtained by referring to a predetermined calendar part) as described above.

  When generating the encryption information A2, the processing unit 23a of the communication control IC 23 notifies the security chip 22 of the completion of the update of the encryption information A2 (step C20). When the processing unit 22a of the security chip 22 receives the update completion notification from the communication control IC 23, the processing unit 22a of the security chip 22 transmits a request for authentication information A2 to the communication control IC 23, and the processing unit of the communication control IC 23 When the request from the security chip 22 is received, the authentication information A2 stored in the storage unit 23b is transmitted to the security chip 22. When the processing unit 22a of the security chip 22 receives the authentication information A2 transmitted from the communication control IC 23, the processing unit 22a collates the received authentication information A2 with the authentication information A2 stored in the storage unit 22b (step). C21).

  When the verification of the authentication information A2 fails (including the case where there is no transmission of the authentication information A2 to the security chip 22 for a certain period of time), the processing unit 22a of the security chip 22 stops the subsequent processing.

  On the other hand, when the verification of the authentication information A2 is successful, the process of step C22 is performed. In the process of step C22, the processing unit 22a of the security chip 22 transmits the authentication information B2 stored in the storage unit 22b to the communication control IC 23 together with the verification request, and the processing unit 23a of the communication control IC 23 When the authentication information B2 and the verification request are received, the verification information B2 stored in the storage unit 23b and the received authentication information B2 are verified, and if the verification is NG, the subsequent processing is stopped. To do. On the other hand, when the collation is OK, the processing unit 23a of the communication control IC 23 notifies the security chip 22 to that effect.

  When notification of verification OK is performed by the processing unit 23a of the communication control IC 23, the process of step C23 is performed. When receiving the verification OK notification from the communication control IC 23, the processing unit 22a of the security chip 22 performs communication control on the authentication information A1, the shipping information, and the held version information A2 stored in the storage unit 22b together with the verification request. When the processing unit 23a of the communication control IC 23 receives the authentication information A1, the shipping information, and the version information A2 from the security chip 22, the authentication information A1, the shipping information stored in the storage unit 23b, the shipping information, The held version information A1 is compared with the received authentication information A1, shipping information, and version information A1. When the verification is NG (when at least one of the above information is NG), The subsequent processing is stopped. On the other hand, when the collation is OK (when all the collations for the above information are OK), the processing unit 23a of the communication control IC 23 notifies the security chip 22 to that effect.

  When notification of verification OK is performed by the processing unit 23a of the communication control IC 23, the process of step C24 is performed. That is, the processing unit 22a of the security chip 22 and the processing unit 23a of the communication control IC 23 start encryption communication with the encryption key A2 held by each.

  When the encrypted communication is started, the processing unit 22a of the security chip 22 encrypts the stored permission information B with the stored encryption key A2, transmits it to the communication control IC 23, and the processing unit 23a of the communication control IC 23. The received permission information B is decrypted with the retained encryption key A2, and further decrypted with the secret key A stored in the storage unit 23b and retained. By this holding, the permission information B is set in the communication control IC 23 (step C25). With this setting, the communication control IC 23 can perform the processing after step C26 for the first time. In step C25, the processing unit 23a of the communication control IC 23 notifies the communication control IC 23 that the permission information A is held. Here, the permission information B is decrypted for the first time by the communication control IC 23. In other words, it is not decoded by the intermediate device. Thereby, the confidentiality of the permission information B is ensured. Moreover, since the process after step C26 is performed for the first time by such setting of the permission information B, for example, careless improper use of the communication control IC 23 is suppressed.

  When receiving the notification that the permission information B is held from the communication control IC 23, the processing unit 22a of the security chip 22 requests the communication control IC 23 for chip information (step C26). Similarly to the permission information A, the request for chip information may be encrypted and decrypted with the encryption key A2.

  The chip information includes the chip information of the payout control chip 11 and the chip information of the main control chip 13 as described above. The chip information of the payout control chip 11 is identification information for identifying the payout control chip 11. In the present embodiment, the chip information includes a unique numerical value for each payout control chip 11. The chip information of the main control chip 13 is identification information for identifying the main control chip 13. In the present embodiment, the chip information includes a unique numerical value for each main control chip 13. The chip information of the payout control chip 11 is stored in advance in the storage unit 11b of the payout control chip 11, and the chip information of the main control chip 13 is stored in advance in the storage unit 11b of the main control chip 13.

  When receiving the chip information request from the security chip 22, the processing unit 23a of the communication control IC 23 acquires the chip information (step C27). For example, the processing unit 23a of the communication control IC 23 communicates with the payout control chip 11 of the pachinko machine 10 and transmits a request for chip information. When receiving the request, the processing unit 11 a of the payout control chip 11 issues a chip information transmission request to the main control chip 13 of the pachinko machine 10. When receiving the request, the processing unit 13 a of the main control chip 13 transmits the chip information of the main control chip 131 stored in the storage unit 13 b to the payout control chip 11. When receiving the chip information of the main control chip 13, the processing unit 11 a of the payout control chip 11 communicates the chip information of the payout control chip 11 stored in the storage unit 11 b together with the received chip information of the main control chip 13. It returns to the control IC 23. Thereby, the processing unit 23a of the communication control IC 23 receives the chip information to acquire the chip information. The chip information is held in the processing unit 23a.

  The processing unit 23a of the communication control IC 23 generates a chip number from the chip information acquired in Step B12 (Step C28). For example, the processing unit 23a performs a logical operation on the chip information and predetermined information (for example, authentication information C2) to generate a chip number. The chip number is generated for each chip information of the payout control chip 11 and chip information of the main control chip 13, for example. The chip number and chip information are held in the processing unit 23a.

  The chip information (the same chip information as the chip information acquired in step C26) is associated with the chip number in advance at an appropriate timing (chip information of the payout control chip 11 and main control chip 13). Assume that it is stored in the storage unit 312 of the key management center server 310 in association with each chip information). The chip number is generated with the same logic as in step C27. For example, similarly to the above, the control unit 311 performs a logical operation on the chip information and predetermined information (for example, authentication information C2) to generate a chip number. Therefore, if the chip information is the same, the chip number is also the same.

  The processing unit 23a of the communication control IC 23 encrypts the held chip information and chip number with the encryption key A2, and transmits them to the security chip 22. The processing unit 22a of the security chip 22 receives the chip information and chip number. Then, it is decrypted and held with the encryption key A2 (step C29).

  Next, the processing unit 22a of the security chip 22 automatically generates and holds a chip inquiry number from the held chip number or the like (step C30). The chip inquiry number is generated, for example, by performing a logical operation on the chip number and the current date and time (for example, the processing unit 22a specifies the current date and time by referring to a calendar unit (not shown)) (necessary). Depending on the authentication information C2 or the like may be used).

  Next, the processing unit 22a of the security chip 22 encrypts the held chip information and the chip inquiry number with the secret key B stored in the storage unit 22b, respectively, and the encrypted chip information and the chip inquiry number are encrypted. And the chip number held by the processing unit 22a are encrypted with the held encryption key C2 and transmitted to the CU control unit 21 (step C31).

  The processing unit 21a of the CU control unit 21 decrypts with the encryption key C2 that holds the chip information from the security chip 22, the chip inquiry number, and the chip number, holds the decrypted information (chip information and The chip inquiry number remains encrypted with the secret key B.) The decrypted information is transmitted to the upper server 510 (step C32).

  When the control unit 511 of the upper server 510 receives each information transmitted from the CU control unit 21 (the chip information and the chip inquiry number remain encrypted with the secret key B), each received information Are held in correspondence with each other and transmitted to the key management center server 310 (step C33).

  When the control unit 311 of the key management center server 310 receives each piece of information transmitted from the upper server 510 (the chip information and the chip inquiry number remain encrypted with the secret key B), the control unit 311 receives the chip information. The chip inquiry number is stored in the secret key B stored in the storage unit 312 (the control unit 311 of the key management center server 310 uses the secret key B once when transmitting / receiving information to / from the upper server 510, The information sent from the higher-level server 510 is decrypted with the secret key B.) and the same chip number as the chip number of the information is retrieved from the storage unit 312. Then, the chip information associated with the retrieved chip number is collated with the decrypted chip information to generate a collation result (step C34). Even if one of the same chip numbers cannot be searched, the collation result is NG. Further, if at least one included in the chip information is verification NG, the verification result is NG. If all the same chip numbers can be searched and the chip information is all verified, the verification result is OK.

  The control unit 311 of the key management center server 310 stores the collation result and the chip inquiry number in the storage unit 312 in association with the retrieved chip number and the collated chip information (stored for each pachinko machine 10). The collation result, the chip inquiry number, and the chip number are transmitted to the upper server 510 (step C35). At this time, the control unit 311 encrypts the verification result and the chip inquiry number with the secret key B and transmits the encrypted result.

  The control unit 511 of the upper server 510 associates each piece of information transmitted from the key management center server 310 with the chip information held in step C33 and stores it in the storage unit 512 (stored for each pachinko machine 10). The information transmitted from the key management center server 310 is transmitted to the CU control unit 21 as it is (step C36). Of the information stored in the storage unit 512, the verification result, the chip inquiry number, and the chip information remain encrypted with the secret key B.

  The processing unit 21a of the CU control unit 21 associates and holds each piece of information transmitted from the higher order server 510 and the chip information held in Step C32 and holds each piece of information transmitted from the higher order server 510. The encrypted key C2 is encrypted and transmitted to the security chip 22 (step C37). Of the information held by the processing unit 21a, the verification result, the chip inquiry number, and the chip information remain encrypted with the secret key B.

