JP5710338B2 - Management system and game device - Google Patents

Description

  The present invention relates to a management system and a gaming apparatus for managing an integrated circuit used in a gaming apparatus.

  Examples of the gaming device include gaming machines such as pachinko machines, pachislot machines, card game machines, and peripheral devices (card units, etc.) installed and used together with the gaming machines. Such a gaming apparatus is equipped with an integrated circuit such as an IC chip for controlling the operation of the gaming apparatus. Such an integrated circuit of a gaming device may be replaced with an integrated circuit (an unauthorized integrated circuit) that causes the gaming device to perform an illegal operation, for example.

  As a countermeasure against the replacement of the integrated circuit as described above, Patent Document 1 discloses that the card unit stores the chip ID stored in the main board of the pachinko machine from the corresponding pachinko machine via the existing display data signal line. The acquired chip ID is transmitted to the center management apparatus via the on-site management apparatus, and the center management apparatus transmits a normal chip ID in which the chip ID transmitted from the card unit is stored in advance. A technique for verifying whether or not they match is disclosed. The regular chip ID is supplied from a gaming machine manufacturer that manufactures pachinko machines.

  In such a technique, it is possible to detect that the main control board has been replaced, that is, that an integrated circuit such as an IC chip has been replaced, by checking the chip ID.

JP 2010-162425 A

  By the way, the integrated circuit mounted on the gaming device is manufactured by an integrated circuit manufacturer, and the manufactured integrated circuit is shipped to the gaming device manufacturer. A gaming device manufacturer mounts an integrated circuit shipped from an integrated circuit manufacturer on a board or the like of the gaming device to manufacture a gaming device. The manufactured gaming device is installed and operated in a game arcade.

  Considering these facts, the game is performed after the integrated circuit is shipped from the integrated circuit manufacturer and before the game device is delivered to the game device manufacturer, or after the game device is shipped from the game device manufacturer. The integrated circuit is exposed to an opportunity to be fraudulent by a third party, for example, before being delivered to the site. As such fraud, a third party may actually operate the integrated circuit and, for example, act to analyze this operation.

  However, in the technique of the above-mentioned Patent Document 1, improperness before the gaming device is installed in the game hall as described above is not taken into consideration, and the security is not sufficient.

  The present invention has been made based on such a background, and an object of the present invention is to provide a management system and a gaming apparatus with improved security against fraud.

(1) In order to achieve the above object, the management system of the present invention provides:
A game device (for example, card unit 20) installed in a game hall (for example, game room 500) equipped with an integrated circuit (for example, communication control IC 23) storing its identification information (for example, communication control serial ID). )When,
A first management device (for example, key management center server 310) installed outside the game arcade that stores the identification information of the integrated circuit as verification information;
A second management device (for example, an upper level) installed in the game hall that stores permission information (for example, a valid key) that allows the integrated circuit to perform a predetermined process by being set in the integrated circuit. Server 510);
With
The gaming device and the second management device are communicably connected in the game hall,
The management system collates the collation information stored in the first management device with the identification information stored in the integrated circuit (see the process of collating the communication control serial ID in step E13). With
The gaming device includes a first acquisition unit that acquires the permission information from the second management device (for example, refer to a process in which the permission information is distributed from the upper server 510 in step E2), and the collation unit includes the verification unit Setting means for setting the permission information acquired by the first acquisition means in the integrated circuit when it is determined that the verification information and the identification information identify the same integrated circuit (for example, effective key setting in step E16) Reference).

  According to the above configuration, permission information is set in the integrated circuit when it is determined in the verification by the verification means that the verification information and the identification information identify the same integrated circuit. If it is determined that the matching information and the identification information identify the same integrated circuit, the integrated circuit is not replaced. In other words, the integrated circuit from which such a verification result is obtained is a genuine product. For this reason, in the above management system, after the gaming device is installed in the amusement hall, permission information is set in the genuine integrated circuit, and the integrated circuit does not perform predetermined processing until the permission information is set. Can be done. Therefore, according to the management system, security against fraud can be improved.

(2) In order to achieve the above object, the gaming device of the present invention is, for example, a gaming device provided in the management system of (1),
A gaming device (for example, card unit 20) installed in a game hall (game room 500) equipped with an integrated circuit (communication control IC 23) storing its own identification information (for example, communication control serial ID). ,
It is possible to communicate with a first management device (for example, key management center server 310) installed outside the game hall that stores the identification information of the integrated circuit as verification information (for example, a card) The unit 20 and the key management center server 310 are communicated via the host server 510), and
A second management device (for example, an upper level) installed in the game hall that stores permission information (for example, a valid key) that allows the integrated circuit to perform a predetermined process by being set in the integrated circuit. Communication with the server 510) after the game hall is installed,
A collating unit that communicates with the first management device and collates the verification information stored in the first management device with the identification information stored in the integrated circuit (for example, a communication control serial ID in step E13). ), And
First acquisition means for acquiring the permission information from the second management device (for example, refer to the process in which the permission information is distributed from the upper server 510 in step E2);
Setting means for setting the permission information acquired by the first acquisition means in the integrated circuit when the verification information and the identification information identify the same integrated circuit as a result of verification by the verification means ( For example, refer to the setting of the effective key in step E16),
Is provided.

  According to the said structure, the security with respect to fraud can be improved similarly to said (1) management system.

(3) In order to achieve the above object, the program of the present invention causes, for example, a computer constituting the gaming device of (2) to function as the following means. And this program
It is installed in a game hall (game room 500) equipped with an integrated circuit (communication control IC 23) storing its own identification information (for example, communication control serial ID),
It is possible to communicate with a first management device (for example, key management center server 310) installed outside the game hall that stores the identification information of the integrated circuit as verification information (for example, a card) The unit 20 and the key management center server 310 are communicated via the host server 510),
A second management device (for example, an upper level) installed in the game hall that stores permission information (for example, a valid key) that allows the integrated circuit to perform a predetermined process by being set in the integrated circuit. Can communicate with the server 510) after the game hall is installed,
Computer
A collating unit that communicates with the first management device and collates the verification information stored in the first management device with the identification information stored in the integrated circuit (for example, a communication control serial ID in step E13). )
First acquisition means for acquiring the permission information from the second management device (for example, see the process in which the permission information is distributed from the upper server 510 in step E2);
Setting means for setting the permission information acquired by the first acquisition means in the integrated circuit when the verification information and the identification information identify the same integrated circuit as a result of verification by the verification means ( For example, refer to the setting of the effective key in step E16),
To function as.

  According to the said structure, the security with respect to fraud can be improved similarly to said (1) management system.

(4) Moreover, the management system of the above (1) is, for example,
A first output device (for example, a chip maker computer 110) of an integrated circuit manufacturer that manufactures the integrated circuit, which outputs identification information stored in the integrated circuit to the first management device;
The gaming apparatus, which is information relating to the gaming apparatus and outputs apparatus information (for example, shipping information) including identification information of the integrated circuit mounted on the gaming apparatus to the first management apparatus. A second output device (for example, an IC writer 610) of a gaming device manufacturer that manufactures
The verification information stored in the first management device is an integrated circuit in which the identification information output from the first output device and the identification information included in the device information output from the second output device are the same. The information stored by the first management apparatus when it is identified (for example, refer to the process for verifying the communication control serial ID in step B15) (for example, refer to the process for registering shipping information in step B16). .

  According to the above configuration, when the identification information output from the integrated circuit manufacturer and the identification information output from the gaming device manufacturer identify the same integrated circuit, the verification information is recorded in the first management device. Therefore, it is ensured that the verification information is identification information about the genuine integrated circuit. For this reason, the security against fraud can be improved by the management system.

(5) In the management system of (1) or (4), for example,
The second management device (for example, the upper server 510) acquires and stores the permission information (for example, effective key) in an encrypted state (for example, acquires the effective key distributed in step C1). Process)
The gaming device further includes decryption key storage means for storing in advance a decryption key (for example, a write key) for decrypting the encrypted permission information,
The first acquisition means acquires the permission information from the second management device in an encrypted state (for example, see the process for acquiring the effective key distributed in step E2),
The setting unit may decrypt the encrypted permission information acquired by the acquisition unit, and set the decrypted permission information in the integrated circuit (for example, the valid key distributed in step E16). (See the process of decrypting and registering).

  According to the above configuration, since the permission information is in an encrypted state until it is set in the integrated circuit, even if the permission information leaks on the communication path of the management system, the permission information is not easily abused. For this reason, the security about permission information is also ensured.

(6) In the management system of any one of (1), (4) to (5), for example,
The gaming device (for example, the card unit 20) includes the first acquisition unit and the verification unit, and a control unit (for example, a main control unit) that can communicate with the integrated circuit (for example, the communication control IC 23). 21),
The integrated circuit includes the setting unit,
The control unit includes an identification information storage unit (for example, a storage unit 21b) that stores the identification information of the integrated circuit in advance, and a second acquisition unit that acquires the identification information stored in the integrated circuit from the integrated circuit ( For example, in the communication control serial ID matching process in step E13, the main control unit 21 further includes a process of acquiring the communication control serial ID from the communication control IC).
The collation means obtains the collation information and collates the obtained collation information with the identification information of the integrated circuit obtained by the second acquisition means and the identification information stored in the identification information storage means. Then, when all the identification information identifies the same integrated circuit, the permission information acquired by the first acquisition means is supplied to the integrated circuit (for example, see the process of setting an effective key in step E16). ,
The setting means may set the permission information in the integrated circuit by acquiring and storing the permission information supplied by the collating means (for example, setting the valid key distributed in step E16) Processing).

  According to the above configuration, the replacement of the integrated circuit can be detected with high accuracy by the verification.

(7) In the management system of any of (1), (4) to (6) above,
When the collation information cannot be obtained (for example, when the information cannot be obtained in step F4), the identification information of the integrated circuit obtained by the second acquisition means, and the identification When the identification information stored in the information storage means is collated and both identification information identifies the same integrated circuit, the permission information acquired by the second acquisition means is supplied to the integrated circuit (for example, (Refer to the process of distributing the valid key in step F8).

  According to the above configuration, even if the gaming device cannot acquire the verification information from the first management device, the permission information can be set in a state where certain security is ensured. For example, even if registration of the verification information to the first management apparatus is delayed, the integrated circuit can perform a predetermined process, so that convenience can be improved.

(8) In the management systems (4) to (7), for example,
The device information includes device identification information which is identification information (for example, a unit serial ID) of the gaming device,
The first management device stores the device identification information together with the verification information in association with the verification information.

  As a result, the relationship between the integrated circuit and the gaming device is also known from the authentication information, and it can be confirmed that the authorized integrated circuit is mounted on the authorized gaming device in the later authentication.

It is a figure which shows an example of the whole flow in embodiment of this invention. It is a block diagram which shows the structure of the card unit and pachinko machine in embodiment of this invention. It is a block diagram which shows the structure of the management system which concerns on embodiment of this invention. It is a block diagram which shows the structure of the key management center server which comprises the management system of FIG. It is a block diagram which shows the structure of the security center server which comprises the management system of FIG. It is a block diagram which shows the structure of the chip maker computer which comprises the management system of FIG. FIG. 4 is a block diagram illustrating a configuration of an IC writer used by a gaming machine manufacturer, which constitutes the management system of FIG. 3. It is a block diagram which shows the structure of the game machine maker computer which comprises the management system of FIG. It is a block diagram which shows the structure of the IC writer used by the card unit maker which comprises the management system of FIG. It is a block diagram which shows the structure of the writing tool which comprises the management system of FIG. It is a block diagram which shows the structure of the high-order server which comprises the management system of FIG. It is a figure which shows an example of the work flow for collating the integrated circuit mounted in a pachinko machine in a manufacture stage. It is a figure which shows an example of the work flow for collating the integrated circuit mounted in a pachinko machine in a manufacture stage. It is a figure which shows an example of correspondence of chip ID and maker code of a main control chip, and chip ID and maker code of a payout control chip. It is a figure which shows an example of the correspondence of the type code and operation information of a main control chip, and the type code and operation information of a payout control chip. It is a figure which shows an example of correspondence of chip ID of a main control chip, a maker code, a model code, etc. It is a figure which shows an example of correspondence of chip | tip ID of a payout control chip | tip, a manufacturer code, a model code, etc. FIG. It is a figure which shows an example of the work flow for collating the integrated circuit mounted in a card unit in a manufacture stage. It is a figure which shows an example of the work flow for collating the integrated circuit mounted in a card unit in a manufacture stage. It is a figure which shows an example of the business flow for collating the integrated circuit mounted in a card unit when a key management center server is an offline state in a manufacture stage. It is a figure which shows an example of the correspondence of the various information stored in a chip maker computer. It is a figure which shows an example of the temporary information stored in a key management center server. It is a figure which shows an example of the operation | movement at the time of the operation | movement confirmation of the management system of FIG. It is a figure which shows an example of the operation | movement in the installation stage of the management system of FIG. It is a figure which shows an example of the operation | movement in the installation stage of the management system of FIG. It is a figure which shows an example of the operation | movement in the installation stage of the management system of FIG. It is a figure which shows an example of the operation | movement in the installation stage of the management system of FIG. It is a figure which shows an example in the operation | movement stage of the management system of FIG. It is a figure which shows an example in the operation | movement stage of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement at the time of replacement | exchange of the pachinko machine of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement at the time of replacement | exchange of the pachinko machine of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG. It is a figure which shows an example of the exceptional operation | movement of the management system of FIG.

  An embodiment of the present invention will be described in detail with reference to FIG.

(Embodiment)
(Outline of management system 1)
The management system 1 (game system) according to the present embodiment includes an integrated circuit (a payout control chip 11, a main control chip 13, and a main control, which will be described later) respectively mounted on a game apparatus (pachinko machine 10 or card unit 20). Unit 21 and communication control IC 23) and a system for managing gaming devices.

  The gaming device is manufactured by mounting an integrated circuit or the like (manufacturing stage), installed in a game hall 500 such as a pachinko parlor (installation stage), and operates to allow a user to play a game (operation stage). .

  The management system 1 authenticates whether, for example, the integrated circuit mounted on the gaming device is valid at each of the manufacturing stage, the installation stage, and the operation stage (see FIG. 1). To do. The management system 1 detects an unauthorized replacement of the integrated circuit (or the control board on which the integrated circuit is mounted) (so-called replacement to the back ROM, etc.) by such authentication in each stage. Further, in the management system 1, an effective key is set in the card unit 20. The card unit 20 can communicate with the pachinko machine 10 for the first time by setting the valid key.