  The processing unit 22a of the security chip 22 first decrypts each piece of information transmitted from the CU control unit 21 with the held encryption key C2, and among the decrypted pieces of information, the verification result, the chip inquiry number, and the chip information Are decrypted with the secret key B stored in the storage unit 22b. Then, the chip inquiry number generated and held in step S30 is compared with the decrypted chip inquiry number, and if they are the same, the collation result is captured (held). Thereby, the processing unit 22a of the security chip 22 holds the collation result, the chip inquiry number, the chip information, and the chip number. If the two chip inquiry numbers are different, there is a possibility that the collation result has been manipulated illegally, and the subsequent processing is stopped.

  If the collation result is NG, the processing unit 22a of the security chip 22 stops the subsequent processing, and if the collation result is OK, the communication control IC 23 indicates the authentication result indicating that the authentication of each chip of the pachinko machine 10 is OK. (Step C38). This authentication result is held in the processing unit 23a of the communication control IC 23. The communication control IC 23 can generate the following session key by holding the authentication result indicating that the authentication is OK.

  Next, the processing unit 22a of the security chip 22 transmits a request for a session key to the communication control IC 23 (step C39). A key is automatically generated (step C40). For example, the processing unit 22a includes a random number generation circuit, and generates a session key based on the random number generated by the random number generation circuit. For example, the session key may be generated by performing a logical operation on the random number and predetermined information (for example, information stored in the storage unit 23b).

  The processing unit 23a of the communication control IC 23 holds the generated session key and notifies the generated chip key to the security chip 22 (step C41). When the processing unit 22a of the security chip 22 receives the session key from the communication control IC 23, the processing unit 22a and the processing unit 23a transmit and receive information (business message, etc.) for performing processing related to the game (for example, CU The control unit 21 and the payout control chip 11 of the pachinko machine perform information transmission / reception relaying of business telegrams in the ball lending process. In this transmission / reception, the transmission / reception information is encrypted with a session key. By decrypting, the processing unit 22a and the processing unit 23a perform encrypted communication (step C42).

  In the above processing, because the processing is canceled due to verification NG (authentication failure), mutual authentication failure, etc., the card unit 20 remains in normal operation even after a certain time has elapsed since the start of the operation check of the card unit 20. If the process does not shift to (transmission / reception of information (business message, etc.) for processing related to a game), the main control chip 13 and the payout control chip 11 of the pachinko machine 10, the security chip 22 of the card unit 20, the communication control There is a possibility that the IC 23, the CU control unit 21 and the like have been replaced, and the possibility of the replacement can be notified by the card unit 20 not shifting to the normal operation. Note that the CU control unit 21 or the like may notify that the verification is NG by turning on the lamp of the card unit 20 when the verification is NG. In the case of collation NG in steps C3, C5, C12, C13, C14, etc., authentication of the CU control unit 21 of the card unit 20 has failed, and steps C3, C5, C12, C13, C14, C22, In the case of verification NG at C23 or the like, authentication of the security chip 22 (security board 24) has failed, and in the case of verification NG at step C21 or the like, authentication of the communication control IC 23 has failed. Thus, when the collation is NG in step C34 or the like, authentication of at least one of the payout control chip 11 and the main control chip 13 of the pachinko machine 10 has failed. In this embodiment, when authentication is performed on a plurality of devices (including substrates) such as the payout control chip 11 and the main control chip 13, the entire control is performed due to any authentication failure (verification NG). Authentication has failed (overall verification NG). As a result, even if the authentication result is read, it is not known which device has failed to be authenticated, and misuse of the authentication result is prevented.

  In the above processing, encrypted communication may also be performed for information exchange (steps C11, C32, etc.) between the CU control unit 21 and the upper server 510. In this case, for example, a common encryption key is set in the CU control unit 21 and the upper server 510, and encrypted communication is performed using this encryption key.

  In the above processing, encrypted communication may also be performed for information exchange (step C10, step C33, etc.) between the upper server 510 and the key management center server 310. In this case, for example, a common encryption key is set in the host server 510 and the key management center server 310, and encrypted communication is performed using this encryption key.

  In the above process, the permission information B can only be decrypted by the communication control IC 23 with the secret key A (step C25). Therefore, the upper server 510, the CU control unit 21, and the security chip 22 that relay the permission information B B cannot be decrypted, and the risk of leakage of the permission information B is reduced or prevented.

  In the above processing, the board inquiry number, the chip inquiry number, the chip information, the update information, etc. are encrypted by the secret key B that cannot be decrypted by the upper server 510 and the CU control unit 21, and are transmitted via the upper server 510 and the CU control unit 21. Since it is exchanged between the security chip 22 and the key management center server 310 (steps C10 to C11, steps C31 to C33, etc.), it is possible to prevent the host server 510 and the CU control unit 21 from performing inadvertent decryption. The risk of information leakage is reduced or prevented. In particular, when the security chip 22 transmits information (chip number or the like) that may be decrypted by the CU control unit 21, encryption is performed with the encryption key C 2, and finally the security chip 22 starts the key management center. When information (substrate inquiry number, chip inquiry number, etc.) is transmitted to the server 310, a part of the information is encrypted with the secret key B. In this way, by properly using encryption keys according to the final destination of information (information importance), it is possible to prevent inadvertent decryption, and the risk of information leakage is reduced or prevented. . In addition, the inquiry information such as the chip inquiry number and the board inquiry number is added at the time of inquiry (transmission of authentication information C1 and the chip number), and also when the verification result is returned. When this inquiry information is added and the returned inquiry information is the same as the transmitted inquiry information, the matching result (information transmitted together with the inquiry information) is treated as genuine (legitimate), and then Since processing (for example, processing using matching results, processing according to matching results, etc.) is performed, for example, if the matching results are changed in the middle of the inquiry, the inquiry information is different, so the change is detected. It is possible to detect an illegal operation of the collation result. Further, since the query information cannot be decrypted by the host server 510 and the CU control unit 21, the manipulation of the collation result using the query information (the stealing of the query information, the stolen query information and the illegal collation result, etc.) By transmitting both, it is possible to detect an operation that causes the security chip 22 to recognize the verification result and the like as authentic. Since the chip inquiry number is generated from the chip number (step C30) and the chip number is generated from the chip information (step C27), the chip inquiry number is also generated from the chip information. The chip inquiry number may be generated directly from the chip information.

  In the above process, the encryption key A2 used in the encryption communication between the security chip 22 and the communication control IC 23 is generated from the update information. The update information is transmitted from the security chip 22 to the communication control IC 23, and both generate the encryption key A2 separately (steps C16 and C19). Accordingly, since the encryption key A2 is not transmitted as it is, for example, even when information is read from the signal line connecting the security chip 22 and the communication control IC 23, the encryption key A2 is not directly read. The risk of leakage is reduced or prevented. Furthermore, since the update information is transmitted from the key management center server 310 (steps C10, C11, C15), the update information is managed externally, and information leakage occurs rather than managing the update information by the security chip 22 itself. Risk is reduced or prevented. That is, it is difficult to analyze what kind of encryption key A2 is generated only by analyzing the security chip 22, so that the risk of leakage of the encryption key A2 can be reduced.

  The main control chip 13, the payout control chip 11, and the security board 24 (synonymous with the security chip 22 and the like) are authenticated by the external key management center server 310 (verification in step C34, search in step C10, etc.). The accuracy of authentication is guaranteed to a certain level.

(After new installation of the pachinko machine 10 and the card unit 20 in the game hall 500)
In the above description, the case where both the pachinko machine 10 and the card unit 20 are newly installed has been described. When the above processing is completed after the new installation, the host server 510, the card unit 20, and the pachinko machine 10 are powered off ( Power off).

  When the power is turned off, the board inquiry number, the authentication information C1, the authentication information C2, the version information C, the encryption key C2, the authentication information A1, the shipping information, the version information A2, and the update information held by the upper server 500 are lost. Is called. Such information may be deleted.

  In addition, the chip number, chip information, and chip inquiry number held in the processing unit 21a of the CU control unit 21 are lost when the power is turned off. Such information may be deleted.

  On the other hand, the processing unit 21a of the CU control unit 21 includes permission information B, unified store code, encryption key C1, board inquiry number, authentication information C1, authentication information C2, version information C, encryption key C2, and authentication information. When A1, shipping information, version information A2, and update information are held, they are held in the non-volatile RAM, so that even when the power is turned off, these pieces of information are not lost and are held. These pieces of information may be stored in the storage unit 21b so that they are not lost even when the power is turned off. In the following description, it is assumed that these pieces of information are stored in the storage unit 21b.

  Further, the unified store code, the board inquiry number, and the session key held by the processing unit 22a of the security chip 22 are lost when the power is turned off. Such information may be deleted.

  On the other hand, the processing unit 22a of the security chip 22 stores the permission information B, version information A2, update information, encryption key A2, chip number, chip information, chip inquiry number, and verification result in the nonvolatile RAM. By holding, even when the power is turned off, these pieces of information are not lost and remain held. These pieces of information may be stored in the storage unit 22b so that they are not lost even when the power is turned off. In the following description, it is assumed that these pieces of information are stored in the storage unit 22b.

  Further, the permission information B, chip number, chip information, authentication result, and session key held by the processing unit 23a of the communication control IC 23 are lost when the power is turned off. Such information may be deleted.

  On the other hand, when the processing unit 23a of the communication control IC 23 holds the version information A2, the update information, and the encryption key A2, the information is not lost even when the power is turned off by holding it in the nonvolatile RAM. , Remain retained. Such information may be stored in the storage unit 23b so as not to be lost even when the power is turned off. In the following description, it is assumed that these pieces of information are stored in the storage unit 23b.

  Each piece of information lost when the power is turned off may be held in a non-volatile RAM or stored in a storage unit for the purpose of backup or the like in each of the control unit and the processing unit. Even in this case, information (such as a board inquiry number) generated based on predetermined information in each of the control unit and the processing unit may be lost or deleted when the power is turned off. .