  Here, the manufacturing stage refers to a stage from when each integrated circuit is manufactured until it is mounted on the pachinko machine 10 or the card unit 20 and the pachinko machine 10 or the card unit 20 is shipped. The integrated circuit (mainly the payout control chip 11, the main control chip 13, and the communication control IC 23) is manufactured by the chip manufacturer 100 (see FIG. 3 and the like) which is an integrated circuit manufacturer in the present embodiment. It is shipped to a gaming machine maker 200 (see FIG. 3 and the like) and a card unit maker 600 (see FIG. 3 and the like), which are gaming device makers. That is, the integrated circuit and the gaming device are manufactured by different manufacturers. The gaming machine manufacturer 200 and the card unit manufacturer 600 manufacture the pachinko machine 10 and the card unit 20 by, for example, mounting the integrated circuit shipped by the chip manufacturer 100 on the pachinko machine 10 and the card unit 20, and then ship them.

  The installation stage refers to the gaming machine manufacturer 200 or the card when the game hall 500 (see FIG. 3 or the like) is newly opened or when the pachinko machine 10 or the card unit 20 is replaced in the already opened game hall 500. This is a stage in which the pachinko machine 10 and the card unit 20 shipped from the unit manufacturer 600 are newly installed in the amusement hall 500.

  The operation stage is a stage in which the pachinko machine 10 and the card unit 20 are in operation when the game hall 500 is in operation (that is, a normal operation stage for allowing the user to play a game).

(Pachinko machine 10)
The pachinko machine 10 is arranged at a predetermined position for each model or the like on the game island in the pachinko parlor (amusement hall 500). In the present embodiment, the pachinko machine 10 is a so-called CR-type pachinko machine (in particular, a so-called sealed pachinko machine here). The user plays a game with the pachinko machine 10. The user plays a game by driving a pachinko ball, which is a game medium, into a game area of the pachinko machine 10 in a game played by the pachinko machine 10.

  The pachinko machine 10 is provided with a game nail, a winning opening, a display device, and the like, and includes a game board that forms the game area and a housing that houses the game board (not shown). As shown in FIG. 2, a payout control chip 11 and a main control chip 13 are provided. In the present embodiment, the payout control chip 11 and the main control chip 13 are each configured as one package, and are mounted on a board provided in the pachinko machine 10. For example, the main control chip 13 is mounted on the control board on the game board side of the pachinko machine 10, and the payout control chip 11 is mounted on the control board on the housing side of the pachinko machine 10.

  The payout control chip 11 includes a processing unit 11a including a CPU (Central Processing Unit), a storage unit 11b including a ROM (Read Only Memory) and a RAM (Random Access Memory), and a communication unit 11c including an input / output port. And comprising. The ROM may be a writable ROM such as an EPROM (hereinafter, the same applies to the ROM).

  The storage unit 11b stores predetermined information in addition to the program. The communication unit 11c is used when the processing unit 11a communicates (sends or receives information) with the outside of the payout control chip 11. The processing unit 11a performs a predetermined process according to the program stored in the storage unit 11b. For example, the processing unit 11a exchanges information regarding the lending of pachinko balls with the card unit 20 (communication control IC 23) via the communication unit 11c, thereby performing ball lending processing (visitor ball lending processing, member unit ball lending). Processing and member fraction lending processing). In addition, the processing unit 11a performs processing described later. The processing unit 11a performs processing using information stored in the storage unit 11b and information obtained by communicating with the communication control IC 23 and the main control chip 13 via the communication unit 11c.

  The main control chip 13 includes a processing unit 13a including a CPU, a storage unit 13b including a ROM and a RAM, and a communication unit 13c including an input / output port.

  The storage unit 13b stores predetermined information in addition to the program. The communication unit 13c is used when the processing unit 13a performs communication (information transmission or reception) with the outside of the main control chip 13. The processing unit 13a performs predetermined processing according to the program stored in the storage unit 13b. For example, the processing unit 13a causes each unit of the pachinko machine 10 to perform an effect operation related to a game performed by the pachinko machine 10 (for example, opening / closing a winning opening of the game board and displaying an image on a display device). In addition, the processing unit 13a performs processing described later. The processing unit 13a performs processing using information stored in the storage unit 13b and information obtained by communicating with the payout control chip 11 via the communication unit 13c.

(Card unit 20)
The card unit 20 is arranged corresponding to the pachinko machine 10 (here, adjacent to the left side of the pachinko machine 10). The card unit 20 performs ball lending management, card balance management, and the like. Note that the card unit 20 communicates with the pachinko machine 10 on the condition that an effective key is set as described above. The card unit 20 includes various lamps such as a usable display lamp indicating whether or not the card is usable, a card insertion slot, a card reader / writer for reading a card inserted into the card insertion slot, and the like. The card unit 20 includes a main control unit 21 and a communication control IC 23 as shown in FIG. The main control unit 21 is mounted on the control board together with the communication control IC 23.

  The communication control IC 23 includes a processing unit 23a including a CPU, a storage unit 23b including a ROM and a RAM, and a communication unit 23c including an input / output port.

  The storage unit 23b stores predetermined information in addition to the program. The communication unit 23c is used when the processing unit 23a performs communication (information transmission or reception) with the outside of the communication control IC 23. The processing unit 23a performs a predetermined process according to the program stored in the storage unit 23b. For example, the processing unit 23a relays communication between the main control unit 21 and the payout control chip 11 and performs processing described later. The processing unit 23a performs processing using information stored in the storage unit 23b and information obtained by communicating with the main control unit 21 and the payout control chip 11 via the communication unit 23c. In addition, although mentioned later in detail, the said effective key is memorize | stored in the memory | storage part 23b. The communication control IC 23 can communicate with the payout control chip 11 on this condition.

  The main control unit 21 includes a processing unit 21a including a CPU, a storage unit 21b including a ROM and a RAM, and a communication unit 21c including an input / output port.

  The storage unit 21b stores predetermined information in addition to the program. The communication unit 21c is used when the processing unit 21a communicates with the outside of the main control unit 21. The processing unit 21a performs predetermined processing (information transmission or reception) according to the program stored in the storage unit 21b. For example, the processing unit 21a exchanges information regarding the lending of pachinko balls with the pachinko machine 10 (payout control chip 11) through the communication unit 21c and the communication control IC 23, thereby performing the above-described ball operation. Perform lending processing. In addition, the processing unit 21a controls a card reader / writer to read / write information from / to the card, turn on a lamp, etc., and perform ball lending processing to a host server 510 described later via the communication unit 21c. The obtained sales information or the like is transmitted, or processing described later related to authentication or the like is performed. Note that the processing unit 21a performs processing using information stored in the storage unit 21b and information obtained by communicating with the communication control IC 23, a host server 510 (to be described later), and the like via the communication unit 21c.

(Configuration of management system 1)
As shown in FIG. 3, the management system 1 includes a key management center server 310, a security center server 410, a chip maker computer 110, an IC writer 210, a gaming machine maker computer 220, an IC writer 610, and a writing tool. 620, an upper server 510, a card unit 20, and a pachinko machine 10. The key management center server 310, the security center server 410, and the upper server 510 each function as a management device that manages the integrated circuit.

  The key management center server 310, the security center server 410, the chip maker computer 110, the IC writer 210, the IC writer 610, and the host server 510 are connected to a network N such as the Internet. As appropriate, they can communicate with each other. In order to prevent leakage of information, each device may be connected to another device and a dedicated line as appropriate to communicate with the other device.

  The IC writer 210 and the gaming machine maker computer 220 are connected to each other through a local network or the like so as to communicate with each other. The writing tool 620 and the IC writer 610 are communicably connected to each other via a local network or the like. The host server 510 and the card unit 20 (main control unit 21) are communicably connected to each other via a local network or the like.

(Key management center server 310)
The key management center server 310 is, for example, a general server computer, and is installed outside the game hall 500 (outside the pachinko store) and managed by the key management center 300 (for example, operated by the card unit manufacturer 600). ing. As will be described later, the key management center server 310 performs processing such as authentication key management and authentication.

  As shown in FIG. 4, the key management center server 310 includes a storage unit 312, a control unit 311, an input / output unit 313, and a system bus 314 that connects the units to each other.

  The storage unit 312 includes a main storage unit 315 and an auxiliary storage unit 316. The main storage unit 315 includes a RAM and the like, and is used as a work area for a CPU to be described later. The auxiliary storage unit 316 includes a nonvolatile memory such as a ROM, a magnetic disk, and a semiconductor memory. The auxiliary storage unit 316 stores information (including programs, parameters, and the like) necessary for the control unit 311 to perform processing.

  The control unit 311 includes a CPU and the like. The control unit 311 operates according to a program stored in the auxiliary storage unit 316. Although described in detail later, the control unit 311 performs processing such as authentication key management and authentication.

  The input / output unit 313 includes a communication unit including a serial interface connected to the network N. The control unit 311 transmits and receives information to and from other devices via the communication unit. Further, the input / output unit 313 receives an input operation from a display unit configured by a monitor or the like that is controlled by the control unit 311 and displays a predetermined screen, an employee belonging to the key management center, and the like. An operation input unit configured by a keyboard, a mouse, or the like that supplies an operation signal corresponding to the control unit 311 may be provided. The control unit 311 performs processing according to the supplied operation signal.

(Security Center Server 410)
Returning to FIG. 3, the security center server 410 is, for example, a general server computer, and is installed outside the game hall 500 and operated by a security center 400 (for example, an organization established by the gaming machine manufacturer 200). ). The security center server 410 performs processing such as authentication as will be described later.

  As shown in FIG. 5, the security center server 410 includes a storage unit 412, a control unit 411, an input / output unit 413, and a system bus 414 that interconnects the above units.

  The storage unit 412 includes a main storage unit 415 and an auxiliary storage unit 416. The main storage unit 415 includes a RAM and the like, and is used as a work area for a CPU described later. The auxiliary storage unit 416 includes a nonvolatile memory such as a ROM, a magnetic disk, and a semiconductor memory. The auxiliary storage unit 416 stores information (including programs and parameters) necessary for the control unit 411 to perform processing.

  The control unit 411 includes a CPU and the like. The control unit 411 operates according to a program stored in the auxiliary storage unit 416. Although described later in detail, the control unit 411 performs processing such as authentication.

  The input / output unit 413 includes a communication unit including a serial interface connected to the network N. The control unit 411 transmits / receives information to / from other devices via the communication unit. The input / output unit 413 receives an input operation from a display unit configured by a control unit 411 to display a predetermined screen, an employee belonging to the security center 400, and the like. An operation input unit configured by a keyboard, a mouse, or the like that supplies an operation signal corresponding to the control unit 411 may be provided. The control unit 411 performs processing according to the supplied operation signal.

(Chip maker computer 110)
Returning to FIG. 3, the chip maker computer 110 is, for example, a general computer, installed outside the amusement hall 500, and managed by the chip maker 100. The chip maker computer 110 performs processing such as information transmission and information writing.

  As shown in FIG. 6, the chip maker computer 110 includes a storage unit 112, a control unit 111, an input / output unit 113, and a system bus 114 that interconnects the above units.

  The storage unit 112 includes a main storage unit 115 and an auxiliary storage unit 116. The main storage unit 115 includes a RAM and the like, and is used as a work area for a CPU to be described later. The auxiliary storage unit 116 includes a nonvolatile memory such as a ROM, a magnetic disk, and a semiconductor memory. The auxiliary storage unit 116 stores information (including programs and parameters) necessary for the control unit 111 to perform processing.

  The control unit 111 includes a CPU and the like. The control unit 111 operates by operating according to a program stored in the auxiliary storage unit 116. As will be described in detail later, the control unit 111 performs processing such as transmission of information and writing of information.

  The input / output unit 113 includes a communication unit including a serial interface connected to the network N. The control unit 111 transmits / receives information to / from other devices via the communication unit. The input / output unit 113 receives an input operation from a display unit configured by a control unit 111 to display a predetermined screen, an employee belonging to the chip maker 100, and the like. You may provide the operation input part etc. which consist of a keyboard, a mouse | mouth, etc. which supply the corresponding operation signal to the control part 111. FIG. The control unit 111 performs processing according to the supplied operation signal.

(IC writer 210)
Returning to FIG. 3, the IC writer 210 is, for example, a reader / writer that reads / writes information. The IC writer 210 is shipped from the chip maker 100 and delivered and installed in the gaming machine maker 200 outside the game hall 500. The IC writer 210 performs processing such as writing of programs and various information.

  As shown in FIG. 7, the IC writer 210 includes a storage unit 212, a control unit 211, an input / output unit 213, a writing / reading unit 215, and a system bus 214 that interconnects the above units. .

  The storage unit 212 includes a main storage unit 205 and an auxiliary storage unit 207. The main storage unit 205 includes a RAM and the like, and is used as a work area for a CPU described later. The auxiliary storage unit 207 includes a nonvolatile memory such as a ROM, a magnetic disk, and a semiconductor memory. The auxiliary storage unit 207 stores information (including a program (including a program to be written), parameters, and the like) necessary for the control unit 211 to perform processing.

  The control unit 211 includes a CPU and the like. The control unit 211 operates according to a program stored in the auxiliary storage unit 207. Although described in detail later, the control unit 211 performs processing such as writing of programs and various types of information.

  The input / output unit 213 includes a communication unit including a serial interface connected to the network N, a serial interface connected to the gaming machine manufacturer computer 220, and the like. The control unit 211 transmits and receives information to and from other devices via the communication unit. The input / output unit 213 receives an input operation from a display unit configured by a monitor or the like that is controlled by the control unit 211 and displays a predetermined screen, an employee belonging to the chip maker 100, and the like. You may provide the operation input part etc. which consist of a keyboard, a mouse | mouth, etc. which supply the corresponding operation signal to the control part 211. FIG. The control unit 211 performs processing according to the supplied operation signal.

  The writing / reading unit 215 reads / writes information between the main control chip 13 and the payout control chip 11. The writing / reading unit 215 performs processing for writing a program and various types of information under the control of the control unit 211.

(Game machine manufacturer computer 220)
Returning to FIG. 3, the gaming machine manufacturer computer 220 is, for example, a general computer, and is installed outside the game hall 500 and managed by the gaming machine manufacturer 200. The gaming machine manufacturer computer 220 outputs predetermined information.

  As shown in FIG. 8, the gaming machine manufacturer computer 220 includes a storage unit 222, a control unit 221, an input / output unit 223, and a system bus 224 that connects the above units to each other.

  The storage unit 222 includes a main storage unit 225 and an auxiliary storage unit 226. The main storage unit 225 includes a RAM and the like, and is used as a work area for a CPU described later. The auxiliary storage unit 226 includes a nonvolatile memory such as a ROM, a magnetic disk, and a semiconductor memory. The auxiliary storage unit 226 stores information (including a program to be written) necessary for the control unit 221 to perform processing.

  The control unit 221 includes a CPU and the like. The control unit 221 operates according to a program stored in the auxiliary storage unit 226. Although described later in detail, the control unit 221 performs processing such as output of information.

  The input / output unit 223 includes a communication unit including a serial interface connected to the network N. The control unit 221 transmits and receives information to and from other devices via the communication unit. In addition, the input / output unit 223 receives and accepts input operations from a display unit configured by a monitor or the like that is controlled by the control unit 221 and displays a predetermined screen, an employee belonging to the gaming machine manufacturer 200, and the like. You may provide the operation input part comprised from the keyboard, mouse, etc. which supply the operation signal according to operation to the control part 221. The control unit 221 performs processing according to the supplied operation signal.

(IC writer 610)
Returning to FIG. 3, the IC writer 610 is, for example, a reader / writer that reads / writes information. The IC writer 610 is shipped from the chip maker 100 and is delivered and installed in the card unit maker 600 outside the game room 500. The IC writer 610 performs processing for writing programs and various information.

  As shown in FIG. 9, the IC writer 610 includes a storage unit 612, a control unit 611, an input / output unit 613, a writing / reading unit 615, and a system bus 614 that interconnects the above units. .

  The storage unit 612 includes a main storage unit 605 and an auxiliary storage unit 606. The main storage unit 605 includes a RAM and the like, and is used as a work area for a CPU described later. The auxiliary storage unit 606 includes a nonvolatile memory such as a ROM, a magnetic disk, and a semiconductor memory. The auxiliary storage unit 606 stores information necessary for the control unit 611 to perform processing (including a program to be written (including a program to be written)).

  The control unit 611 includes a CPU and the like. The control unit 611 operates according to a program stored in the auxiliary storage unit 606. Although described in detail later, the control unit 611 performs processing such as writing of programs and various types of information.

  The input / output unit 613 includes a communication unit including a serial interface connected to the network N, a serial interface connected to the writing tool 620, and the like. The control unit 611 transmits and receives information to and from other devices via the communication unit. In addition, the input / output unit 613 receives and accepts input operations from a display unit configured by a control unit 611 to display a predetermined screen, an employee belonging to the gaming machine manufacturer 200, and the like. You may provide the operation input part etc. which consist of a keyboard, a mouse | mouth, etc. which supply the operation signal according to operation to the control part 611. The control unit 611 performs processing according to the supplied operation signal.

  The writing / reading unit 615 reads / writes information with the communication control IC 23. The writing / reading unit 615 performs processing for writing a program and various types of information under the control of the control unit 611.

(Writing tool 620)
Returning to FIG. 3, the writing tool 620 is, for example, a general computer, is installed outside the amusement hall 500, and is managed by the card unit manufacturer 600. The writing tool 620 outputs predetermined information.

  As shown in FIG. 10, the writing tool 620 includes a storage unit 622, a control unit 621, an input / output unit 623, and a system bus 624 that connects the above units to each other.

  The storage unit 622 includes a main storage unit 625 and an auxiliary storage unit 626. The main storage unit 625 is configured to include a RAM and the like, and is used as a work area of a CPU described later. The auxiliary storage unit 626 includes a nonvolatile memory such as a ROM, a magnetic disk, and a semiconductor memory. The auxiliary storage unit 626 stores information (including a program to be written) necessary for the control unit 621 to perform processing.

  The control unit 621 includes a CPU and the like. The control unit 621 operates according to a program stored in the auxiliary storage unit 626. Although described later in detail, the control unit 621 performs processing such as output of information.

  The input / output unit 623 includes a communication unit including a serial interface connected to the IC writer 610. The control unit 621 transmits and receives information to and from other devices via the communication unit. The input / output unit 623 receives and accepts input operations from a display unit that is controlled by the control unit 611 and displays a predetermined screen, an employee belonging to the gaming machine manufacturer 200, and the like. You may provide the operation input part etc. which consist of a keyboard, a mouse | mouth, etc. which supply the operation signal according to operation to the control part 611. The control unit 611 performs processing according to the supplied operation signal.

  The writing / reading unit 625 reads / writes information from / to the main control unit 21. The writing / reading unit 625 performs processing for writing a program and various information under the control of the control unit 621.

(Upper server 510)
Returning to FIG. 3, the upper server 510 is, for example, a general server computer, and is installed at a predetermined location (for example, a management office) of the game hall 500 and a plurality of card units installed in the game hall 500. 20 is an on-site management device that manages 20 and a plurality of pachinko machines 10 respectively. The host server 510 is connected to the key management center server 310 and a plurality of card units 20 installed in the game hall 500 so that they can communicate with each other. The host server 510 controls, for example, the card unit 20 in addition to counting sales information and the like transmitted from each card unit 20. The host server 510 is installed, for example, for each pachinko parlor (for each game hall 500). The host server 510 performs other processing related to authentication of the integrated circuit.

  As shown in FIG. 11, the upper server 510 includes a storage unit 512, a control unit 511, an input / output unit 513, and a system bus 514 that connects the above units to each other.

  The storage unit 512 includes a main storage unit 515 and an auxiliary storage unit 516. The main storage unit 515 includes a RAM and the like, and is used as a work area for a CPU to be described later. The auxiliary storage unit 516 includes a nonvolatile memory such as a ROM, a magnetic disk, and a semiconductor memory. The auxiliary storage unit 516 stores information (including a program to be written) necessary for the control unit 511 to perform processing.

  The control unit 511 includes a CPU and the like. The control unit 511 operates according to a program stored in the auxiliary storage unit 516. Although described in detail later, the control unit 511 performs processing related to authentication of the integrated circuit.

  The input / output unit 513 includes a communication unit including a serial interface connected to the network N and a serial interface connected to each card unit 20 (main control unit 21). The control unit 511 transmits / receives information to / from other devices via the communication unit. The input / output unit 513 receives an input operation from a display unit configured by a control unit 511 to display a predetermined screen, an employee of a game hall, and the like, and responds to the received operation. You may provide the operation input part etc. which consist of a keyboard, a mouse | mouth, etc. which supply the operation signal to the control part 511. The control unit 511 performs processing according to the supplied operation signal.

(Operation of management system 1)
Next, the operation of the management system 1 will be described with reference to the drawings. Note that an algorithm for encryption communication performed using a key for encryption or decryption of a delivery key, a write key, a temporary authentication key, a main authentication key, a session key and the like, which will be described later, is arbitrary. For example, a common key encryption method such as a DES (Data Encryption Standard) method or an AES (Advanced Encryption Standard) method is used.

  In the following collation, if both pieces of information to be collated indicate the same contents (for example, if both pieces of information are the same information and identify the same), the collation result is When collation is OK and the same content is not indicated (for example, when the same information is not identified because both information are different, for example), the collation result is regarded as collation NG.

  In addition, transmission / reception of information between the devices described below is performed via a communication unit included in each device. Furthermore, each step below is performed by an appropriate method and timing such as, for example, an employee operating each device operating the operation input unit. Also, information stored in the auxiliary storage unit or the like in advance by each device is stored in the auxiliary storage unit by an appropriate method such as an operation on the operation input unit.

(Manufacturing stage of pachinko machine 10)
The operation of the management system 1 in the manufacturing stage of the pachinko machine 10 will be described with further reference to FIGS. In FIGS. 12 and 13, information surrounded by a solid line indicates information stored before, and information surrounded by a broken line indicates information stored during processing.

  As described above, at the manufacturing stage of the pachinko machine 10, the main control chip 13 and the payout control chip 11 manufactured and shipped by the chip manufacturer 100 are delivered to the gaming machine manufacturer 200, and the gaming machine manufacturer 200 receives the delivered main control. The pachinko machine 10 on which the chip 13 and the payout control chip 11 are mounted is manufactured. Since the pachinko machine 10 is normally mass-produced, a plurality of main control chips 13 and payout control chips 11 are manufactured and delivered for each model of the pachinko machine 10.

  In the manufacturing stage of the pachinko machine 10, predetermined information is written to the plurality of main control chips 13 and the plurality of payout control chips 11 by the IC writer 210. The IC writer 210 is manufactured by the chip manufacturer 100 that manufactures the main control chip 13 and the payout control chip 11, and is delivered to the gaming machine manufacturer 200 together with the main control chip 13 and the payout control chip 11. In the gaming machine manufacturer 200, information is written into the plurality of main control chips 13 and the plurality of payout control chips 11 by the IC writer 210.

  As shown in FIG. 12, the chip manufacturer 100 manufactures an IC writer 210 and ships it to the gaming machine manufacturer 200 (step A1). The control unit 111 of the chip maker computer 110 transmits information stored in the auxiliary storage unit 116 to the security center server 410, and the control unit 411 of the security center server 410 stores the transmitted information in the auxiliary storage unit 416. (Step A2). Further, the chip maker 100 manufactures (mass production) the main control chip 13 and the payout control chip 11 and ships them to the gaming machine maker 200 (step A3).

  The chip maker 100 ships the IC writer 210, the plurality of main control chips 13, and the payout control chip 11 in steps A1 and A3.

  The auxiliary storage unit 207 of the IC writer 210 stores a manufacturer code, a delivery key, a write key, and a writer ID.

  The manufacturer code is identification information for uniquely identifying the gaming machine manufacturer 200 to which the IC writer 210 is shipped, and is made up of, for example, a combination of alphanumeric characters unique to each gaming machine manufacturer 200. In the present embodiment, the manufacturer code of the main control chip 13 (manufacturer code (main control chip) in the figure) and the manufacturer code of the payout control chip 11 (manufacturer code (payout control chip) in the figure) are used as the manufacturer codes. , Is set.

  The delivery key and the write key are keys used when encrypting and decrypting predetermined information in encrypted communication.

  The writer ID is identification information for uniquely identifying the IC writer 210, and is composed of, for example, a combination of alphanumeric characters unique to each IC writer 210.

  The storage unit 13b of the main control chip 13 shipped to the gaming machine manufacturer 200 has a chip ID of the main control chip 13 that is identification information for identifying itself, and a manufacturer that identifies the manufacturer to which the main control chip 13 is shipped. A code (the same information as the manufacturer code of the main control chip 13 stored in the IC writer 210), a writing key (the same key as the writing key stored in the IC writer 210), a program, and the like are stored.

  The chip ID of the main control chip 13 is information for uniquely identifying the main control chip 13, and is composed of, for example, a combination of alphanumeric characters unique to each main control chip 13.

  In the storage unit 11b of the payout control chip 11 shipped to the gaming machine manufacturer 200, the chip ID of the payout control chip 11 that is identification information for identifying itself, and the manufacturer that identifies the manufacturer to which the payout control chip 11 is shipped. A code (the same information as the manufacturer code of the payout control chip 11 stored in the IC writer 210), a write key (the same key as the write key stored in the IC writer 210), a program, and the like are stored.

  The chip ID of the payout control chip 11 is information for uniquely identifying the payout control chip 11, and is composed of, for example, a combination of alphanumeric characters unique to each payout control chip 11.

  The auxiliary storage unit 116 of the chip maker computer 110 stores the chip ID and maker code of the payout control chip 11 and the main control corresponding to the IC writer 210, the payout control chip 11, and the main control chip 13 shipped by the chip maker 100. The chip ID and manufacturer code of the chip 13, the writer ID, the delivery key, and the write key are stored. Each piece of information stored in the auxiliary storage unit 116 is the same information as each piece of information stored in the IC writer 210, the payout control chip 11, and the main control chip 13.

  As shown in FIG. 14, a plurality of chip IDs and manufacturer codes of the payout control chip 11 are stored in the auxiliary storage unit 116 in association with each other. A plurality of chip IDs and manufacturer codes of the main control chip 13 are stored in the auxiliary storage unit 116 in association with each other. These pieces of information are associated with the delivery key and the write key, are associated with the writer ID, and are stored for each writer ID. Since the IC writer 210 and the like are manufactured and delivered for each gaming machine manufacturer 200, the writer ID is stored in the plurality of auxiliary storage units 116, and each piece of information associated with the writer ID (hereinafter referred to as authentication). Information) is also stored in the multiple group auxiliary storage unit 116.

  In step A2, the control unit 111 of the chip manufacturer computer 110 transmits the authentication information stored in the auxiliary storage unit 116 to the security center server 410 for each writer ID.

  In step A2, when the control unit 411 receives the writer ID and the authentication information from the chip maker computer 110, the control unit 411 stores the received information in the auxiliary storage unit 416 while maintaining the correspondence relationship.

  Next, the control unit 221 of the gaming machine manufacturer computer 220 transmits the information stored in the auxiliary storage unit 226 to the IC writer 210, and the IC writer 210 stores the transmitted predetermined information in the auxiliary storage unit 207. (Step A4).

  In the auxiliary storage unit 226 of the gaming machine manufacturer computer 220, the model code of the pachinko machine 10 on which the main control chip 13 and the payout control chip 11 delivered to the gaming machine manufacturer 200 in step A3 and the delivery of the pachinko machine 10 are delivered. Stores the game hall information of the previous game hall 500.

  The model code of the pachinko machine 10 may be a model code of some components of the pachinko machine 10 (for example, a housing and a game board). Here, as the model code of the pachinko machine 10, the model code of the main control chip 13 (model code (main control chip) in the figure) and the model code of the dispensing control chip 11 (model code (dispensing control chip) in the figure)) There is. Each model code is identification information for uniquely identifying the pachinko machine 10, and here, for example, each model code is formed of a combination (model) of alphanumeric characters that is unique to each of these codes. For example, when the main control chip 13 is mounted on the control board of the game board of the pachinko machine 10, the model code of the main control chip 13 becomes the model code of the game board. When the payout control chip 11 is mounted on the control board of the housing of the pachinko machine 10, the type code of the payout control chip 11 is the type code of the housing.

  The game hall information is identification information for uniquely identifying the game hall 500, and includes a unique combination of alphanumeric characters for each of the game halls 500.

  Further, the auxiliary storage unit 226 of the gaming machine manufacturer computer 220 includes information including programs and data for causing the main control chip 13 (the processing unit 13a) to perform a certain process (for example, a process related to a rendering operation related to a game). (Main control chip operation information (not shown in FIG. 12 and the like)) and information including programs and data for causing the payout control chip 11 (processing unit 11a) to perform certain processing (for example, ball lending processing). (Payout control chip operation information (not shown in FIG. 12, etc.)) are stored.