  After the card unit 20 and the pachinko machine 10 described above are newly installed, the card unit 20, the pachinko machine 10, and the upper server 500 are turned on when the amusement hall 500 is normally opened. Processing for authenticating the CU control unit 20, the security chip 22 (security board 24), the communication control IC 23, the payout control chip 11 of the pachinko machine 10, and the main control chip 13 is performed. Since this process starts with the above information remaining, an operation different from the operation at the time of new installation is performed in each device. Hereinafter, the operation at this time (operation during normal business) will be described.

  The encryption key C2 and version information C stored in the storage unit 21b of the CU control unit 21 are updated as appropriate. This update is performed from the key management center server 310, for example. Specifically, for example, when a new encryption key C2 and version information C are recorded in the key management center server 310, these pieces of information are stored in the storage unit 21b supplied to the CU control unit 21 via the host server 510. (For example, it is performed at a timing after the upper server 510 and the card unit 20 are powered on). Note that only the version information C may be stored in the storage unit 21b first, and the encryption key C2 may be stored in the storage unit 21b in the processing described later.

  First, a process for performing a normal operation (authentication of the CU control unit 21, the security chip 22 (security board 24), and the communication control IC 23) that handles information of the card unit 20 will be described with reference to FIG.

  First, the processing unit 21a of the CU control unit 21 is triggered by the power of the card unit 20 being turned on in the state where the card for normal operation is inserted in the card unit 20 as in the case of the new installation ( At this time, the power of the pachinko machine 10 is also turned on.) A connection request for requesting connection with the upper server 510 is transmitted to the upper server 510 (step D1). Note that, unlike step C1, at this time, since the permission information B, the unified store code, and the encryption key C1 are stored in the storage unit 21b of the CU control unit 21, the processing unit 21a of the CU control unit 21 is , A connection request indicating that is transmitted.

  Upon receiving the connection request from the processing unit 21a, the control unit 511 of the upper server 510 establishes communication with the CU control unit 21 (step D2).

  After step D2, the processing unit 21a of the CU control unit 21 communicates with the processing unit 22a of the security chip 22 to collate the manufacturer information B with each other (step D3). Since the process of this step is the same as that of step C3, description is abbreviate | omitted. If at least one of the mutual verifications is NG, the subsequent processing is stopped. On the other hand, if the mutual verification is OK, the processing unit 21a of the CU control unit 21 makes a connection request (transmission of the stored unified store code) to the security chip 22 (step D4).

  When the processing unit 22a of the security chip 22 receives the unified store code from the CU control unit 21, based on the held unified store code, the date and time and authentication information C2 stored in the storage unit 22b, the substrate An inquiry number is generated and held (step D5). Since this process is the same as step C6, description thereof is omitted.

  Following step D5, the processing unit 22a of the security chip 22 encrypts the board inquiry number with the secret key B stored in the storage unit 22b, and stores the encrypted board inquiry number in the storage unit 22b together with the authentication information C1. Further encryption is performed with the stored encryption key C1, and the encrypted information is transmitted to the CU control unit 21 (step D6). In step D6, when the processing unit 21a of the CU control unit 21 receives the encrypted information, the processing unit 21a decrypts the received information with the encryption key C1 stored in the storage unit 21b, and decrypts the decrypted board inquiry number (secret). It remains encrypted with the key B.) and the authentication information C1.

  Here, at the time of new installation, an information request (step C8) is performed after this, but the authentication information C1 previously transmitted from the key management center server 310, the authentication is stored in the storage unit 21b of the CU control unit 21. Since the information C2, the version information C, and the encryption key C2 are stored, the processing unit 21a of the CU control unit 21 communicates with the processing unit 22a of the security chip 22 when there is such storage, The authentication information C2 is collated with each other (step D7). Since this step D7 is the same as step C12, description thereof is omitted.

  If all the collations in step D7 are not OK, the processing is stopped, but if all are OK, the processing unit 21a of the CU control unit 21 and the processing unit 22a of the security chip 22 again. Communication is performed and the version information C is collated with each other (step D8). Since this step D8 is the same as the process of step C13, description thereof is omitted.

  If the collation in step D8 is OK, thereafter, the processing unit 21a and the processing unit 22a start encryption communication using the encryption key C2 stored in each storage unit (step D9). If all the collations in step D8 are not OK, the process is stopped.

  After step D9, steps D10 to D14 are performed. Since these processes are the same as steps C21 to C25, respectively, description thereof will be omitted.

  In the processing as described above, on the condition that an inquiry to the key management center server 310 has been made once, information processing to the key management center server 310 is not performed in the normal processing, so the key management center The processing load on the server 310 is reduced. Further, since there is little possibility of information leaking outside the game hall 500, the risk of information leakage can be avoided.

  Note that the processing unit 22a of the security chip 22 may have a first mode and a second mode (see FIG. 18). For example, when the encryption key C2 is not stored in the storage unit 22b (this is also the case when newly installed), the processing unit 22a does not verify all the verifications in step D8 (any verification is not OK). In this case, the processing unit 22a and the processing unit 21a may notify each other accordingly.) If encryption communication cannot be performed in step D9 (even in this case, it can be considered that the authentication has failed). Since the encryption key C2 may be updated or the encryption key C2 may be deleted for some reason, the processing unit 21a of the CU control unit 21 and the processing unit 22a of the security chip 22 It operates in the first mode, and after steps C4 and after steps D8 and D9, processes from step C5 to C25 are performed. On the other hand, the processing unit 22a of the security chip 22 can perform encrypted communication with the encryption key C2 when the encryption key C2 is stored in the storage unit 22b (that is, once the key is stored). Since the authentication at the management center server 310 (authentication of the security board 24) is performed), the process of step D5 is performed after step D4. As described above, even after an information request is once made to the key management center server 310, it is possible to appropriately cope with an exceptional situation such as updating of the encryption key C2. As a result, the processing unit 22a of the security chip 22 performs authentication on the authentication information C2 acquired from the key management center server 310 or performs CU control for authentication using the authentication information C2 or the like. The authentication inquiry, such as whether to authenticate the authentication information C2 stored in the unit 21, can be changed. As a result, appropriate authentication according to the situation is possible. From another point of view, the CU control unit 21 authenticates the security chip 22 using the authentication information C2 stored (including the case where it is held) and the like (the security chip 22 in step D7). If the authentication is successful, the key management center server 310 is not inquired via the upper server 510. If the authentication is unsuccessful, the key via the upper server 510 is not verified. The management center server 310 is inquired. Note that the processing unit 22b of the security chip 22 may instruct the CU control unit 21 whether or not there is a need to make an inquiry to the key management center server 310 via the upper server 510 according to the authentication result. When an inquiry to the key management center server 310 is instructed, the CU control unit 21 stores the key management center server 310 regardless of the storage of the authentication information C1, the authentication information C2, the version information C, the encryption key C2, and the like. Make an inquiry to

  Next, a process for performing a normal operation (authentication of the main control chip 13 and the payout control chip 11) that handles information of the pachinko machine 10 will be described with reference to FIG.

  The processing unit 22a of the security chip 22 requests chip information from the communication control IC 23 (step E1). When receiving the request for chip information from the security chip 22, the processing unit 23a of the communication control IC 23 acquires the chip information (step E2). The processing unit 23a of the communication control IC 23 generates a chip number from the chip information acquired in step E2 (step E3). Since the processing from steps E1 to E3 is the same as the processing from steps C26 to C28, description thereof will be omitted.

  The processing unit 23a of the communication control IC 23 encrypts the chip information and the chip number with the encryption key A2, and transmits the encrypted information to the security chip 22. When the processing unit 22a of the security chip 22 receives the chip information and the chip number, the encryption key A2 is received. However, since the chip number and the chip information are already stored in the storage unit 23b together with the collation result, the processing unit 22a uses the chip information stored in the storage unit 22b and the decoded chip information. Collation is performed, and it is determined whether the collation is OK (in the case of collation OK for all chips). Further, it is determined whether or not the collation result stored in the storage unit 22b is OK. When the collation result is OK, the chip information stored together with the collation result is information on which the collation OK result is output in the key management center server 310 when the pachinko machine 10 is newly installed (that is, the legitimacy is valid). If the verification of the chip information is also OK, the chip information acquired from the pachinko machine 10 is valid, that is, the main control chip 13 and the payout control unit 11 can be valid. High nature. In this case, the processing unit 22a encrypts the chip information with the secret key B stored in the storage unit 22b, further encrypts the encrypted chip information together with the chip number with the encryption key C2, and performs CU control. To the unit 21. At this time, the processing unit 22a does not need to inquire about the verification of the chip information, and therefore transmits the fact that there is no need for inquiry together with the encrypted information (step E6). The processing unit 21a of the CU control unit 21 decrypts and holds the received information encryption key C2. Further, since the processing unit 21a of the CU control unit 21 has received the information that there is no need for an inquiry, the information is not transmitted to the upper server 510.

  After step E6, the processing unit 22a of the security chip 22 transmits an authentication OK authentication result to the communication control IC 23, and the processing unit 23a of the communication control IC 23 holds the authentication result (step E7). Thereafter, the processes after Step C39 are appropriately performed.

  According to the processing as described above, the key information is verified in the key management center server 310. If the verification is OK, the verification of the chip information is performed in the card unit 20 thereafter. Authentication at an appropriate location is realized depending on the situation. In addition, since the chip information is not transmitted to the upper server 510 or the key management center 310, the processing load is reduced.

  Note that the processing unit 23a of the communication control IC 23 can change the level of the chip authentication inquiry (how far the chip information is transmitted) according to the situation. This point will be described with reference to FIGS. In the case of FIG. 19, since there is no inquiry as a result, the inquiry level is the lowest.

  FIG. 20 explains in detail the flow of processing when the chip information is not stored in the storage unit 22b of the security chip 22.