  As shown in FIG. 15, the auxiliary storage unit 226 stores the model code of the main control chip 13 and the main control chip operation information in association with each other, and the model code of the payout control chip 11 and the payout control chip operation information correspond to each other. These pieces of information are stored in association with the game hall information. Since the pachinko machine 10 is mass-produced and shipped to various game halls 500, a plurality of game hall information is stored in the auxiliary storage unit 226. Further, since the IC writer 210 is used for manufacturing one type of pachinko machine 10, each main control chip operation information in FIG. 15 has the same contents, and each payout control chip operation information has the same contents. It is. Each type code of the payout control chip 11 has the same contents, and each type code of the main control chip 13 has the same contents.

  In step A4, the control unit 221 stores the type code of the main control chip 13, the main control chip operation information, the type code of the payout control chip 11, the payout control chip operation information, and the game hall information stored in the auxiliary storage unit 226. Are transmitted to the IC writer 210. In step A4, when the control unit 211 receives the information, the control unit 211 stores the received information in the auxiliary storage unit 207 while maintaining the correspondence relationship.

  When the processing as described above is performed, the gaming machine maker 200 divides the plurality of main control chips 13 and the payout control chips 11 shipped from the chip maker 100 for each gaming hall 500 to which the pachinko machine 100 is shipped, The following processing is performed for each group.

  The control unit 211 of the IC writer / writer 210 reads the manufacturer code of the main control chip 13 stored in the main control chip 13 shipped from the chip manufacturer 100 in step A3, and stores the main control chip stored in the auxiliary storage unit 207. It collates with 13 manufacturer codes (step A5).

  The reading is performed by the control unit 211 communicating with each other via the writing / reading unit 215 and the processing unit 21a communicating with each other via the communication unit 21c. Specifically, in this communication, the control unit 211 transmits a maker code transmission request to the processing unit 21a. When the processing unit 21a receives the transmission request, the control unit 211 stores the maker code stored in the storage unit 21b. 211. Thereby, each information is read. Note that the communication at this time is performed by encryption communication using the write key stored in both as a key. Note that this reading is the same for reading other information and reading with the payout control chip 11, and the details are omitted in the following description.

  When the collation result is the collation OK, the control unit 211 reads the chip ID of the main control chip 13 from the main control chip 13 (step A6). In the case of verification OK, the main control chip 13 is a chip to which the IC writer 210 writes information and is a legitimate one that has not been replaced before being delivered to the gaming machine manufacturer 200 or the like. . In this case, the control unit 211 performs the following processing.

  When the collation result is collation OK, the control unit 211 stores the model code of the main control chip 13 stored in the auxiliary storage unit 207 together with the main control chip operation information associated with the model code. Write to the arbitrarily selected main control chip 13 (step A7). At this time, the IC writer 210 may perform writing by including the program and data relating to the operation of the main control chip 13 created by the chip manufacturer 100 in the main control chip operation information. In this case, it is assumed that the chip maker 100 stores the program and data in the auxiliary storage unit 216 of the IC writer 210.

  The writing is performed by the control unit 211 communicating with each other via the writing / reading unit 215 and the processing unit 21a communicating with each other via the communication unit 21c. Specifically, in this communication, the control unit 211 transmits a model code and main control chip operation information to the processing unit 21a together with a storage request, and the processing unit 21a transmits the model code and main control chip operation information. When the storage request is received, the received model code and main control chip operation information are stored in the storage unit 21b. As a result, writing is performed. Note that the communication at this time is performed by encrypted communication using the write key stored in both as a key. This writing is the same for writing other information and writing with the payout control chip 11, and the details are omitted in the following description.

  After writing and reading as described above, the control unit 211 of the IC writer 210 associates the chip ID, manufacturer code, and model code for the main control chip 13 with each other, and stores the auxiliary storage unit 207 for each game hall information. (See FIG. 16). Thereby, information (chip ID, manufacturer code and model code) related to the main control chip 13 recorded in the IC writer 210 and information (chip ID, manufacturer code) related to the main control chip 13 recorded in the main control chip 13. , And model code) correspond to each other. Further, it can be seen from this correspondence that the main control chip 13 identified by a certain chip ID is shipped to the gaming machine manufacturer 200 identified by the manufacturer code corresponding to this chip ID. Further, the main control chip 13 identified by a certain chip ID by this correspondence relationship is used for the pachinko machine 10 (or some components (for example, a housing and a game board)) identified by the model code corresponding to the chip ID. It can be seen that it was mounted on.

  In addition, when the collation result of the collation is collation NG, the control unit 211 stops the processing after step A6 and performs predetermined notification processing (for example, collation NG to the display device included in the input / output unit 213). And a buzzer included in the input / output unit 213 are sounded). In the case of collation NG, since there is a high possibility that the main control chip 13 has been replaced, such processing is performed to notify the employees and the like that the replacement has been performed. In addition, since such a notification process is the same also when it becomes collation NG in subsequent collation, description is abbreviate | omitted.

  Next, the control unit 211 of the IC writer 210 reads the maker code of the payout control chip 11 stored in the payout control chip 11 shipped from the chip maker 100 in step A3, and the payout stored in the auxiliary storage unit 207. It collates with the manufacturer code of the control chip 11 (step A8).

  When the collation result by the collation is the collation OK, the control unit 211 reads the chip ID of the payout control chip 11 from the payout control chip 11 (step A9). In the case of collation OK, the payout control chip 11 is a chip to which the IC writer 210 writes information and is a legitimate one that is not replaced before being delivered to the gaming machine manufacturer 200 or the like. In this case, the control unit 211 performs the following processing.

  When the collation result is the collation OK, the control unit 211 dispenses the model code of the dispensing control chip 11 stored in the auxiliary storage unit 207 together with the dispensing control chip operation information associated with the model code. Write to the control chip 11 (step A10). At this time, the IC writer 210 may write the program and data relating to the operation of the payout control chip 23 created by the chip manufacturer 100 in the payout control chip operation information. In this case, it is assumed that the chip maker 100 stores the program and data in the auxiliary storage unit 216 of the IC writer 210.

  After writing and reading as described above, the control unit 211 of the IC writer 210 associates the chip ID, maker code, and model code for the payout control chip 11 with each other, and auxiliary storage unit 207 for each game hall information. (See FIG. 17). Thereby, information (chip ID, manufacturer code, and model code) related to the payout control chip 11 recorded in the IC writer 210 and information related to the payout control chip 11 recorded in the payout control chip 11 (chip ID, manufacturer). Code and model code). Also, it can be seen from this correspondence that the payout control chip 11 identified by a certain chip ID has been shipped to the gaming machine manufacturer 200 identified by the manufacturer code corresponding to this chip ID. Further, the payout control chip 11 identified by a certain chip ID by this correspondence relationship is used for the pachinko machine 10 (or some components (for example, a housing and a game board)) identified by the model code corresponding to the chip ID. ).

  In the manufacturing process of the pachinko machine 10, the gaming machine manufacturer 200 is mounted by mounting the main control chip 13 and the payout control chip 11 in which the above information is written on each control board of the pachinko machine 10. Then, the gaming machine 10 on which the main control chip 13 and the payout control chip 11 are mounted is manufactured. The main control chip 13 and the payout control chip 11 are mounted on the pachinko machine 10 identified by the model code stored in them.

  Next, as shown in FIG. 13, the control unit 211 of the IC writer 210 stores information related to the payout control chip 11, information related to the main control chip 13, writer ID, and game hall information stored in the auxiliary storage unit 207. (These pieces of information are collectively referred to as shipping information.) Are encrypted with a delivery key and transmitted to the security server 410, and the control unit 411 of the security server 410 sets the same writer ID as the writer ID included in the received shipping information. The delivery key of the associated authentication information is acquired from the auxiliary storage unit 416, and the received shipping information is decrypted using the acquired delivery key and stored in the auxiliary storage unit 416 (step A11).

  The shipping information may include the chip IDs and maker codes of all the main control chips 13 and the payout control chips 11 shipped in step A3, or includes a part of the chip IDs and maker codes. There may be. That is, for all the main control chips 13 and the payout control chips 11 shipped in step A3, the shipping information may be transmitted after performing steps A5 to A10. Even if the shipping information is transmitted for every predetermined number of main control chips 13 and payout control chips 11 out of all the main control chips 13 and payout control chips 11 shipped in step A3, each time steps A5 to A10 are performed. good. The subsequent processing is performed at an appropriate timing each time the shipping information is stored in the auxiliary storage unit 416, for example.

  The control unit 411 collates each chip ID and each manufacturer code included in the shipping information stored in the auxiliary storage unit 416 with each chip ID and each manufacturer code included in the authentication information (step A12). That is, each corresponding information is collated.

  When the collation result for all the information is collation OK, the control unit 411 indicates that there is no chip replacement or the like, so all the main control chips 13 and the payout control chips shipped in step A3. 11 is determined to be valid. In this case, the subsequent processing is continued.

  On the other hand, in cases other than the above, that is, when the collation result is collation NG for at least some information, the control unit 411 stops the subsequent processing and, for example, the IC writer 210 via the input / output unit 413. A notification request is transmitted. Upon receiving such a notification request, the control unit 211 of the IC writer 210 performs notification processing as described above using the input / output unit 213 to notify an employee or the like that the replacement has been performed. In the case of collation NG, since there is a high possibility that the main control chip 13 has been replaced, such processing is performed to notify the employees and the like that the replacement has been performed.

  If the control unit 411 determines that the verification is OK in step A12, the chip ID, manufacturer code, model code, and the main control chip 13 and the payout control chip 11 included in the shipping information stored in the auxiliary storage unit 416, and The game hall information is transmitted to the key management center server 310 as registration information used for later verification (chip authentication). When the control unit 311 of the key management center server 310 receives the registration information, the received registration information is received. Information is stored in the auxiliary storage unit 316 (step A13).

  The pachinko machine 10 manufactured as described above is shipped to a predetermined pachinko shop (amusement hall 500 (amusement hall identified by the amusement hall information recorded in the IC writer 210)).

  According to the above processing, the chip ID, the manufacturer code, and the like are collated, so that the payout control chip 11 and the main control chip 13 can be replaced until these chips are manufactured and shipped, or in a pachinko machine. It is detected until the machine 10 is manufactured.

(Manufacturing stage of card unit 20)
Next, details of the operation of the management system 1 in the manufacturing stage of the card unit 20 will be described with reference to FIGS. Similarly to the above, in FIGS. 18 to 20, information surrounded by a solid line indicates previously stored information, and information surrounded by a broken line indicates information stored during processing.

  As described above, at the manufacturing stage of the card unit 20, the communication control IC 23 manufactured and shipped by the chip manufacturer 100 is delivered to the card unit manufacturer 600. The card unit manufacturer 600 includes the delivered communication control IC 23 and the card unit manufacturer. The card unit 20 mounted with the main control unit 21 manufactured by 600 is manufactured. Since the card unit 20 is normally mass-produced, a plurality of communication control ICs 23 are manufactured and delivered for each model of the card unit 20. A plurality of main control units 21 paired with the communication control IC 23 are also manufactured corresponding to the communication control IC 23.

  Further, at the manufacturing stage of the card unit 20, predetermined information is written into the communication control IC 23 by the IC writer 610. The IC writer 210 is manufactured by the chip manufacturer 100 that manufactures the communication control IC 23 and delivered to the gaming machine manufacturer 200 together with the communication control IC 23. In the card unit manufacturer 600, information is written into the plurality of communication control ICs 23 by the IC writer 210.

  As shown in FIG. 18, the chip manufacturer 100 manufactures an IC writer 210 and ships it to the gaming machine manufacturer 200 (step B1). The control unit 111 of the chip manufacturer computer 110 transmits information stored in the auxiliary storage unit 116 to the key management center server 310, and the control unit 311 of the key management center server 310 transmits the transmitted information to the auxiliary storage unit 316. (Step B2). The control unit 311 of the key management center server 310 distributes a later-described effective key of the information stored in the auxiliary storage unit 316 to the upper server 510, and the control unit 511 of the upper server 510 assists the distributed effective key. The data is stored in the storage unit 516 (step B3). Further, the chip manufacturer 100 manufactures (mass production) the communication control IC 23 and ships to the card unit manufacturer 600 (step B4).

  The chip maker 100 ships the IC writer 610 and the plurality of communication control ICs 23 in steps B1 and B4.

  The auxiliary storage unit 606 of the IC writer 610 stores a manufacturer code, a delivery key, a write key, and a writer ID.

  The manufacturer code is identification information for uniquely identifying the card unit manufacturer 600 to which the IC writer 610 is shipped, and is made up of, for example, a combination of alphanumeric characters unique to each card unit manufacturer 600.

  The delivery key and the write key are keys used when encrypting and decrypting predetermined information in encrypted communication.

  The delivery key stored in the IC writer 210 and the delivery key stored in the IC writer 610 have different contents. The write key stored in the IC writer 210 and the write key stored in the IC writer 610 have different contents.

  The writer ID is identification information for uniquely identifying the IC writer 610, and is composed of, for example, a combination of alphanumeric characters unique to each IC writer 610.

  In the storage unit 23b of the communication control IC 23 shipped to the card unit manufacturer 600, a communication control serial ID, which is identification information for identifying itself, and a manufacturer code (IC writer 610) for identifying the manufacturer to which the communication control IC 23 is shipped. The same information as the manufacturer code stored in the memory), a writing key (the same key as the writing key stored in the IC writer 610), a program, and the like are stored.

  The communication control serial ID is information for uniquely identifying the communication control IC 23, and is composed of, for example, a combination of alphanumeric characters unique to each communication control IC 23.

  The auxiliary storage unit 116 of the chip maker computer 110 includes a communication control serial ID, a writer ID, a maker code, a delivery key, and a write key corresponding to the IC writer 610 and the communication control IC 23 shipped by the chip maker 100. , Writer operation settings, temporary authentication key, key version, main authentication key, and valid key are stored. Since the IC writer 610 is mass-produced, a plurality of these pieces of information are stored in association with each writer ID (see FIG. 21). A plurality of communication control serial IDs are stored since the communication control IC 23 is mass-produced (see FIG. 21). The communication control serial ID, writer ID, maker code, delivery key, and write key correspond to the communication control serial ID stored in each communication control IC 23 and each information stored in the IC writer 610, respectively. This is the same content information.

  The writer operation setting indicates whether the IC writer 610 can be operated even when the IC writer 610 described later and the key management center server 310 cannot communicate with each other. Is set by an operation of an employee of the chip maker 100 or the like when stored in the auxiliary storage unit 116 of the chip maker computer 110. As will be described later, after being stored in the IC writer 610, the setting contents of the writer operation setting can be changed via the network by an employee or the like operating the key management center server 310.

  The temporary authentication key and the main authentication key are used for encrypted communication, and are keys for encryption and decryption.

  The key version is information indicating the key version of the temporary authentication key and the main authentication key.

  The valid key is information that allows the communication control IC 23 to perform processing (communication with the payout control chip 11 of the pachinko machine 10) described later. In the present embodiment, the communication control IC 23 is configured to be able to perform the processing described later by storing the valid key in the storage unit 23b of the communication control IC 23.

  In step B2, the control unit 111 converts the writer ID, the manufacturer code, the writer operation setting, the temporary authentication key, the key version, and the main authentication key, which are stored in the auxiliary storage unit 116, into the IC writer information. Are transmitted to the key management center server 310 together with the valid key and the delivery key. When the control unit 311 of the key management center server 310 receives the above information in step B2, the control unit 311 stores the received information in the auxiliary storage unit 316 while maintaining the correspondence.

  The control unit 111 encrypts the valid key with the write key stored in the auxiliary storage unit 226 and transmits the encrypted key to the key management center server 310. The control unit 311 of the key management center server 310 stores the received valid key in the auxiliary storage unit 316 in an encrypted state.

  In step B3, the control unit 311 of the key management center server 310 transmits the encrypted valid key stored in the auxiliary storage unit 316 to the upper server 510, and the control unit 511 of the upper server 510 receives the received encryption key. The converted effective key is stored in the auxiliary storage unit 516. Authentication information for authentication is set in advance in the key management center server 310 and the upper server 510, and the key management center server 310 receives the authentication information from the upper server 510 and is set in itself. Perform authentication and authentication. Then, the key management center server 310 distributes the valid key when the authentication information is successfully authenticated.

  In addition, the control unit 111 of the chip manufacturer computer transmits a plurality of communication control serial IDs stored in the auxiliary storage unit 116 to the key management center server 310, and the control unit 311 of the key management center server 310 receives the communication control serial ID. When the ID is received, the received communication control serial ID is stored in the auxiliary storage unit 316 as a part of temporary information used later (step B5). At this time, for example, the control unit 111 transmits a writer ID corresponding to the communication control serial ID together with the communication control serial ID. When the control unit 311 of the key management center server 310 receives the communication control serial ID together with the writer ID or the like, the control unit 311 associates the received communication control serial ID with the IC writer information including the writer ID or the like corresponding to the communication control serial ID. And stored in the auxiliary storage unit 316. In this way, the communication control serial ID is associated with the corresponding IC writer information.

  In addition, the control unit 611 of the IC writer 610 encrypts the writer ID and the manufacturer code stored in the auxiliary storage unit 606 with the delivery key, and transmits the encrypted writer ID to the key management center server 310. The control unit 311 of the key management center server 310 decrypts the writer ID and maker code transmitted from the IC writer 610 with the delivery key, and stores the decrypted writer ID and maker code and IC in the auxiliary storage unit 316. The writer ID stored as the writer information and the manufacturer code are collated (step B6). In step B6, if the information encrypted with the delivery key cannot be transmitted for reasons such as being unable to communicate with the key management center server 310, the control unit 611 waits until transmission is possible, Informs that transmission is not possible via the input / output unit 613 without performing subsequent processing (for example, an indication that transmission cannot be performed on the display unit included in the input / output unit 613, and a buzzer included in the input / output unit 613 Etc.).

  If the collation result for each of the writer ID and the manufacturer code is collation OK (when the auxiliary storage unit 316 stores the same information as the decrypted writer ID and the manufacturer code), the collation result in step B6 Is collated OK, otherwise it is collated NG.

  In the case of verification NG, the control unit 311 stops the subsequent processing and transmits a verification NG message to the IC writer 610. When the control unit 611 receives the verification NG, the control unit 611 stops the process and displays a predetermined notification process (for example, display of the verification NG on the display unit included in the input / output unit 613) via the input / output unit 613 or the like. And buzzer included in the input / output unit 613. Since the IC writer 610 itself is not legitimate, it can be notified by performing such processing.

  When the collation result is OK in step B6, the control unit 311 auxiliary stores the writer operation setting, temporary authentication key, and key version included in the IC writer information stored in the key management auxiliary storage unit 316. Encrypted with the delivery key stored in the unit 316 and transmitted to the IC writer 610, the control unit 611 of the IC writer 610 transmits the writer operation setting, temporary authentication key, and key version transmitted from the key management center server 310. Is decrypted with the delivery key stored in the auxiliary storage unit 616 and stored in the auxiliary storage unit 606 (step B7).

  Next, the control unit 611 reads the manufacturer code stored in the communication control IC 23 shipped from the chip manufacturer 100 in step B4 and collates it with the manufacturer code stored in the auxiliary storage unit 606 (step B8).

  The reading is performed by the control unit 611 communicating with each other through the writing / reading unit 615 and the processing unit 23a through the communication unit 23c. Specifically, in this communication, the control unit 611 transmits a maker code transmission request to the processing unit 23a. Upon receiving this transmission request, the processing unit 23a transmits the maker code stored in the storage unit 23b to the control unit. To 611. As a result, reading is performed. Note that the communication at this time is performed by encrypted communication using the write key stored in both as a key. Since this reading is the same for reading other information, details are omitted in the following description.

  Subsequently, the control unit 611 of the IC writer 610 reads the communication control serial ID stored in one communication control IC 23 shipped from the chip manufacturer 100 when the collation result in step B8 is collation OK, and performs communication control. The serial ID is stored in the auxiliary storage unit 606 (step B9). In the case of verification OK, the communication control IC 23 is an IC to which the IC writer 610 writes information, and is a valid one that is not replaced before delivery to the card unit manufacturer 600 or the like. In this case, the control unit 611 performs the subsequent processing.

  In addition, when the collation result of the collation is collation NG, the control unit 611 stops the process after step B10 and performs the predetermined notification process via the input / output unit 613 or the like. In the case of collation NG, since there is a high possibility that the communication control IC 23 has been replaced, such processing is performed to notify the employee or the like that the replacement has been performed. In addition, since such processing is the same when the collation is NG in the subsequent collation, the description thereof is omitted.

  Next, in the case of collation OK, the control unit 611 of the IC writer 610 transmits an information transmission request to the writing tool 620. Upon receiving the transmission request, the control unit 621 of the writing tool 620 receives the auxiliary storage unit 626. The predetermined information stored in is transmitted to the IC writer 610, and the control unit 611 stores the transmitted predetermined information in the auxiliary storage unit 616 (step B10).

  The auxiliary storage unit 626 of the writing tool 620 has a unit serial ID and a program for causing the communication control IC 23 (processing unit 23a) to perform certain processing (for example, processing related to communication with the main control unit 21). And information (communication control IC operation information (not shown in FIGS. 18, 19, etc.)) and certain processing (for example, ball lending processing, card reader control) to the main control unit 21 (processing unit 21a) Information such as programs and data (main control unit operation information (not shown in FIGS. 18 and 19, etc.)) for performing processing, processing for lighting the lamp, and the like are stored.

  The unit serial ID is identification information for uniquely identifying the card unit 20 and the main control unit 21, and is composed of, for example, a combination of alphanumeric characters unique to the card unit 20 and the main control unit 21. The auxiliary storage unit 626 stores a plurality of unit serial IDs.

  When the control unit 621 receives the transmission request in step B10, the control unit 621 transmits communication control IC operation information together with one unit serial ID stored in the auxiliary storage unit 626. In step B <b> 10, the control unit 611 stores the transmitted unit serial ID and communication control IC operation information in the auxiliary storage unit 616.

  Subsequently, the control unit 611 of the IC writer 610 writes the temporary authentication key, key version, writer ID, manufacturer code, and communication control serial ID read in step B8 stored in the auxiliary storage unit 606 to the writing tool 620. The control unit 621 of the writing tool 620 stores the received temporary authentication key, key version, writer ID, manufacturer code, and communication control serial ID in the auxiliary storage unit 626 (step B11).

  Next, the control unit 621 of the writing tool 620 controls the unit serial ID (transmitted in step B10), temporary authentication key, key version, writer ID, manufacturer code, and communication control stored in the auxiliary storage unit 626. The serial ID (stored in step B11) is written in the main control unit 21 together with the main control unit operation information (step B12). The main control unit 21 to be written is mounted on the same card unit 20 as the communication control IC 23 identified by the communication control serial ID to be written.

  The writing is performed by the control unit 621 communicating with each other via the writing / reading unit 625 and the processing unit 21a communicating with each other via the communication unit 21c. Specifically, in this communication, the control unit 621 sends a unit serial ID (transmitted in step B10), a temporary authentication key, a key version, a writer ID, a manufacturer code, a communication control serial ID (step) to the processing unit 21a. B11) and the main control unit operation information are transmitted together with the storage request, and when the processing unit 23a receives these pieces of information, the processing unit 23a stores the received information in the storage unit 23b. As a result, writing is performed.

  Further, as shown in FIG. 19, the control unit 611 of the IC writer 610 uses the temporary authentication key, key version, writer ID, and unit serial ID stored in the auxiliary storage unit 606 to perform communication control IC operation. Along with the information, the communication control serial ID read in step B9 is written in the communication control IC 23 (step B13). At this time, the IC writer 610 may write the program and data relating to the operation of the communication control IC 23 created by the chip manufacturer 100 in the communication control IC operation information. In this case, it is assumed that the chip maker 100 stores the program and data in the auxiliary storage unit 216 of the IC writer 210.

  The writing is performed by the control unit 611 communicating with each other via the writing / reading unit 615 and the processing unit 23a communicating with each other via the communication unit 23c. Specifically, in this communication, the control unit 611 transmits a temporary authentication key, a key version, a writer ID, a unit serial ID, and communication control IC operation information together with a storage request to the processing unit 23a. Upon receiving the storage request, the processing unit 23a stores the received temporary authentication key, key version, writer ID, unit serial ID, and communication control IC operation information in the storage unit 23b. As a result, writing is performed. Note that the communication at this time is performed by encrypted communication using the write key stored in both as a key. Since this writing is the same for writing other information, details are omitted in the following description.

  After writing and reading as described above, the control unit 611 of the IC writer 610 associates the key version, writer ID, manufacturer code, communication control serial ID, and unit serial ID with respect to the communication control IC 23, respectively. The data is stored in the auxiliary storage unit 606. Thereby, the information (key version, writer ID, manufacturer code, communication control serial ID, and unit serial ID) related to the communication control IC 23 and the main control unit 21 stored in the IC writer 610 and the arbitrarily selected The information (key version, writer ID, maker code, communication control serial ID, and unit serial ID) stored in the communication control IC 23 and the main control unit 21 corresponds to each other. Furthermore, the correspondence between the main control unit 21, the communication control IC 23, and the card unit 20 is grasped by the correspondence as described above.

  The control unit 611 of the IC writer 610 stores the temporary authentication key, key version, writer ID, maker code, communication control serial ID, and unit serial ID stored in the auxiliary storage unit 606 as described above. Information) is encrypted with a delivery key and transmitted to the key management center server 310. The control unit 311 of the key management center server 310 uses the delivery key stored in the auxiliary storage unit 316 to receive the received shipment. The information is decrypted, and the decrypted shipping information is stored in the auxiliary storage unit 316 (step B14).

  For example, when a plurality of delivery keys are stored in the auxiliary storage unit 316, the control unit 311 may perform decryption using all the delivery keys. For example, the communication address of the IC writer 610 may be previously set in the delivery key. It may be included as header information and decrypted using a delivery key including the communication address of the IC writer 610 as header information.

  In the present embodiment, the processing from step B8 to step B14 is repeated for all the payout control ICs 23 shipped in step B4. In addition, about the process of step B14, you may collectively perform about several payout control IC23. When there are a large number of communication control ICs 23 and the processing from step B8 to step B14 is not completed for all communication control ICs, or when a new communication control IC 23 is shipped later (in this case, the process of step B5 is also this shipment) The processing from step B8 to step B14 for the remaining communication control IC 23 and the new communication control IC 23 is performed at a later date. In this case, for example, it is assumed that the process from step B6 is resumed at a later date. In this case, the IC writer 610 verifies the writer ID and the like in step B6 after the operation is started (or resumed). Therefore, information can be written with an authentic IC writer 610 that has not been replaced.

  The control unit 311 collates the communication control serial ID included in the shipping information stored in the auxiliary storage unit 316 with the communication control serial ID included in the temporary information at a predetermined timing (step B15).

  When the collation result in step B15 is collation OK, the control unit 311 determines that the communication control IC 23 is valid because the communication control IC 23 has not been replaced. In this case, the subsequent processing is continued.

  On the other hand, in the case other than the above, that is, in the case of the collation result NG, the control unit 311 stops the subsequent processing and transmits a notification request to the IC writer 610 via the input / output unit 313 and the network N, for example. When the control unit 611 of the IC writer 610 receives such a notification request, the input / output unit 613 is used to perform the notification processing as described above to notify an employee or the like that the replacement has been performed. In the case of collation NG, there is a high possibility that the communication control IC 23 has been replaced. Therefore, such a notification process is performed to notify the employee or the like that the replacement has been performed.

  If the control unit 311 determines that the verification is OK in step B15, the shipping information stored in the auxiliary storage unit 316 is stored in the auxiliary storage unit 316 as temporary information used for subsequent verification (verification of the communication control IC 23). (Step B16). Since the temporary information already includes the communication control serial ID, information other than the communication control serial ID in the shipping information is included in the temporary information, and the temporary information is recorded in the auxiliary storage unit 316. Also good. Temporary information is stored in the auxiliary storage unit 316 by the number corresponding to each card unit 20 (see FIG. 22). Each piece of information included in the temporary information is stored in the auxiliary storage unit 316 in association with each other.

  The unit serial ID, the communication control serial ID, the key version, the writer ID, the manufacturer code, and the temporary authentication key stored in the storage unit 23b of the communication control IC 23 by the above processing are stored as the first information in the storage unit 23b. The unit serial ID, key version, writer ID, maker code, and temporary authentication key stored in the storage area and stored in the storage section 21b of the main control section 21 are also stored in the first storage area of the storage section 21b as temporary information. Shall be stored.

  According to the above processing, the communication control IC 23 and the main control unit 21 are replaced by checking the communication control serial ID, the manufacturer code, and the like until the communication control IC 23 is manufactured and shipped. , Until the card unit 20 is manufactured.