  The processing unit 22a of the security chip 22 requests chip information from the communication control IC 23 (step F1). When receiving the chip information request from the security chip 22, the processing unit 23a of the communication control IC 23 acquires the chip information (step F2). The processing unit 23a of the communication control IC 23 generates a chip number from the acquired chip information (step F3). The processing unit 23a of the communication control IC 23 encrypts the chip information and the chip number with the encryption key A2, and transmits the encrypted information to the security chip 22. When the processing unit 22a of the security chip 22 receives the chip information and the chip number, the encryption key A2 is received. In addition, since the chip information or the like is not stored in the storage unit 22b (that is, because it is in the same state as that at the time of the new installation), the chip information or the like is held (step F4). Next, the processing unit 22a of the security chip 22 automatically generates a chip inquiry number from the held chip number or the like and holds it (step F5).

  Next, the processing unit 22a of the security chip 22 encrypts the held chip information and the chip inquiry number with the secret key B stored in the storage unit 22b, and encrypts the chip information and the chip inquiry number. Is encrypted with the encryption key C2 together with the chip number held by the processing unit 22a and transmitted to the CU control unit 21 (step F6). At this time, since no chip information or the like is stored in the storage unit 22b, the processing unit 22a cannot perform its own collation as described above, and therefore also transmits information requesting an inquiry to the upper server 510. The processing unit 21a of the CU control unit 21 decrypts the chip information, the chip inquiry number, and the chip number from the security chip 22 with the encryption key C2 and holds the decrypted information (chip information and chip inquiry number). Is still encrypted with the secret key B.) Since the information requesting the inquiry to the upper server 510 is received, each information decrypted above is transmitted to the upper server 510 together with the verification request. (Step F7). Steps F1 to F7 are basically the same processing as steps C26 to C32, and thus detailed description thereof is omitted.

  In step F8, the host server 510 operates differently depending on whether or not the same chip number (and / or authentication result) as the transmitted chip number is stored in the storage unit 512. As described above, when the chip information or the like is not stored in the storage unit 22b of the security chip 22 and the corresponding chip number is not stored in the storage unit 512 of the upper server 510, the pachinko machine 10 It will be newly installed like this. In this case, the processing after step C33 is performed thereafter. On the other hand, as described above, when the chip information or the like is not stored in the storage unit 22b of the security chip 22 and the chip number corresponding to the storage unit 512 of the upper server 510 is stored, the pachinko machine has been previously used. Authentication is performed for each chip of the machine 10. That is, in this case, only the card unit 20 is newly installed. In such a case, the processing after step F9 (see FIG. 21) is performed thereafter.

  In step F9, the control unit 511 of the upper server 510 stores the same chip number as the chip number transmitted in step F7 stored in the storage unit 512, chip information stored together with this chip number, chip inquiry number, The collation result is transmitted to the CU control unit 21 (step F9). When the processing unit 21a of the CU control unit 21 receives the chip number, the chip information, the chip inquiry number, and the verification result, it transmits it directly to the security chip 22 (step F10). When the processing unit 22a of the security chip 22 receives the chip number, the chip information, the chip inquiry number, and the verification result, the processing unit 22a decrypts the chip information, the chip inquiry number, and the verification result using the secret key B stored in the storage unit 22b. If the decrypted and decrypted chip query number is the same as the chip query number generated in step F5, the decrypted verification result is fetched. When the collation result is collation OK (for example, when the collation result is collation NG, for example, the processing is stopped), the processing unit 22a transmits the authentication OK authentication result to the communication control IC 23. Thereafter, the processes after Step C39 are appropriately performed. The processing unit 22a may collate the decrypted chip information with the chip information transmitted in step F4. However, the chip number is generated based on the chip information, and the fact that there is the same chip information in the upper server 510 is highly likely that the verification of the chip information is also the verification OK. As described above, the upper server 510 substantially authenticates the chip of the pachinko machine 10 by the chip number.

  FIG. 21 describes in detail the flow of processing when the collation result stored in the storage unit 22b of the security chip 22 is collation NG.

  The processing unit 22a of the security chip 22 requests chip information from the communication control IC 23 (step G1). When receiving the request for chip information from the security chip 22, the processing unit 23a of the communication control IC 23 acquires the chip information (step G2). The processing unit 23a of the communication control IC 23 generates a chip number from the acquired chip information (step G3). The processing unit 23a of the communication control IC 23 encrypts the chip information and the chip number with the encryption key A2, and transmits the encrypted information to the security chip 22. When the processing unit 22a of the security chip 22 receives the chip information and the chip number, the encryption key A2 is received. As in step E6 and the like, the collation result stored in the storage unit 22b is OK or the chip information stored in the storage unit 22b is collated with the decrypted chip information. It is determined whether it is OK (in the case of collation OK for all chips) (step G5). Here, since the collation result is NG, the main control chip 13 and the payout control chip 11 of the pachinko machine 10 are replaced at the time of the previous collation, regardless of the result of collating the chip information in step G5. Therefore, the processing unit 22a inquires the key management center server 310 about the authentication of this chip. Specifically, the processing unit 22a of the security chip 22 automatically generates and holds a chip inquiry number from the held chip number or the like (step G5). Next, the processing unit 22a of the security chip 22 encrypts the held chip information and the chip inquiry number with the secret key B stored in the storage unit 22b, and encrypts the chip information and the chip inquiry number. Is encrypted with the encryption key C2 together with the chip number held by the processing unit 22a and transmitted to the CU control unit 21 (step G6). At this time, since the collation is NG, information for requesting an inquiry to the key management center server 310 is transmitted. The processing unit 21a of the CU control unit 21 decrypts the chip information, the chip inquiry number, and the chip number from the security chip 22 with the encryption key C2 and holds the decrypted information (chip information and chip inquiry number). Is still encrypted with the secret key B.) Since the information requesting the inquiry to the key management center server 310 has been received, the key management center server 310 is inquired about the information decrypted above. The request is sent to the upper server 510 together with the requested collation request (step G7).

  Since the control unit 511 of the upper server 510 has received the verification request for requesting the key management center server 310 to inquire, the information transmitted from the CU control unit 21 is directly used together with the verification request as well as the key management center server. To 310. As a result, the processing unit 22a of the security chip 22 has transmitted chip information and the like to the key management center server 310, and an authentication inquiry has been made. Thereafter, collation is performed in the key management center server 310, and the processes after step C34 are performed. In the case where the collation result is NG also in the key management center server 310, there is a high possibility that fraud such as switching to at least one of the main control chip 13 and the payout control chip 11 has been performed. On the other hand, when the collation result is OK, there is a possibility that the pachinko machine 10 is newly installed or the pair with the card unit 20 is changed.

  To summarize the above, for example, when the collation result stored in the storage unit 22b is NG (when the previous authentication result in the key management center server 310 has failed), the collation result in the processing unit 22a ( Regardless of the result of verification using the transmitted chip information (regardless of whether or not the various chips of the pachinko machine 10 are authenticated using the chip information), the key management center server 310 becomes the inquiry destination. Further, when the collation result stored in the storage unit 22b is OK (when the previous authentication result at the key management center server 310 is successful) and the collation result at the processing unit 22a is also OK (use chip information). If the authentication of the various chips of the pachinko machine 10 was successful), there is no contact information. On the other hand, when the collation result and the chip information are not stored, the upper server 510 becomes the inquiry destination. In addition, when the collation result stored in the storage unit 22b is OK and the collation result in the processing unit 22a is NG (when authentication of various chips of the pachinko machine 10 using the chip information has failed), the pachinko machine Since there is a possibility that the machine 10 has moved, the chip information or the like may be stored in the upper server 510, so the upper server 510 may be inquired. As a precaution, an inquiry to the key management center server 310 may be made.

  As described with reference to FIG. 19 to FIG. 22, the security chip 22 is in a situation such as whether or not the chip information is stored in the storage unit 22b (that is, the collation result of the chip information transmitted by the pachinko machine 10). Depending on the situation, it is determined how far the chip information inquiry is to be made, and the inquiry is made (that is, the chip information is transmitted to the determined inquiry destination and the inquiry is made). Appropriate authentication is performed according to. In particular, if the authentication is OK in the past, the subsequent authentication is completed in the card unit 20 or the game arcade 500, so there is no need to send information to other devices or outside the game arcade 500. It is desirable from the aspect.

  As described above, in the present embodiment, an appropriate authentication process can be performed even after the pachinko machine 10 and the card unit 20 are newly installed. In normal business hours, processing from steps D1 to D14, processing from steps E1 to E7, and processing from step C39 are performed. Further, immediately after only the pachinko machine 10 is newly installed, the processing from step D1 to D14, the processing between steps G1 to G8, and the processing after step C34 are performed. Further, immediately after only the card unit 20 is newly installed, the processing from Step C1 to C25, the processing from Step F1 to F11, and the processing from Step C39 are performed. As described above, the gaming system 1 according to the present embodiment is configured to perform an appropriate operation in accordance with various situations.

  The inquiry level can also be designated from the outside by control information or the like. For example, control information is stored in the storage unit 312 of the key management center server 310 (for example, based on an operation (an operation for storing control information) on the key management center server 310 by an employee of the key management center 300). Done.) This control information is information that specifies an authentication level in the security chip 22, for example.

  For example, when the chip information includes various information (identification information, chip version, chip manufacturer code, etc.) for authenticating the main control chip 13 and the payout control chip 11 of the pachinko machine 10, this control information is For example, in the verification of chip information, this is information that specifies which information included in the chip information is used for verification. If all the information is used for verification, the authentication level increases. If there is little information used for verification, the authentication level decreases. Further, this control information may specify the degree of coincidence of the chip information to be collated when the collation is OK. For example, this control information specifies that the collation result is OK when the predetermined information included in the chip information matches (partly matches), or all control information included in the chip information The information may specify that the collation result is OK only when the information matches (the authentication level is higher than the partial match described above). Depending on the situation, there may be cases where a very high level of authentication is not required (for example, since authentication has never been performed at the time of new installation, it is necessary to increase the authentication level. Even if the level is low, a certain level of security can be ensured.) Appropriate authentication is performed by setting the authentication level. Note that the collation result may change depending on the level of authentication. When the collation result is changed, the inquiry destination is different in the processing described with reference to FIGS. That is, the control information is information that indirectly designates the inquiry destination.

  With reference to FIG. 23, distribution of control information will be described. For example, an operation to the key management center server 310 by an employee of the key management center 300 (an operation for designating the contents of the control information and an upper server 510 for transmitting the control information (that is, the card unit 20 whose authentication level is to be changed by the control information) ), The control information is stored in the storage unit 312 of the key management center server 310, and the control unit 311 encrypts the control information with the secret key B and transmits it to the upper server 510 ( Step H1). The control unit 511 of the upper server 510 transmits the control information to the CU control unit 21 while being encrypted (step H2). When receiving the control information, the processing unit 21a of the CU control unit 21 transmits the control information to the security chip 22 while being encrypted (step H3). When receiving the control information, the processing unit 22a of the security chip 22 decrypts and holds the control information with the secret key B stored in the storage unit 22b. Thereby, for example, the authentication level is changed (for example, the authentication level is raised, and all information included in the chip information is collated). In this way, by changing the inquiry level from the outside, it is possible to make an inquiry at an appropriate inquiry level according to the situation.

  The control information may be information that directly specifies the inquiry level. For example, when the control information is supplied to the security chip 22, the processing unit 22 a of the security chip 22 always makes an inquiry to the key management center server 310, or when the control information is “1”. The inquiry to the key management center server 310 is always performed, and when the control information is “2”, the normal inquiry as described above may be performed.

(Modification)
The present invention is not limited to the embodiment described above, and various modifications and applications are possible. The modification is illustrated below. The following modifications are applied individually or in combination to the embodiment described above.

(Modification 1)
The playground 500 is not limited to a pachinko parlor, but may be a casino, a game center, or the like. Further, the gaming apparatus is not limited to the pachinko machine 10 but may be any gaming apparatus equipped with one or more integrated circuits such as a slot machine, a game machine, or peripheral devices thereof.

  The slot machine is, for example, after a predetermined number of bets are set for one game on a predetermined game medium, and then the player operates the start lever to start variable display of identification information by the variable display device. When the player operates a stop button provided corresponding to each variable display device, the variable display of identification information is stopped within a predetermined maximum delay time from the operation timing, and all variable displays are performed. When a winning occurs according to the display result derived and displayed when the variable display of the device is stopped, a predetermined game medium predetermined according to the winning is paid out, and a specific winning occurs, a predetermined game state is determined. This is a gaming machine configured to give a player a game value.

  The slot machine is arranged at a predetermined position for each model or the like on the game island in the game hall 500. Similarly to the pachinko machine 10, the slot machine also has a payout control chip 11 (chip that performs a process of paying out game media) and a main control chip 13 (chip that controls the variable display device, controls the effects of the game state, etc.) May be provided. In this case, the present invention can be applied as in the above embodiment. Further, in the slot machine, the effect control chip may be an authentication target like the main control chip 13.

(Modification 2)
The payout control chip 11 and the main control chip 13 may be packaged in one and mounted on the pachinko machine 10.

(Modification 3)
In the above embodiment, the encryption communication is performed using the common key. However, the encryption communication may be communication using a public key and a secret key. In this case, a public key and a secret key are set as appropriate between components that perform encrypted communication. Other encryption methods are arbitrary, and encryption is performed by various methods.

(Modification 4)
Note that the program stored in the storage unit of each device constituting the gaming system 1 may be downloaded via the network N.

(Modification 5)
In addition, at least a part of the control unit and the processing unit of each device constituting the gaming system 1 may be configured by a dedicated circuit for performing at least a part of the above-described processing.

(Modification 6)
It should be noted that the key management center server 310 may total the types of gaming devices installed in each gaming hall 500 and the number corresponding thereto.

(Modification 7)
In the above embodiment, the upper server 510 is interposed between the card unit 20 and the key management center server 310, and information transmitted and received between the card unit 20 and the key management center server 310 is transmitted to the upper server 510. Are being sent and received. However, other servers connected to the upper server 510 may be interposed between the card unit 20 and the key management center server 310 in addition to the upper server 510. A relay system is configured by the upper server and other servers. Information transmitted / received between the card unit 20 and the key management center server 310 is transmitted / received via the relay system. It is assumed that only the upper server 510 constitutes the relay system.

(Modification 8)
The date and time is information in which a control unit or a processing unit in each device refers to a predetermined calendar unit (not shown), acquires the current date and time, and updates the acquired date and time in real time. Also good. For example, in step A6 and step A8, the date and time is registered in the communication control IC writer 610 and SC writer 650, but the communication control IC writer 610 and SC writer 650 may update the date and time in real time. Good. The date and time may be a time unit or a day unit.

(Modification 9)
The encryption key C2 and the secret key B may be registered in the key management center server 310 at an appropriate timing.

(Modification 10)
In the above embodiment, the authentication information C2 is transmitted from the key management center server 310 to the CU control unit 21 via the upper server 510 and used for verification in the CU control unit 21, but as with the chip information, The security chip 22 (or the CU control unit 21) may transmit the authentication information C2 or the like to the key management center server 310, and the key management center server 310 may check the authentication information C2 or the like. In this case, as in the case of the chip information, the collation result, the authentication information C2 and the like are stored in the upper server 510, and the upper server 510 stores the collation result, the authentication information C2 and the like at the time of an authentication inquiry. If so, these may be returned to the security chip 22, and if not stored, the authentication information C 2 may be transmitted to the key management center server 310. Further, as in the case of the chip information, the security chip 22 (or the CU control unit 21) stores the collation result of the collation in the key management center server 310, the authentication information C2 used at that time, and the like. The authentication information C2 to be authenticated is acquired, and the inquiry destination is determined based on the result of the verification between the acquired authentication information C2 and the stored authentication information C2 or the stored verification result. You may decide. Similarly to the authentication information C2, the chip information may be transmitted from the key management center server 310 to the security chip 22 via the upper server 510 and the CU control unit 21, and used by the security chip 22 for verification. Also, the authentication information B2 and the like may be transmitted from the key management center server 310 to the security chip 22 via the upper server 510 and the CU control unit 21, or the security chip 22 sends the authentication information C2 to the key management center. It may be transmitted to the server 310 and the key management center server 310 may collate the authentication information B2. In such a case, it is not necessary to use the collation result collated by the key management center server 310 before.

(Modification 11)
Further, the security chip 22, the main control chip 11 and the payout control chip 13 perform cryptographic authentication, for example, by performing predetermined cryptographic communication via the communication control IC 23, and thereby the security chip 22 and the main control. The chip 11 and the payout control chip 13 may perform mutual authentication.

(Modification 12)
The authentication information A2 may be unique information for each communication control IC 23. The authentication information B2 may be unique information for each security chip 22. The authentication information C1 and the authentication information C2 may be unique information for each substrate 24, respectively. In such a case, a plurality of pieces of authentication information are managed for each communication control IC writer 610 and each SC writer 650.

(Modification 13)
The security chip 22, the communication control IC 23, the SC writer 650, the communication control IC writer 610, and the like may be manufactured by the same manufacturer (for example, the chip manufacturer 600) and shipped to the card unit manufacturer 600.

(Modification 14)
The permission information B may not be encrypted with the secret key A when stored in the storage unit 312 of the key management center server 310 but may be encrypted when transmitted to the upper server 510. For example, in step A2, the control unit 111 of the chip maker computer 110 transmits the secret key A stored in the storage unit 112 together with other information (including the unencrypted permission information B), and the key management center. The control unit 311 of the server 310 stores the received secret key A together with other information in the storage unit 312, and the control unit 311 transmits the permission information B when transmitting the permission information B to the upper server 510 in step A 99. You may encrypt and transmit with the corresponding secret key A.

(Modification 15)
The processing after step A9 may be performed on condition that information permitting the subsequent processing is supplied from the key management center server 310 to the communication control IC writer 610 and the SC writer 650. . In this case, for example, when the information registration in step A6 ends, the control unit 611 of the communication control IC writer 610 transmits the information to the key management center server 310. In addition, when the information registration in step A8 ends, the control unit 651 of the SC writer 650 transmits a message to that effect to the key management center server 310. When the processing unit 311 of the key management center server 310 receives the information registration end information from both the communication control IC writer 610 and the SC writer 650, the processing unit 311 processes each of the communication control IC writer 610 and the SC writer 650. Notify permission of. The communication control IC writer 610 and the SC writer 650 may be able to perform the processing from step A9 on condition that this permission is notified. In particular, the communication control IC writer 610 starts the process of step A9 in response to this permission notification. As described above, unless the authentication of the communication control IC writer 610 and the SC writer 650 is successful at the key management center server 310, the processing after step A9 such as information writing is not permitted. 650 impersonation, information registration end information is transmitted from the fake SC writer 650 to the communication control IC writer 610, and the communication control IC writer 610 starts the process of step A9. Can do. That is, security is improved.

(Modification 16)
The secret key B may be registered in the key management center server 310. In this case, for example, the secret key B is registered before step A7, and information is registered with the SC writer 650 together with other information at step A7. Further, for example, the secret key B is not transmitted in step A18. The secret key B is generated by a method (such as automatic generation) similar to the above. The secret key B may be generated at an appropriate timing based on, for example, an operation (an operation for registering the secret key B) on the key management center server 310 by an employee of the key management center 300.

(Modification 17)
The acquisition of chip information (step B12, step C27, etc.) by the processing unit 23a of the communication control IC 23 may be performed when the operation of the communication control IC 23 is started when the power is turned on (when the card unit 20 is turned on).