  According to the above configuration, the key management center server 310 stores the identification information as the verification information only when it is determined by the verification of the communication control serial ID that both are the information for identifying the same identification information. The verification information is guaranteed to be identification information about a genuine integrated circuit. For this reason, the security against fraud can be improved by the management system.

  As described above, when the processing from step B6 is started at a later date, the IC writer 610 and the key management center server 510 may not be able to communicate with each other. The operation of the management system 1 in such a case will be described with reference to FIG.

  The control unit 611 of the IC writer 610 encrypts the writer ID and the manufacturer code stored in the auxiliary storage unit 606 with the delivery key in the same manner as usual, and transmits it to the key management center server 310 (step B6). Since the IC writer 610 cannot communicate with the key management center server 310, the information cannot be transmitted because the connection request from the IC writer 610 to the key management center server 310 cannot be made (transmission NG: step). C4).

  In this case, the control unit 611 of the IC writer 610 refers to the setting content of the writer operation setting stored in the auxiliary storage unit 606, and performs processing according to the referenced setting content. In the present embodiment, the setting contents of the writer operation setting include “1” and “2”. “2” indicates that the IC writer 610 and the key management center server 310 perform subsequent processing even if communication is impossible. “1” indicates that when the IC writer 610 and the key management center server 310 cannot communicate, the subsequent processing is not performed.

  When the setting content of the writer operation setting stored in the auxiliary storage unit 606 is “1”, the control unit 611 cannot transmit the information via the input / output unit 613 or the like without performing subsequent processing. (For example, a message indicating that transmission to the display unit included in the input / output unit 613 is not possible, a buzzer included in the input / output unit 613, etc.).

  When the setting content of the writer operation setting stored in the auxiliary storage unit 606 is “2”, the subsequent processing is performed, and the processing of steps C5 to C10 is performed by each device. Steps C5 to C10 are the same processes as steps B8 to B13, respectively, and detailed description thereof is omitted. Thereafter, the control unit 611 attempts to communicate with the key management center server 310 (for example, by sending a connection request) every predetermined period, and waits until communication is possible. The shipping information that has been stored in the auxiliary storage unit 606 and has not been transmitted yet is transmitted to the key management center server 310, and the control unit 311 of the key management center server 310 displays the received shipping information. Store in the auxiliary storage unit 316 (step C11).

  The control unit 311 performs steps C12 and C13 at a predetermined timing after step C11. Since this process is also the same as steps B15 and B16, detailed description thereof is omitted.

  The other description of FIG. 20 is based on the description of FIGS. 18 and 19.

  According to the processing as described above, even when the IC writer 610 and the key management center server 310 cannot communicate with each other, the shipping information is stored in the IC writer 610 and then the shipping information is transmitted. Thus, it is possible to detect replacement by collation in the key management center server 310. When the collation in step B6 is collation OK, the writer operation setting is stored in the IC writer 610 (step B7). Therefore, at least once, the key management center server 310 and the IC writer 610 communicate with each other to exchange information. The verification is one of the conditions under which the IC writer 610 that cannot communicate with the key management center server 310 can operate. For this reason, even if the key management center server 310 and the IC writer 610 cannot communicate with each other, the writing of the IC writer 610 which is an authentic product is guaranteed to a certain extent, so that a certain level of security is ensured. .

(When checking operation)
In the card unit manufacturer 600, after the card unit 20 is manufactured and before shipment, an operation check is performed to check whether or not the communication between the main control unit 21 and the communication control IC 23 mounted on the card unit 20 is normally performed. Done. This operation confirmation will be described with reference to FIG. This operation check is performed by the card unit manufacturer 600.

  For example, when an operation confirmation card is inserted into the card unit 20, the processing unit 21a of the main control unit 21 detects this and starts operation.

  First, the processing unit 21a of the main control unit 21 transmits the unit serial ID stored in the storage unit 21b to the communication control IC 23, and the processing unit 23a of the communication control IC 23 transmits the transmitted unit serial ID to the communication control IC 23. The unit serial ID stored in the storage unit 23b is collated (step D1). Thereby, the unit serial ID stored in the main control unit 21 and the unit serial ID stored in the communication control IC 23 are collated.

  The processing unit 23a of the communication control IC 23 transmits the communication control serial ID stored in the storage unit 23b to the main control unit 21 when the collation result in step D1 is collation OK, and the processing unit of the main control unit 21 21a collates the transmitted communication control serial ID with the communication control serial ID stored in the storage unit 21b (step D2). As a result, the communication control serial ID stored in the main control unit 21 and the communication control serial ID stored in the communication control IC 23 are collated.

  The processing unit 21a of the main control unit 21 transmits the key version, the writer ID, and the manufacturer code stored in the storage unit 23b to the communication control IC 23 when the collation result in step D2 is collation OK. The processing unit 23a of the control IC 23 collates the transmitted key version, writer ID, and manufacturer code with the key version, writer ID, and manufacturer code stored in the storage unit 23b, and compares the collation result with the main control unit. 21 is notified (step D3). As a result, the key version, writer ID, and manufacturer code stored in the main control unit 21 are collated with the key version, writer ID, and manufacturer code stored in the communication control IC 23, and the collation result is notified.

  The processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23 perform communication using the temporary authentication key in subsequent communication if the verification result notified in step D3 is verification OK. (Step D4).

  For example, the processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23 include information stored in the respective storage units 21a and 21b (for example, main control unit operation information and communication control IC operation information). Information included) is transmitted / received by encrypted communication using the temporary authentication key in step D4, and the subsequent processing is performed after mutual authentication between the processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23. Also good.

  The processing unit 21a of the main control unit 21 encrypts a session key transmission request (session key request) with the temporary authentication key stored in the storage unit 21a and transmits the encrypted request to the communication control IC 23. The processing unit 23a of the communication control IC 23 Decrypts the session key request with the temporary authentication key stored in the storage unit 23b (step D5).

  When the processing unit 23a of the communication control IC 23 decrypts the session key request, the encrypted communication is performed using a preset algorithm based on the temporary authentication key (or the main authentication key) stored in the storage unit 23b. A session key, which is a key for encryption and decryption used in the above, is generated and stored in the storage unit 23b, and is encrypted with a temporary authentication key and transmitted to the main control unit 21, and the processing unit 21a of the main control unit 21 The session key transmitted from the communication control IC 23 is acquired, decrypted with the temporary authentication key, and stored in the storage unit 21b. (Step D6). The algorithm is, for example, a method of calculating a logical sum of a random number and a key or performing calculation using time information. The time information is acquired from an internal clock (not shown) by the processing unit 21 a of the main control unit 21 and supplied to the communication control IC 23. Hereinafter, the algorithm for generating the session key is the same.

  Then, the main control unit 21 (processing unit 21a) and the communication control IC 23 (processing unit 23a) start encryption communication that performs encryption and decryption using a session key (step D7).

  Thereafter, the main control unit 21 and the communication control IC 23 perform processing necessary for operation confirmation while performing encrypted communication using a session key (for example, ball lending processing, Process to turn on the lamp).

  That is, when transmitting information, the information transmission side of the main control unit 21 (processing unit 21a) and the communication control IC 23 (processing unit 23a) is a session stored in the storage unit 21b or 23b provided in itself. The information is encrypted with the key and transmitted to the receiving side, and the receiving side that has received the encrypted information decrypts the information with the session key stored in the storage unit 21b or 23b included in the receiving side. Thus, the information before encryption is acquired.

  Note that, in the collation in any one of the above steps D1, D2, and D3, if it is determined as collation NG, if it is determined as collation NG, the main control unit 21 or the communication control IC 23 is valid. Since there is a possibility that the main control unit 21 or the communication control IC 23 (the side not collated in the collation of each step may be replaced), the processing unit 21a or the processing unit For example, if the communication control IC 23 is not valid, the processing unit 21a turns on the lamp of the card unit 20 and the communication control IC 23 is not valid. Notify that there is a possibility. As described above, when the collation is NG, the processing unit 21a or the processing unit 23a performs replacement of the main control unit 21 or the communication control IC 23 by performing a predetermined process.

  Note that the session key stored in the main control unit 21 and the communication control IC 23 is deleted at an arbitrary timing after the operation confirmation is completed.

  Through the processing as described above, it is possible to check the operation of the card unit 20 before shipment. In particular, in this operation check, a temporary authentication key is used at the time of encrypted communication, and leakage of a session key used for encrypted communication at the time of operation check is prevented. As will be described later, since this temporary authentication key is used after being exchanged for the real authentication key, even if this temporary authentication key is leaked, the security of subsequent encrypted communication using the real authentication key is maintained. Will be drunk.

(Installation stage)
Next, details of the operation and the like of the management system 1 at the installation stage in which the pachinko machine 10 and the card unit 20 manufactured by each manufacturer are installed in the game hall 500, such as when the game hall 500 is newly opened, are shown in FIG. Will be described with reference to FIG. In the same manner as described above, in FIGS. 24 to 27, information surrounded by a solid line indicates previously stored information, and information surrounded by a broken line indicates information stored during processing.

  The following operation is based on the premise that the card unit 20 and the pachinko machine 10 are newly installed in the game hall.

  The processing unit 21a of the main control unit 21 is triggered when a card for normal operation is inserted into the card unit 20 and the card unit 20 is turned on (at this time, the power of the pachinko machine 10 is also turned on). And a connection request for requesting connection with the upper server 510 is transmitted to the upper server 510 (step E1).

  When receiving the connection request from the processing unit 21a, the control unit 511 of the upper server 510 transmits (distributes) the valid key stored in the auxiliary storage unit 516 to the main control unit 21, and the processing unit of the main control unit 21 21a stores the received valid key in the storage unit 21b (step E2). As described above, the valid key stored in the upper server 510 remains encrypted with the write key, and the valid key stored in the storage unit 21b remains encrypted. Has been.

  Subsequently, the processing unit 21a transmits the unit serial ID included in the temporary information stored in the storage unit 21b to the upper server 510 together with a main authentication key request that is information for requesting transmission of the main information described later (Step S21). E3).

  Subsequently, when the authentication key request and the unit serial ID are transmitted from the main control unit 21, the control unit 511 of the upper server 510 receives the unit serial ID having the same content as the transmitted unit serial ID. It is determined whether or not it is stored in the auxiliary storage unit 516 (step E3.5). Here, since this card unit 20 is first installed in the game hall 500, the unit serial ID is not stored in the auxiliary storage unit 516. For this reason, the control unit 511 determines that the unit serial ID is not stored.

  When the control unit 511 determines that the unit serial ID is not stored, the control unit 511 stores the unit serial ID transmitted from the main control unit 21 in the auxiliary storage unit 516, and the unit serial ID and the main control unit 21. Is sent to the key management center server 310 (step E4).

  The control unit 311 of the key management center server 310 receives the unit serial ID and the authentication request transmitted from the host server 510, and searches the auxiliary storage unit 316 for temporary information including the same unit serial ID as the received unit serial ID. (Step E4.5).

  Here, it is assumed that temporary information including the same unit serial ID as the unit serial ID received from the host server 510 is stored in the auxiliary storage unit 316.

  When the temporary information exists (step E4.5: search OK), the control unit 311 has the same temporary authentication key as the temporary authentication key (may be a writer ID or the like) included in the temporary information. IC writer information including (a writer ID, etc.) is specified, and the authentication key included in the specified IC writer information and the key version indicating the version of the authentication key are used as the retrieved temporary information. Each information is associated with the included unit serial ID, communication control serial ID, writer ID, and manufacturer code, and these pieces of information are collectively stored in the auxiliary storage unit 316 as main information (step E4.6).

  The search for the unit serial ID and the search for temporary information using the unit serial ID as a key eventually correspond to the verification of the unit serial ID.

  Next, as shown in FIG. 25, the control unit 311 of the key management center server 310 transmits the information stored in the auxiliary storage unit 316 in step E4.6 to the upper server 510 (step E5). When transmitting this information, the control unit 311 encrypts and transmits information other than the unit serial ID with the temporary authentication key included in the temporary information searched in step E4.5.

  When the control unit 311 of the key management center server 310 receives the main information transmitted from the host server 510, the control unit 311 stores the main information in the auxiliary storage unit 316 and transmits the main information to the main control unit 21 (step S1). E6). In the main information stored in the auxiliary storage unit 316, the encrypted information is maintained in an encrypted state.

  When the processing unit 21a of the main control unit 21 receives the main information transmitted from the host server 510, the temporary authentication key stored in the storage unit 21b is encrypted information among the information included in the main information. The information including the decrypted information is compared with the temporary information stored in the storage unit 21b (step E7). This temporary information is information stored in the first storage area of the storage unit 21b. That is, the processing unit 21a collates the received main information (the main information that has been decrypted for the encrypted information) with the information stored in the first storage area of the storage unit 21b.

  In the collation, the processing unit 21a includes a unit serial ID, a communication control serial ID, a key version, a writer ID, a manufacturer code, and a main authentication key included in the information, and the contents of each, and the first storage in the storage unit 21b. The unit serial ID, communication control serial ID, key version, writer ID, manufacturer code, and temporary authentication key stored in the area are collated with each other (step E7). In the above verification, since the verification is performed using the authentication key and the temporary authentication key, the verification result for this information is verification NG. At this time, the processing unit 21a stores (transfers) the information stored in the first storage area of the storage unit 21b (here, temporary information) in the second storage area of the storage unit 21b, and the main information (encryption). The decoded information is stored in the first storage area (step E7.5).

  Next, the processing unit 21a of the main control unit 21 starts communication with the processing unit 23a of the communication control IC 23 and performs collation (step E8).

  For example, the processing unit 21a requests the processing unit 23a to transmit information for collation. When the processing unit 23a receives this transmission request, the unit serial ID, the communication control serial ID, the manufacturer code, and the writer ID among the temporary information stored in the first storage area of the storage unit 23b are processed. To 21a. The processing unit 21a of the main control unit 21 receives the unit serial ID, the communication control serial ID, the manufacturer code, and the writer ID transmitted from the communication control IC 23. The processing unit 21a receives the received unit serial ID, communication control serial ID, manufacturer code, and writer ID information, and the unit serial ID and communication control serial ID stored in the first area of the storage unit 21b. The manufacturer code and the writer ID information are collated.

  If there is a verification NG for at least a part of each information, the communication control IC 23 may be replaced, so the processing unit 21a stops the subsequent processing. For example, the processing unit 21a 20 lamps are turned on to notify that the communication control IC 23 may not be valid.

  If the collation result for each piece of information in step E8 is collation OK, the processing unit 21a registers this information in the communication control IC 23 as shown in FIG. 26 (step E9).