(Modification 18)
The key management center server 310 may perform the processing after step C35 only when the collation result is OK in step C34. The key management center server 310 may perform the processing after step C35 only when the collation result is OK in step C34. The collation result supplied to the processing unit 22a of the security chip 22 may not be lost even when the power is turned off only in the case of OK (all OK). In these cases, since the collation result is stored in the storage unit 22b, the collation result stored in the storage unit 22b (for example, the collation in the previous key management center server 310) is OK. .

(Other)
Configuration examples and the like that can be grasped in the above-described embodiments and modifications will be described below. Each configuration described below can be combined with other configurations as appropriate. The following invention is an example of the above-described embodiment and modification, and the embodiment can be changed as appropriate.

(Other 1)
(1) A first control device (for example, a communication process (for example, communication with the pachinko machine 10 (step C27)) mounted on a predetermined gaming device (for example, the card unit 20 or the like) (for example, the card unit 20 or the like) A second control device (such as a communication control IC 23) and a process different from the predetermined process (for example, a process for requesting authentication of the main control chip 13 mounted on the pachinko machine 10 (step C31)). For example, a security chip 22 or the like) and a writing system (for example, a gaming system 1 or the like) for writing information to each of them,
A first writing device (for example, a communication control IC writer 610) for writing information to the first control device;
A second writing device (for example, a security chip writer 650) for writing information to the second control device,
The first writing device is a reading unit that reads predetermined information (for example, authentication information A2 or the like) recorded in advance in the first control device (for example, a control unit that reads the authentication information A2 in step A10). 611) and transmission means for transmitting the predetermined information read by the reading means to the second writing device (for example, a control unit 611 for transmitting authentication information A2 in step A11),
The second writing device writes the predetermined information transmitted from the transmitting device to the second control device (for example, the control unit 651 that writes the authentication information A2 in step A16). Comprising
A writing system characterized by that.

  According to the above configuration, since it is not necessary to read and write information to and from the two control devices by one device, the risk of information leakage can be reduced.

(2) A first control device (e.g., a communication process (e.g., communication with the pachinko machine 10 (e.g., step C27)) mounted on a predetermined gaming device (e.g., the card unit 20). A writing device (for example, a communication control IC writer 610) that writes information to the communication control IC 23)
Reading means (for example, a control unit 611 for reading authentication information A2 in step A10) for reading predetermined information (for example, authentication information A2) recorded in advance in the first control device;
Second processing for performing processing different from the predetermined processing (for example, processing for requesting authentication of the main control chip 13 and the like mounted on the pachinko machine 10 (step C31)) on the predetermined information read by the reading unit Transmitting means (for example, authentication information A2 is transmitted in step A11) for transmitting to other writing devices (for example, security chip writer 650) for writing information to the control device (for example, security chip 22). Control unit 611 and the like),
A writing device characterized by that.

  According to the above configuration, since it is not necessary to read and write information to and from the two control devices by one device, the risk of information leakage can be reduced.

(3) Predetermined processing (for example, processing for requesting authentication of the main control chip 13 mounted on the pachinko machine 10 (step C31), etc. mounted on a predetermined gaming device (for example, the card unit 20) A writing device (e.g., security chip writer 650) that writes information to a second control device (e.g., security chip 22).
Other writing devices that write information to a first control device (for example, communication control IC 23) that performs processing different from the predetermined processing (for example, communication processing with the pachinko machine 10 (step C27), etc.) , A communication control IC writer 610) reads and transmits from the first control device, and obtains predetermined information (for example, authentication information A2) recorded in advance in the first control device. (For example, the control unit 651 that receives the authentication information A2 in step A11);
Writing means for writing the predetermined information acquired by the previous acquisition means to the second control device (for example, a control unit 651 for writing the authentication information A2 in step A16),
A writing device characterized by that.

  According to the above configuration, since it is not necessary to read and write information to and from the two control devices by one device, the risk of information leakage can be reduced.

(4) In the writing system or writing device according to any one of (1) to (3) above,
The predetermined information is first authentication information (for example, authentication information A2) for authenticating the first control device,
The second control device includes an acquisition unit that acquires the first authentication information from the first control device (for example, the processing unit 22a that acquires the authentication information A2 in step C21), and the acquisition unit. First authentication for authenticating the first control device based on the first authentication information acquired by and the first authentication information written by the writing means of the second writing device Means (for example, the processing unit 22a that performs verification of the authentication information A2 in step C21),
You may do it.

  According to the above configuration, it is not necessary for the second writing device to read the first authentication information for authenticating the first control device, and the risk of leakage of important information as authentication information can be reduced.

(5) In the writing system of (1) above,
Second authentication information (for example, authentication information A1) is acquired from the first writing device, and the first writing device is authenticated based on the acquired second authentication information. 2 authentication means (for example, the control unit 311 that performs collation in step A5) and third authentication information (for example, authentication information B1) from the second writing device, and the acquired second A third authentication unit that authenticates the second writing device based on the authentication information (for example, a control unit 311 that performs collation in step A7).
You may do it.

  Since the authentication can detect the replacement of the first writing device and the second writing device, the risk of information leakage can be reduced.

(6) In the writing system or writing device according to any one of (1) to (5) above,
The first writing device and the second writing device can communicate with each other and perform mutual authentication using predetermined authentication information (for example, authentication information A1 and authentication information B1). Yes (see variation)
You may do it.

  Since the authentication can detect the replacement of the first writing device and the second writing device, the risk of information leakage can be reduced.

(7) In the writing system or writing device according to any one of (1) to (6) above,
The first control device and the second control device are manufactured by different manufacturers,
The first writing device and the first control device are manufactured by the same manufacturer.

  According to the above configuration, since the first writing device and the first control device are manufactured by the same manufacturer, the first writing device has other functions such as reading and writing information from the first control device. The risk of information leakage can be reduced.

(Other 2)
(1) A first control unit (for example, security chip 22) that performs predetermined processing and a second control unit that can perform encrypted communication with the first control unit (for example, communication that performs encrypted communication after step C24) A control IC 23), and a gaming device (for example, a card unit, etc.) comprising at least the first control unit,
The first control unit generates first information generating means (for example, encryption information A2 from the update information in step C16) based on predetermined information (for example, update information, etc.). The processing unit 22a) and the second control unit to generate a key (for example, the encryption key A2) used in the encryption communication (for example, generate the encryption information A2 from the update information in step C19). Transmission means for transmitting the predetermined information to the second control unit (e.g., a processing unit 22a for transmitting update information in step C18),
The predetermined information is information supplied to the first control unit from the outside of the first control unit (for example, the key management center server 310) (for example, transmitted in steps C10, C11, and C15). Update information),
A gaming device characterized by that.

  According to the above configuration, since predetermined information as a key generation basis is supplied from the outside, what kind of key is generated only by analyzing the first control unit and the second control unit Since it is difficult to analyze, the risk of leakage of keys used in cryptographic communication can be reduced.

(2) The gaming system
(1) the gaming device;
A supply device (for example, the key management center server 310) that supplies the predetermined information from the outside of the gaming device;
It is characterized by providing.

  According to the above configuration, since the predetermined information that is the basis for generating the key is supplied from the outside by the supply device, what kind of key is generated simply by analyzing the first control unit and the second control unit Since it is difficult to analyze, it is possible to reduce the risk of leakage of keys used in encrypted communication.

(3) In the gaming device or gaming system of (1) or (2) above,
The predetermined information is relayed from the outside to a predetermined device (for example, the CU control unit 21 and the upper server 510) in an encrypted state and supplied to the first control unit (for example, The CU control unit 21 and the upper server 510 cannot decrypt the update information),
The first control unit includes a decryption unit (for example, a processing unit 22a for decrypting update information in step C16) that decrypts the predetermined information using a decryption key stored in advance.
You may do it.

  According to the above configuration, since the predetermined information is not decrypted by the predetermined device that relays the predetermined information, it is possible to reduce the risk of leakage of the key used in the encryption communication due to the leakage of the predetermined information.

(Other 3)
(1) A gaming device (for example, a card unit 20 or the like) including an authentication control unit (for example, a security chip 22 or the like) that authenticates a predetermined device (for example, the payout control chip 11 or the like),
The predetermined device is mounted on the gaming device or other gaming device (pachinko machine 10),
The authentication control unit
Storage means for storing identification information of the predetermined device (for example, a storage unit 22b for storing chip information);
Authentication means (for example, authenticating the predetermined apparatus based on the acquired identification information and the identification information stored in the storage means, acquiring the identification information of the predetermined apparatus transmitted by the predetermined apparatus) A processing unit 22a) for collating the chip information transmitted in step C29;
If the authentication by the authentication unit is unsuccessful, the identification information transmitted by the predetermined device is sent to an authentication device that authenticates the predetermined device (for example, the upper server 510, the key management center server 310, etc.). An inquiry means (for example, collation) that sends an inquiry to the authentication apparatus for the authentication of the predetermined apparatus based on the identification information, and does not make the inquiry if the authentication by the authentication means is successful. Depending on the result, the processing unit 22a) which performs the processing of step E6 or the processing of steps G5 and G6,
A gaming device characterized by that.

  According to the above configuration, when the authentication by the authentication unit is successful, the authentication inquiry is not performed. When the authentication fails, the authentication unit is inquired for authentication. Since the inquiry to the authentication apparatus when the inquiry to the authentication apparatus is unnecessary is prevented, it is possible to make an appropriate inquiry according to the situation.