  For example, the processing unit 21a transmits the main information stored in the first storage area of the storage unit 21b together with a registration instruction for the main information to the processing unit 23a of the communication control IC 23. At this time, the processing unit 21a encrypts the information using the temporary authentication key stored in the second storage area of the storage unit 21b and transmits the information. When the processing unit 23a receives the main information and the registration instruction, the processing unit 23a decrypts the main information using the temporary authentication key of the temporary information stored in the first storage area of the storage unit 23b. Is stored (moved) in the second storage area of the storage unit 23b, and the decrypted main information is stored in the first storage area of the storage unit 23b. This information is registered in the communication control IC 23 by such processing.

  At the time of this registration, the processing unit 23a uses the communication control serial ID, the unit serial ID, etc. in the information (in this case, temporary information) stored in the first storage area of the storage unit 23b, and the decrypted main information. The communication control serial ID, the unit serial ID, and the like are collated, and this information may be stored in the first storage area of the storage unit 23b if each piece of information to be collated is OK. Further, if at least a part of each piece of information to be collated is NG, the processing unit 23a may perform a predetermined process such as stopping the subsequent processes. This also ensures security.

  When the processing unit 23a stores this information in the first storage area, the processing unit 23a notifies the processing unit 21a of completion of storage (that is, registration completion of the information) (step E10).

  When the processing unit 21a of the main control unit 21 receives the registration completion notification, the processing unit 21a transmits the unit serial ID of this information stored in the first storage area of the storage unit 21b to the communication control IC 23, and the communication control IC 23 The processing unit 23a collates the transmitted unit serial ID with the unit serial ID of this information stored in the first storage area of the storage unit 23b of the communication control IC 23 (step E12).

  The processing unit 23a of the communication control IC 23 transmits the communication control serial ID of this information stored in the first storage area of the storage unit 23b to the main control unit 21 when the verification result in step E12 is OK. Then, the processing unit 21a of the main control unit 21 collates the transmitted communication control serial ID with the communication control serial ID of this information stored in the first storage area of the storage unit 21b (step E13). In step E13, considering a series of processes before that, the communication control serial ID stored in the communication control IC 23 is finally collated with the communication control serial ID stored in the key management center server 310. In addition, the communication control serial ID stored in the main control unit 21 is also verified.

  When the collation result at step E13 is collation OK, the processing unit 21a of the main control unit 21 performs the key version, the writer ID, and the manufacturer code of this information stored in the first storage area of the storage unit 23b. Is transmitted to the communication control IC 23, and the processing unit 23a of the communication control IC 23 transmits the transmitted key version, writer ID, and manufacturer code to the key version of this information stored in the first storage area of the storage unit 23b. The writer ID and the manufacturer code are collated, and the collation result is notified to the main control unit 21 (step E14).

  If the collation result in step E14 is collation OK, the processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23 are stored in each first storage area in subsequent communications. Encrypted communication using each authentication key is performed (step E15).

  That is, when information is transmitted from the main control unit 21 to the communication control IC 23, the processing unit 21a encrypts the information using the authentication key recorded in the first storage area of the storage unit 21b and transmits the information. The processing unit 23a decrypts the information by using the authentication key recorded in the first storage area of the storage unit 23b. In addition, when information is transmitted from the communication control IC 23 to the main control unit 21, the processing unit 23a encrypts the information using the authentication key recorded in the first storage area of the storage unit 23b and transmits the information. The processing unit 21a decrypts the information using the authentication key recorded in the first storage area of the storage unit 21b.

  For example, the processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23 include information stored in the respective storage units 21a and 21b (for example, main control unit operation information and communication control IC operation information). Information included) is transmitted / received by encrypted communication using the authentication key in step E15, and the subsequent processing is performed after mutual authentication between the processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23. Also good.

  Note that, in the collation in any of the steps E12, E13, and E14, if it is determined that the collation is NG, the main control unit 21 or the communication control IC 23 may not be valid (that is, Since the main control unit 21 or the communication control IC 23 (the side that has not been verified in each step verification) may have been replaced), the processing unit 21a or the processing unit 23a stops the subsequent processing. For example, when the communication control IC 23 is not valid, the processing unit 21a turns on the lamp of the card unit 20 to notify that the communication control IC 23 may not be valid. As described above, when the collation is NG, the processing unit 21a or the processing unit 23a performs replacement of the main control unit 21 or the communication control IC 23 by performing a predetermined process.

  Next, the processing unit 21a of the main control unit 21 transmits the valid key (encrypted state) stored in the storage unit 21b to the communication control IC 23, and the processing unit 23a of the communication control IC 23 transmits The valid key is decrypted with the write key stored in the storage unit 23b and stored in the storage unit 23b. By such processing, the valid key is registered (set) (step E16). In step E16, when the processing unit 23a stores the valid key in the storage unit 23b, the processing unit 23a transmits a storage completion notification to the processing unit 21a (may be transmitted by encrypted communication using the authentication key).

  Thus, the valid key is set in the communication control IC 23 for the first time at this stage. The valid key is a key for permitting the communication control IC 23 to perform a predetermined process such as communication with the payout control chip 11 of the pachinko machine 10. The effective key is encrypted with a write key from the manufacturing stage, and this write key is stored in the storage unit 23 b of the communication control IC 23. Therefore, the processing unit 23a of the communication control IC 23 can decrypt the valid key acquired using the write key stored in the storage unit 23b, and the valid key can be set.

  As described above, the valid key is kept encrypted until it is transmitted from the chip maker computer 110 and set in the communication control IC 23. For this reason, in this embodiment, it is difficult to leak the contents of the valid key.

  When the processing unit 21a of the main control unit 21 receives the storage completion notification, as shown in FIG. 27, a transmission request for information stored in the storage units 13b and 11b of the main control chip 13 and the payout control chip 11 ( Registration information transmission request) is transmitted to the processing unit 23a (step E17). This transmission may also be performed by encrypted communication using the authentication key.

  When receiving the registration information transmission request, the processing unit 23a transmits this transmission request to the processing unit 11a of the payout control chip 11 (step E18).

  When receiving the registration information transmission request, the processing unit 11a of the payout control chip 11 transmits this transmission request to the processing unit 13a of the main control chip 13 (step E19).

  When receiving the registration information transmission request, the processing unit 13a of the main control chip 13 transmits the chip ID, manufacturer code, and model code for the main control chip 13 stored in the storage unit 13b to the processing unit 11a. (Step E20).

  When the processing unit 11a of the payout control chip 11 receives the chip ID, the manufacturer code, and the model code for the main control chip 13 transmitted from the main control chip 13, the information is stored in the storage unit 11b. The chip ID, the manufacturer code, and the model code for the payout control chip 11 being sent are transmitted as registration information to the processing unit 23a of the communication control IC 23 (step E21).

  When the processing unit 23a receives the registration information transmitted from the payout control chip 11, the processing unit 23a stores the received registration information in the storage unit 23b, and stores the registration information stored in the storage unit 23b in the processing unit 21a of the main control unit 21. Transmit (step E22). In step E22, the registration information may be transmitted by encrypted communication using the authentication key. In this case, the registration information is decrypted by the main control unit 21.

  The processing unit 21a stores the registration information (registration information decrypted with the authentication key) transmitted from the communication control IC 23 in the storage unit 21b, and sends it to the upper server 510 together with a verification request for requesting verification of the registration information. Transmit (step E23).

  When receiving the registration information and the verification request transmitted from the main control unit 21, the control unit 511 of the upper server 510 includes the game hall information stored in advance in the auxiliary storage unit 516 in the received registration information. The registration information including the game hall information is collated with the registration information stored in the auxiliary storage unit 516 (step E23.5).

  That is, the control unit 511 determines whether or not the same registration information is already stored in the auxiliary storage unit 516. Here, since the pachinko machine 10 has just been installed, the same registration information is not stored. Since the same registration information is not stored in the control unit 511 (for example, in the case of collation NG by collation with all the registration information stored in the auxiliary storage unit 516), the registration information including the game hall information is collated. A request is transmitted to the key management center server 310 (step E24).

  In the verification of the registration information, each information included in the registration information is verified, and if all the information is verification OK, the control unit 311 sets the verification result as verification OK. When at least a part of the verification information is verification NG, the verification result is set as verification NG (the same applies to verification of registered information).

  When the control unit 311 of the key management center server 310 receives the registration information and the verification request transmitted from the host server 510, the control unit 311 collates the transmitted registration information with the registration information stored in the auxiliary storage unit 316 ( Step E24.5).

  When the verification is OK (that is, when the same registration information as the transmitted registration information is stored in the auxiliary storage unit 316), the control unit 311 displays the verification result of verification OK as the verification NG. Transmits the collation result of the collation NG to the upper server 510 (step E25). Note that, in the collation stored in the auxiliary storage unit 316, the control unit 311 may narrow down the registration information to be collated using the game hall information as a key, and collate each piece of information. As a result, the processing load on the control unit 311 is reduced.

  When the verification result is transmitted from the key management center server 310, the control unit 511 of the upper server 510 performs processing according to the verification result.

  If the transmitted collation result is collation OK, the control unit 511 uses the registration information received in step E23 as the registration information to be used for the subsequent collation, with the registration information received in step E23 being the auxiliary storage unit 516. And the registration information and the verification result of verification OK are transmitted to the main control unit 21 (step E26).

  In addition, when the collation result in step E24 is collation OK, the control part 311 may transmit the registration information which concerns on the collation to the high-order server 510 with a collation result (step E25). When the received collation result is collation OK, the control unit 511 stores the received registration information in the auxiliary storage unit 516 as registration information used for subsequent collation, and performs main control on the collation OK collation result. You may transmit to the process part 21a of the part 21 (step E26).

  When the collation result is collation NG, the control unit 511 deletes the registration information because the registration information received in step E23 is invalid registration information. And the control part 511 transmits the collation result of collation NG to the process part 21a of the main control part 21 (step E26).

  When the processing unit 21a of the main control unit 21 receives the verification result of the verification OK transmitted from the higher-level server 510, the processing unit 21a stores the verification result in the storage unit 21b and sends a session key to the processing unit 23a of the communication control IC 23. A session key request indicating a request for transmission is transmitted (step E27). In this case, the registration information stored in the storage unit 21b in step E23 is associated with the verification result stored in the storage unit 21b for subsequent verification and is not deleted.

  For example, the processing unit 21a of the main control unit 21 encrypts a session key transmission request (session key request) with the authentication key stored in the first storage area of the storage unit 21a, and transmits it to the communication control IC 23. The processing unit 23a of the communication control IC 23 decrypts the session key request with the authentication key stored in the first storage area of the storage unit 23b.

  When decrypting the session key request, the processing unit 23a of the communication control IC 23 generates a session key using a preset algorithm based on the authentication key stored in the first storage area of the storage unit 23b. (Refer to the above), the data is stored in the storage unit 23b and transmitted to the main control unit 21, and the processing unit 21a of the main control unit 21 stores the session key transmitted from the communication control IC 23 in the storage unit 21b. (Step E28).

  Then, the main control unit 21 (processing unit 21a) and the communication control IC 23 (processing unit 23a) start encryption communication that performs encryption and decryption using a session key (step E29).

  Thereafter, the main control unit 21 and the communication control IC 23 perform processing that causes the card unit 20 to perform a normal operation that is performed when the game room 500 is in operation while performing encrypted communication using a session key (for example, ball lending processing). , A process of turning on the lamp, etc.).

  In encrypted communication using a session key, when transmitting information, the information transmission side of the main control unit 21 (processing unit 21a) and the communication control IC 23 (processing unit 23a) is the storage unit 21b or The information is encrypted with the session key stored in 23b and transmitted to the receiving side, and the receiving side that has received the encrypted information receives the session key stored in the storage unit 21b or 23b provided in itself. The information before encryption is acquired by decrypting the information.

  When the processing unit 21a receives the verification result of the verification NG, there is a possibility that at least one of the payout control chip 11 or the main control chip 13 of the pachinko machine 10 has been replaced, so the subsequent processing is stopped. For example, the processing unit 21a turns on the lamp of the card unit 20 and notifies that the communication control IC 23 may not be valid. In this case, the processing unit 21a deletes the registration information stored in the storage unit 21b in step E22 and does not store the collation result in the storage unit 21b.

  As described above, in this embodiment, replacement of the chip of the pachinko machine 10, the communication control IC 23, and the like can be detected by collating various kinds of information. Further, since the upper server 510 makes a verification request for registration information to the key management center server 310 only when the registration information is not stored in itself, the verification requests from many upper servers 510 are suppressed, and the key management is performed. The processing load on the center server 310 is reduced. In addition, since the upper server 510 stores the same main information and provisional information as those stored by the key management sensor server 310, these information should be managed by the upper server 510 as genuine information regarding each chip, IC, and the like. become.

  According to the above configuration, when the communication control serial IDs stored in the main control unit 21 and the communication control IC 23 are successfully authenticated, the valid key is set in the communication control IC 23. Successful authentication means that the integrated circuit has not been replaced. In other words, the integrated circuit from which such a verification result is obtained is a genuine product. For this reason, in the management system 1, after the gaming device is installed in the game hall, an effective key is set in the genuine communication control IC 23, and the communication control IC 23 is not set until the effective key is set. Predetermined processing can be performed. Therefore, according to the management system 1, security against fraud can be improved.

  Also, according to the above configuration, the valid key is in an encrypted state until it is set in the communication control IC 23. Therefore, even if the valid key leaks on the communication path of the management system 1, the valid key is misused. It is hard to be done. For this reason, the security about permission information is also ensured.

(Operation stage, when the host server is online)
Next, details of the operation and the like of the management system 1 in the operation stage will be described with reference to FIGS. In the same manner as described above, in FIGS. 28 to 29, information surrounded by a solid line indicates information stored previously, and information surrounded by a broken line indicates information stored during processing.

  Such an operation is triggered when the power of the card unit 20 is turned on after the installation stage (for example, at the start of daily business of the game hall 500. At this time, the pachinko machine 10 is also turned on in the same manner. ).

  The processing unit 21a of the main control unit 21 establishes a connection with the upper server 510 when the power of the card unit 20 is turned on (assuming that the power of the pachinko machine 10 is also turned on at this time). The requested connection request is transmitted to the upper server 510 (step G1).

  Upon receiving the connection request from the processing unit 21a, the control unit 511 of the upper server 510 transmits an authentication request for requesting transmission of the unit serial ID to the main control unit 21 (step G2). Note that, since the control unit 511 of the upper server 510 once transmits the valid key to the main control unit 21 in the installation stage, the authentication request is transmitted to the main control unit 21 here.