(2) An authentication control unit (for example, the security chip 22, etc., which may be the CU control unit 21) for authenticating a predetermined apparatus (for example, the CU control unit 21, etc., which may be the security chip 22). A gaming device (e.g., a card unit 20) comprising:
The predetermined device is mounted on the gaming device or other gaming device (pachinko machine 10),
The authentication control unit
Storage means for storing identification information (for example, authentication information C1) for the predetermined device and authentication information (for example, encryption key C2) for authenticating the predetermined device (if held) Including)
Authentication means that performs communication using the authentication information with the predetermined device and authenticates the predetermined device based on the communication status (whether encrypted communication can be performed) (for example, the encryption key C2 is obtained in step D9) And the processing unit 22a for specifying the case where the encrypted communication cannot be performed, or the processing unit 21a).
When the authentication by the authentication unit fails, the identification information stored in the storage unit is transmitted to an authentication device that authenticates the predetermined device (for example, the upper server 510, the key management center server 310, etc.). An inquiry unit (for example, an encryption key) that makes an inquiry about authentication of the predetermined device based on the identification information to the authentication device and does not make the inquiry when the authentication unit succeeds in authentication. The processing unit 22a that shifts to the first mode when encryption communication cannot be performed using C2, etc. The processing unit 21a that transmits authentication information C1 and the like to the key management center server 310 in step C8 and the like. It is also possible to have
A gaming device characterized by that.

  According to the above configuration, when the authentication by the authentication unit is successful, the authentication inquiry is not performed. When the authentication fails, the authentication unit is inquired for authentication. Since the inquiry to the authentication apparatus when the inquiry to the authentication apparatus is unnecessary is prevented, it is possible to make an appropriate inquiry according to the situation.

(3) The gaming system
A gaming device described in (1) or (2) above;
A gaming system comprising an authentication device,
The gaming device transmits the identification information to the authentication device, and makes an inquiry to the authentication device for authentication of the predetermined device based on the identification information.
It is characterized by that.

  According to the above configuration, when the authentication by the authentication unit is successful, the authentication inquiry is not performed. When the authentication fails, the authentication unit is inquired for authentication. Since the inquiry to the authentication apparatus when the inquiry to the authentication apparatus is unnecessary is prevented, it is possible to make an appropriate inquiry according to the situation.

(4) In the gaming apparatus or gaming system according to any one of (1) to (3) above,
The identification information transmitted to the authentication device is transmitted to the authentication device via a predetermined intermediate device (for example, the upper server 510).
When the authentication by the authentication unit is a failure due to the fact that the identification information is not stored in the storage unit, the inquiry unit authenticates the predetermined device to the predetermined intermediate device (for example, To determine whether or not the chip information is stored, see step F8) (see, for example, steps F5 and F6),
You may do it.

  According to the above configuration, since an inquiry for authentication can be made to the intermediate apparatus according to the content of the authentication failure, an appropriate inquiry according to the situation can be made.

(5) In the gaming apparatus or gaming system according to any of (1) to (4) above,
In the case where level specifying information (for example, control information) specifying the level of authentication by the authentication unit is supplied from the authentication device, the inquiry unit performs authentication of the authentication unit according to the authentication level. The identification information is transmitted to the inquiry destination specified based on the result, and an inquiry for authentication of the predetermined device is performed based on the identification information (see, for example, steps H1 to H3).
You may do it.

  According to the above configuration, since the inquiry destination can be adjusted by designation from the outside, an appropriate inquiry is made according to the situation.

(6) In the gaming apparatus or gaming system according to any one of (1) to (5) above,
The identification information transmitted to the authentication device is encrypted by the inquiry means, transmitted to the authentication device via a predetermined intermediate device in an encrypted state, and decrypted by the authentication device ( For example, see steps C31 to C33),
You may do it.

  According to the above configuration, since the identification information remains encrypted in the intermediate device, the risk of leakage of the identification information can be reduced.

(7) In the gaming apparatus or gaming system according to any one of (1) to (6) above,
The identification information stored in the storage means has the same content as the identification information stored in the authentication device (eg, chip information is stored in the case of collation OK in step C37).
You may do it.

  According to the above configuration, it is ensured that the identification information stored in the storage unit is legitimate, so that the accuracy of authentication using the identification information can be ensured.

(Other 4)
(1) A game device installed in a game hall (for example, a game room 500) having an authentication control unit (for example, a security chip 22) for authenticating a predetermined device (for example, the payout control chip 11). (For example, the card unit 20),
An authentication device (eg, key management center server 310) installed outside the game arcade for authenticating the predetermined device;
A gaming system (for example, gaming system 1 or the like) comprising:
The predetermined device is mounted on the gaming device or other gaming device (pachinko machine 10),
The authentication control unit acquires storage means for storing identification information for identifying the predetermined device (for example, a storage unit 22b for storing chip information), and identification information for the predetermined device transmitted by the predetermined device. And authentication means for authenticating the predetermined device based on the acquired identification information and the identification information stored in the storage means (for example, the processing unit 22a for checking the chip information transmitted in step C29), Inquiry means for transmitting the identification information transmitted by a predetermined device to the authentication device, and inquiring the authentication device for authentication of the predetermined device based on the identification information (for example, according to a matching result) And a processing unit 22a) that performs processing of steps G5 and G6,
The authentication device includes a supply unit (for example, see steps H1 to H3) for supplying control information (for example, control information) for controlling the inquiry unit to the authentication control unit,
The inquiry means determines whether or not to make the inquiry according to the content of the control information (see, for example, step H3).
A gaming device characterized by that.

  According to the above configuration, whether or not there is an inquiry is determined according to the content of the control information from the authentication device, so that an appropriate inquiry according to the situation can be made.

(2) An authentication control unit (for example, the security chip 22, etc., which may be the CU control unit 21) for authenticating a predetermined apparatus (for example, the CU control unit 21, etc., which may be the security chip 22). A gaming device (e.g., card unit 20) installed in a gaming hall (e.g., gaming hall 500), and
An authentication device (eg, key management center server 310) installed outside the game arcade for authenticating the predetermined device;
A gaming system (for example, gaming system 1 or the like) comprising:
The predetermined device is mounted on the gaming device or other gaming device (pachinko machine 10),
The said authentication control part is memory | storage which memorize | stores the identification information (for example, information C1 for authentication) which identifies the said predetermined apparatus, and the information for authentication (for example, encryption key C2) for authenticating the said predetermined apparatus Communication with means (for example, the storage unit 22b or the processing unit 22b. The storage unit 21a or the storage unit 12b may be used) and the predetermined device and the authentication information is performed, and based on the communication status Authentication means for authenticating the predetermined device (for example, the processing unit 22a for specifying the case where encryption communication cannot be performed using the encryption key C2 in step D9, etc., may be the processing unit 21a), and the storage. Inquiry means (for example, encryption key C2) that transmits the identification information stored in the means to the authentication device and inquires the authentication device for authentication of the predetermined device based on the identification information. The processing unit 22a that shifts to the first mode when encryption communication cannot be performed using the processing unit 21a, etc. The processing unit 21a that transmits the authentication information C1 or the like to the key management center server 310 in step C8 or the like And)
The authentication device includes a supply unit (for example, see steps H1 to H3) for supplying control information (for example, control information) for controlling the inquiry unit to the authentication control unit,
The inquiry means determines whether to make the inquiry according to the content of the control information (for example, see step H3).
A gaming system characterized by that.

  According to the above configuration, whether or not there is an inquiry is determined according to the content of the control information from the authentication device, so that an appropriate inquiry according to the situation can be made.

(3) A gaming device installed in a game hall (for example, game room 500) having an authentication control unit (for example, security chip 22) for authenticating a predetermined device (for example, payout control chip 11). (For example, the card unit 20),
The predetermined device is mounted on the gaming device or other gaming device (pachinko machine 10),
The authentication control unit acquires storage means for storing identification information for identifying the predetermined device (for example, a storage unit 22b for storing chip information), and identification information for the predetermined device transmitted by the predetermined device. And authentication means for authenticating the predetermined device based on the acquired identification information and the identification information stored in the storage means (for example, the processing unit 22a for checking the chip information transmitted in step C29), The identification information transmitted by a predetermined device is transmitted to an authentication device (eg, key management center server 310) installed outside the game hall that authenticates the predetermined device, and is sent to the authentication device. Inquiry means for making an inquiry for authentication of the predetermined device based on the identification information (for example, the processing unit 22a for performing the processes of steps G5 and G6 according to the matching result) Has,
The authentication device includes a supply unit (for example, see steps H1 to H3) for supplying control information (for example, control information) for controlling the inquiry unit to the authentication control unit,
The inquiry means determines whether or not to make the inquiry according to the content of the control information (see, for example, step H3).
A gaming device characterized by that.

  According to the above configuration, whether or not there is an inquiry is determined according to the content of the control information from the authentication device, so that an appropriate inquiry according to the situation can be made.

(4) A gaming device installed in a game hall (for example, game room 500) having an authentication control unit (for example, security chip 22) for authenticating a predetermined device (for example, CU control unit 21). (For example, the card unit 20),
The predetermined device is mounted on the gaming device or other gaming device (pachinko machine 10),
The said authentication control part is memory | storage which memorize | stores the identification information (for example, information C1 for authentication) which identifies the said predetermined apparatus, and the information for authentication (for example, encryption key C2) for authenticating the said predetermined apparatus Authentication means (for example, using the encryption key C2 in step D9) that communicates with the means (storage unit 22b) using the authentication information with the predetermined device and authenticates the predetermined device based on the communication status And a processing unit 22a) for specifying a case where encrypted communication cannot be performed, and the identification information stored in the storage means, authenticating the predetermined device, an authentication device (for example, a key management center) installed outside the game hall Inquiry means (for example, encryption communication using the encryption key C2) that transmits to the authentication device and inquires the authentication device for authentication of the predetermined device based on the identification information. If not possible, have a handle portion 22a) moves to the first mode, and
The authentication device includes a supply unit (for example, see steps H1 to H3) for supplying control information (for example, control information) for controlling the inquiry unit to the authentication control unit,
The inquiry means determines whether to make the inquiry according to the content of the control information (for example, see step H3).
A gaming device characterized by that.

  According to the above configuration, whether or not there is an inquiry is determined according to the content of the control information from the authentication device, so that an appropriate inquiry according to the situation can be made.

(5) In the gaming system or gaming device according to any one of (1) to (4) above,
The inquiry means specifies whether to make the inquiry based on the content of the control information and the result of authentication by the authentication means (for example, see step H3).
You may do it.

  According to the above configuration, since the inquiry is made based on the content of the control information and the result of authentication by the authentication means, it is possible to make an appropriate inquiry according to the situation.

(6) In the gaming system or gaming device according to any one of (1) to (5) above,
The identification information transmitted to the external device is encrypted by the inquiry means, transmitted to the external device via a predetermined intermediate device in an encrypted state, and decrypted by the external device To be
You may do it.

  According to the above configuration, since the identification information remains encrypted in the intermediate device, the risk of leakage of the identification information can be reduced.

(Other 5)
(1) A game device installed in a game hall (for example, a game room 500) having an authentication control unit (for example, a security chip 22) for authenticating a predetermined device (for example, the payout control chip 11). (For example, the card unit 20),
An in-ground device (for example, the host server 510) installed in the game hall;
An authentication device (eg, key management center server 310) installed outside the game hall;
A gaming system (for example, gaming system 1 or the like) comprising:
The authentication control unit includes a first storage unit that stores identification information for identifying the predetermined device (for example, a storage unit 22b that stores chip information), and an identification of the predetermined device transmitted by the predetermined device. The predetermined device based on acquisition means for acquiring information (for example, the processing unit 22a for acquiring chip information in step C29), the identification information acquired by the acquisition means, and the identification information stored in the storage means The first authentication means for performing authentication (for example, the processing unit 22a that performs the verification using the chip information acquired in step C29) and the first storage means when the identification information is not stored. First transmitting means for transmitting the identification information acquired by the acquiring means (for example, the processing unit 22a for transmitting the chip information in step C31),
The in-field device includes second transmission means for transmitting the identification information transmitted from the first transmission means (for example, a control unit 511 for transmitting chip information in step C33).
The authentication device includes a storage unit (for example, the storage unit 312) that stores the identification information of the predetermined device in advance, the identification information stored by the storage unit, and the identification information transmitted by the second transmission unit. Based on the second authentication means for authenticating the predetermined device (for example, the control unit 311 for performing collation in step C34) and the supply for supplying the authentication result by the second authentication means to the on-site device Means (for example, the control unit 311 for transmitting the collation result in step C35),
The on-site device includes second storage means (for example, a storage unit 512) that stores the authentication result supplied from the supply means together with the identification information,
When the second storage unit stores the authentication result corresponding to the identification information transmitted by the first transmission unit, the second transmission unit stores the identification information in the authentication device. Without transmitting, the authentication result is transmitted to the authentication control unit (for example, refer to the processing after step F8).
A gaming system characterized by that.

  According to the above configuration, the authentication place can be divided into the game hall inside and outside depending on the collation result and the storage status of the chip information, for example, even when another gaming device has moved to another place, The authentication of the predetermined device can be performed by authentication in the game hall, and appropriate authentication according to the situation can be performed.

(2) A gaming device installed in a game hall (for example, game room 500) having an authentication control unit (for example, security chip 22) for authenticating a predetermined device (for example, payout control chip 11). (For example, the card unit 20),
The authentication control unit
Storage means for storing identification information for identifying the predetermined device (for example, a storage unit 22b for storing chip information);
Acquisition means for acquiring identification information of the predetermined device transmitted by the predetermined device (for example, the processing unit 22a for acquiring chip information in step C29);
Authentication means for authenticating the predetermined device based on the identification information acquired by the acquisition means and the identification information stored by the storage means (for example, a process for performing verification using the chip information acquired in step C29) Part 22a),
Transmitting means for transmitting the identification information acquired by the acquisition means when the storage means does not store the identification information (for example, the processing unit 22a for transmitting chip information in step C31);
An authentication result (for example, a verification result) based on the identification information transmitted by the transmission unit is changed from an authentication device installed outside the game hall that performs the authentication to an in-ground device (for example, Or the higher level server 510) (steps C35 to C37b, etc.) or, if the in-field device stores the authentication result, the in-field device (steps F9 to F10, etc.) receiving means ( For example, the processing unit 22a and the like)
A gaming device characterized by that.

  According to the above configuration, the authentication place can be divided into the game hall inside and outside depending on the collation result and the storage status of the chip information, for example, even when another gaming device has moved to another place, The authentication of the predetermined device can be performed by authentication in the game hall, and appropriate authentication according to the situation can be performed.

(3) In the gaming system or gaming device of (1) or (2) above,
The first transmitting means encrypts and transmits the identification information (for example, the chip information is encrypted and transmitted in step C31).
The second transmission means transmits the identification information in an encrypted state (for example, the chip information transmitted in step C33 remains encrypted)
The second authentication unit performs the authentication after decrypting the identification information transmitted from the second transmission unit (for example, the chip information transmitted in step C33 remains encrypted).
The supply means encrypts and supplies the authentication result (for example, refer to collation in step C34),
The second storage means stores the authentication result as encrypted (for example, the verification result transmitted in step C35 is stored as encrypted),
The second transmission means transmits the authentication result in an encrypted state (for example, the verification result transmitted in step C36 remains encrypted),
The authentication control unit includes second acquisition means for decoding and acquiring the authentication result transmitted by the second transmission means (for example, decoding the collation result transmitted in step C37).
You may do it.

  According to the above configuration, since the identification information remains encrypted in the on-site device, the risk of leakage of the identification information can be reduced.

(4) In the gaming system or gaming device according to any of (1) to (3) above,
The first transmission unit transmits the identification information to the authentication device when the identification information is stored in the first storage unit and the authentication by the first authentication unit fails. (E.g., see steps G5 and G6)
The second transmission means, when the first transmission means transmits the identification information together with the instruction, the identification regardless of whether the authentication result is stored in the second storage means. Sending information to the authentication device (see eg step G8);
The second authentication unit performs the authentication based on the identification information transmitted by the second transmission unit (see, for example, step C34).
You may do it.

  According to the above configuration, when the identification information is stored in the first storage unit and the authentication by the first authentication unit fails, the authentication is performed by the authentication device outside the game hall. Appropriate authentication can be performed.

1 Game system
10 Pachinko machine
11 Dispensing control chip
11a processing unit
11b storage unit
11c communication unit
13 Main control chip
13a processing unit
13b storage unit
13c Communication Department
20 card unit
21 CU control unit
21a Processing unit
21b storage unit
21c Communication Department
22 Security chip
22a Processing unit
22b storage unit
22c Communication Department
23 Communication control IC
23a Processing unit
23b storage unit
23c Communication Department
100 chip makers
110 Chipmaker computer
111 Control unit
112 Storage unit
113 Input / output section
114 System bus
300 Key Management Center
310 Key management center server
311 Control unit
312 storage unit
313 Input / output unit
314 System bus
500 playground
510 Host server
511 control unit
512 storage unit
513 I / O section
514 System bus
600 card unit manufacturer
610 Lighter for communication control IC
611 control unit
612 storage unit
613 Input / output unit
614 System bus
615 Writing / reading unit
650 Security chip lighter
651 control unit
652 Storage unit
653 I / O section
654 System bus
655 writing / reading unit

Claims (4)

A gaming device comprising an authentication control unit for authenticating a predetermined device,
The predetermined device is mounted on the gaming device or other gaming device,
The authentication control unit
Storage means for storing identification information of the predetermined device;
Authentication means for acquiring identification information of the predetermined apparatus transmitted by the predetermined apparatus, and authenticating the predetermined apparatus based on the acquired identification information and the identification information stored in the storage means;
If the authentication by the authentication unit is unsuccessful, the identification information transmitted by the predetermined device is transmitted to an authentication device that authenticates the predetermined device, and is based on the identification information to the authentication device. the authenticate query given device, if the authentication by the authentication unit was successful, not performed the inquiry, have a, a query means,
The identification information transmitted by the inquiry means is performed to the authentication device via a predetermined intermediate device capable of authenticating the predetermined device,
The inquiry unit makes an inquiry for authentication of the predetermined device based on the identification information to the intermediate device instead of the authentication device according to the content of the authentication failure by the authentication unit.
A gaming device characterized by that. The inquiry means inquires about authentication of the predetermined device based on identification information corresponding to the authentication level when level specification information for specifying an authentication level by the authentication means is supplied.
The gaming device according to claim 1, wherein: A gaming device according to claim 1 or 2,
A gaming system comprising the authentication device,
The gaming device transmits the identification information to the authentication device, and makes an inquiry to the authentication device for authentication of the predetermined device based on the identification information.
A gaming system characterized by that. An authentication control device that is mounted on a gaming device and authenticates a predetermined device mounted on the gaming device or another gaming device,
Storage means for storing identification information of the predetermined device;
Authentication means for acquiring identification information of the predetermined apparatus transmitted by the predetermined apparatus, and authenticating the predetermined apparatus based on the acquired identification information and the identification information stored in the storage means;
If the authentication by the authentication unit is unsuccessful, the identification information transmitted by the predetermined device is transmitted to an authentication device that authenticates the predetermined device, and is based on the identification information to the authentication device. Inquiry about authentication of the predetermined device, and if the authentication by the authentication means is successful, the inquiry means does not make the inquiry, and
The identification information transmitted by the inquiry means is performed to the authentication device via a predetermined intermediate device capable of authenticating the predetermined device,
The inquiry unit makes an inquiry for authentication of the predetermined device based on the identification information to the intermediate device instead of the authentication device according to the content of the authentication failure by the authentication unit.
An authentication control apparatus characterized by that.

Images