  When the processing unit 21a receives the authentication request (that is, when communication with the upper server 510 is possible, when the upper server is online), the unit included in the information stored in the first storage area of the storage unit 21b The serial ID is transmitted to the upper server 510 together with a main authentication key request which is information for requesting transmission of the main information described later (step G3). A case where the authentication request cannot be received (that is, when communication between the main control unit 21 and the upper server 510 is not possible, when the upper server is offline) will be described later.

  Subsequently, when the authentication key request and the unit serial ID are transmitted from the main control unit 21, the control unit 511 of the upper server 510 receives the unit serial ID having the same content as the transmitted unit serial ID. It is determined whether or not it is stored in the auxiliary storage unit 516 (step G3.5). Here, since this card unit 20 is installed in the game arcade 500, and this information is maintained in the auxiliary storage unit 516 in step E4, the unit serial ID included in this information is stored. Is also stored in the auxiliary storage unit 516. Therefore, the control unit 511 determines that the unit serial ID is stored.

  When determining that the unit serial ID is stored, the control unit 511 of the upper server 510 distributes this information including the unit serial ID to the processing unit 21a of the main control unit 21 (step G4).

  When the processing unit 21a of the main control unit 21 receives the main information distributed from the upper server 510, the key (in this case, the encrypted information of the main information stored in the second area of the storage unit 21b) This information is decrypted with the temporary authentication key), and this information obtained by decrypting the information is collated with this information stored in the storage unit 21b. This information is information stored in the first storage area of the storage unit 21b. That is, the processing unit 21a collates the received main information with the information stored in the first storage area of the storage unit 21b (Step G5).

  In the collation, the processing unit 21a stores the unit serial ID, the communication control serial ID, the key version, the writer ID, the manufacturer code, and the main authentication key included in the received main information in the first storage area of the storage unit 21b. The stored unit serial ID, communication control serial ID, key version, writer ID, maker code, and main authentication key are collated.

  Here, in the collation, it is assumed that all the collation results are collation OK for each piece of information included in both pieces of information. In addition, after the pachinko machine 10 and the card unit 20 are installed in the game hall 500, for example, when the main authentication key is leaked, the main authentication key of the main information stored in the auxiliary storage unit 516 of the upper server 510 is May be updated with the key version. In this case, the collation in step G5 is a collation NG. Here, the following description will be given assuming that this information has not been updated. The case where this information is updated will be described later.

  Next, the processing unit 21a of the main control unit 21 transmits the unit serial ID of this information stored in the first storage area of the storage unit 21b to the communication control IC 23, and the processing unit 23a of the communication control IC 23 transmits The unit serial ID thus checked is compared with the unit serial ID of this information stored in the first storage area of the storage unit 23b of the communication control IC 23 (step G6).

  The processing unit 23a of the communication control IC 23 transmits the communication control serial ID of this information stored in the first storage area of the storage unit 23b to the main control unit 21 when the verification result in step G6 is verification OK. Then, the processing unit 21a of the main control unit 21 collates the transmitted communication control serial ID with the communication control serial ID of this information stored in the first storage area of the storage unit 21b (step G7).

  When the collation result at step G7 is collation OK, the processing unit 21a of the main control unit 21 performs the key version, writer ID, and manufacturer code of this information stored in the first storage area of the storage unit 23b. Is transmitted to the communication control IC 23, and the processing unit 23a of the communication control IC 23 transmits the transmitted key version, writer ID, and manufacturer code to the key version of this information stored in the first storage area of the storage unit 23b. The writer ID and the manufacturer code are collated, and the collation result is notified to the main control unit 21 (step G8).

  If the collation result is OK in step G8, the processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23 store the book stored in each first storage area in subsequent communications. Encrypted communication using each authentication key is performed (step G9).

  That is, when information is transmitted from the main control unit 21 to the communication control IC 23, the processing unit 21a encrypts the information using the authentication key recorded in the first storage area of the storage unit 21b and transmits the information. The processing unit 23a decrypts the information by using the authentication key recorded in the first storage area of the storage unit 23b. In addition, when information is transmitted from the communication control IC 23 to the main control unit 21, the processing unit 23a encrypts the information using the authentication key recorded in the first storage area of the storage unit 23b and transmits the information. The processing unit 21a decrypts the information using the authentication key recorded in the first storage area of the storage unit 21b.

  For example, the processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23 include information stored in the respective storage units 21a and 21b (for example, main control unit operation information and communication control IC operation information). Information included) is transmitted and received in step G9 by encrypted communication using this authentication key, and the subsequent processing is performed after mutual authentication between the processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23. Also good.

  Note that, in the collation in any of the steps G6, G7, and G8, if it is determined that the collation is NG, the main control unit 21 or the communication control IC 23 may not be valid (that is, Since the main control unit 21 or the communication control IC 23 (the side that has not been verified in each step verification) may have been replaced), the processing unit 21a or the processing unit 23a stops the subsequent processing. For example, when the communication control IC 23 is not valid, the processing unit 21a turns on the lamp of the card unit 20 to notify that the communication control IC 23 may not be valid. As described above, when the collation is NG, the processing unit 21a or the processing unit 23a performs replacement of the main control unit 21 or the communication control IC 23 by performing a predetermined process.

  After the process of step G9, the processing unit 21a transmits a transmission request for information (registration information transmission request) stored in each of the storage units 13b and 11b of the main control chip 13 and the payout control chip 11 to the processing unit 23a. (Step G10), the processing unit 23a of the communication control IC 23 acquires registration information from the pachinko machine 10 (Step G11). The process of step G11 corresponds to the process of step E18 to step E21. For this reason, the description of the process in step G11 is in accordance with the description in steps E18 to E21.

  After the process of step G11, the processing unit 23a and the like of the communication control IC 23 perform the processes from step G12 to step G13.5, and these processes are the same as the processes of step E22 and step E23.5. For this reason, the description of the processing from step G12 to step G13.5 is in accordance with the description in step E22 and step E23.5. However, in step G13.5, the registration information to be collated (registration information including the game hall information) is already stored in the auxiliary storage unit 516.

  For this reason, in step G13.5, the control unit 511 of the upper server 510 determines that the verification of the registered information is verification OK, and transmits the verification OK verification result to the processing unit 21a of the main control unit 21 (step G14). ).

  When the processing unit 21a receives the verification result of the verification OK, the processing unit 21a and the processing unit 23a perform the processes from Step F18 to F20. Since these processes are the same as steps E27 to E29, detailed description thereof is omitted. When the processing unit 21a receives the collation result of the collation OK, the processing unit 21a uses the result and the registration information stored in the storage unit 21b (step G13 which is the same process as step E23) for subsequent processing. Are stored in the storage unit 21b.

  Thereafter, the main control unit 21 and the communication control IC 23 cause the card unit 20 to perform a normal operation during business hours of the game hall 500 while performing encrypted communication using a session key (for example, a ball lending process). , A process of turning on the lamp, etc.).

  According to the above processing, when the upper server 510 is online, authentication using the upper server 510 is performed. As described above, since the registration information and the main information stored in the upper server 510 are the same as the information stored in the key management center server 310, the validity is guaranteed. For this reason, even if it is collation in this upper level server 510, the accuracy of authentication of each chip, IC, etc. is secured. Further, the configuration of the upper server 510 and the card unit 20 can be formed using conventional infrastructure. Furthermore, since the upper server 510 does not communicate with the key management center server 310, the communication load of the key management center server 310 is reduced.

  Here, in the collation in step G5, a case where the collation result is collation NG for at least a part of the information included in both the book information (that is, when the information is updated) will be described with reference to FIG. .

  Usually, the manufacturer code, unit serial ID, writer ID, and communication control serial ID included in this information are not changed because they are not information about the main control unit 21 or information about the authentication key. Therefore, it is the authentication key and the key version that may be updated.

  Note that the method for updating the information is arbitrary. When there is an update, information other than the unit serial ID among the updated information stored in the auxiliary storage unit 516 of the upper server 510 is encrypted with a key. This key is, for example, the same key as the key stored in the second storage area of the storage unit 21b of the main control unit 21.

  In such a case, the processing unit 21a moves the main information stored in the first storage area of the storage unit 21b to the second storage area and stores it. At this time, the temporary information or the main information stored in the second storage area is overwritten. Then, the processing unit 21a stores the main information transmitted from the host server 510 (the encrypted main information decrypted) in the first storage area (step G90).

  Thereafter, for example, the processing unit 21a transmits the main information stored in the first storage area of the storage unit 21b together with the registration instruction for the main information to the processing unit 23a of the communication control IC 23. At this time, the processing unit 21a encrypts the information using the temporary authentication key stored in the second storage area of the storage unit 21b and transmits the encrypted information (step G92). When the processing unit 23a receives the main information and the registration instruction, the processing unit 23a decrypts the main information using the temporary authentication key of the temporary information stored in the first storage area of the storage unit 23b. Is stored (moved) in the second storage area of the storage unit 23b, and the decrypted main information is stored in the first storage area of the storage unit 23b (step G93). Through this process, the updated information is newly registered in the first storage area of the communication control IC 23.

  Thereafter, the processing after G6 in FIG. 28 is performed.

  According to such processing, when the authentication key is updated, encryption communication is performed with the immediately preceding authentication key, so that the authentication key can be easily updated. Further, by setting the key version and the authentication key as a set, when the authentication key is leaked, the leaked authentication key can be easily searched based on the key version of the authentication key.

(When replacing pachinko machine 10)
In the operation stage, the game hall 500 may replace the pachinko machine 10 while leaving the card unit 20 as it is. After the replacement of the pachinko machine 10, the first operation stage process will be described.

  Here, since only the pachinko machine 10 is replaced, the host server 510 stores the information of the card unit 20 (main information), but stores the information of the pachinko machine 10 (registration information). Not.

  Therefore, in such a process at the operation stage and when the host server is online, the same processes as those in steps G1 to G9, step G90, step G92, and step G92 are performed, and the key management is performed in the installation stage. The same processing as the processing from Step E17 to Step 29 when the center server 310 is online is performed.

  According to the above processing, when the pachinko machine 10 is replaced, the upper server 510 does not store the registration information of the replaced pachinko machine 10, so the key management center server 310 is inquired and the key management is performed. The center server 310 performs collation. For this reason, even when the pachinko machine 10 is replaced, appropriate registration and verification are performed, and the management system 1 can cope with the replacement of the pachinko machine 10.

(When replacing card unit 20)
In the operation stage, the game room 500 may replace the card unit 20 while leaving the pachinko machine 10 as it is. After the replacement of the card unit 20, the first operation stage process will be described.

  Here, since only the card unit 20 is exchanged, the information (registration information) of the pachinko machine 10 is stored in the host server 510, although the information (main information) of the card unit 20 is not stored. ing.

  Therefore, in such a process at the operation stage and when the upper server is online, the same processes as those from Step E1 to Step E16 in the installation stage and when the upper server 510 is in the online state are performed. The processing from step G10 to step G17 when the host server 510 is in the online state at the stage is performed.

  According to the processing as described above, when the card unit 20 is replaced, the upper server 510 does not store the main information of the replaced card unit 20, so an inquiry is made to the key management center server 310 to perform key management. The center server 310 performs collation. For this reason, even when the card unit 20 is replaced, appropriate registration and verification are performed, and the management system 1 can cope with replacement of the card unit 20.

(Operation when exception occurs)
Next, the operation at the time of exception of the management system 1 will be described with reference to the drawings.

  Note that the NG operation permission setting is set in each of the main control unit 21 and the upper server 510 (stored in each storage unit). The NG operation permission setting includes NG operation permission for permitting a predetermined operation and NG operation prohibition for prohibiting the predetermined operation. The processing unit 21a of the main control unit refers to the NG operation permission setting stored in the storage unit 21b and performs an operation according to the content of this setting. The control unit 511 of the upper server 510 refers to the NG operation permission setting stored in the auxiliary storage unit 516 and performs an operation according to the content of this setting. The processing unit 21a and the control unit 511, for example, set NG operation permission when a predetermined collation is a collation NG (including a case where an unregistered notification is received) or when communication with another device cannot be performed. Refer to

  The NG operation permission setting is set by an arbitrary method. For example, the NG operation permission setting is included in the main control unit operation information, and the NG operation permission setting is written in the main control unit 21 to set the NG operation permission setting. For example, an NG operation permission setting is set in the upper server 510 when an operation input unit of the upper server 510 is operated by an employee of the game hall 500 or the like. The NG operation permission setting may be distributed and set from the key management center server 310 to the upper server 510, or the NG operation permission setting is distributed and set to the main control unit 21 via the upper server 510. Also good.

(Exception 1)
In the operation of the management system 1 in the installation stage, the upper server 510 and the key management center server 310 may not be able to communicate for some reason (the key management center server 310 is offline). The operation in such a case will be described with reference to FIG. In addition, since the description which overlaps with the said installation stage is the same as the description in the said installation stage, it abbreviate | omits suitably.

  When the control unit 511 cannot transmit the unit serial ID and the authentication request to the key management center server 310 at step E4 in the installation stage (step F4), the operation of the management system 1 is as follows.

  After step F4, the control unit 511 acquires the NG operation permission setting from the auxiliary storage unit 516 (step F4.5), and ends the subsequent processing when the acquired NG operation permission setting is prohibited. Then, the fact that it cannot communicate with the key management center server 310 is notified via the display unit of the input / output unit 513 or the like. When the NG operation permission setting is NG operation permission, the control unit 511 transmits information indicating that the NG operation is permitted (hereinafter simply referred to as NG operation permission) to the main control unit 21 (step F5).

  When receiving the authentication NG operation permission from the upper server 510, the processing unit 21a of the main control unit 21 starts communication with the processing unit 23a of the communication control IC 23 and performs verification.

  Specifically, the processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23 collate each other's information in the processes from Step F6 to Step F8 as shown in the figure. Since this process is the same as the process from step E12 to step E14 in FIG. 26, the detailed description conforms to the description of the process from step E12 to step E14.

  In the processing from step F6 to step F8, if the collation result for at least a part of each information is collation NG, the main control unit 21 or the communication control IC 23 may not be valid (that is, the main control unit 21). Since the control unit 21 or the communication control IC 23 (the side that is not collated in the collation of each step may have been replaced), the processing unit 21a or the processing unit 23a stops the subsequent processing, for example, If the communication control IC 23 is not valid, the processing unit 21a turns on the lamp of the card unit 20 to notify that the communication control IC 23 may not be valid. As described above, when the collation is NG, the processing unit 21a or the processing unit 23a can cope with replacement of the main control unit 21 and the communication control IC 23 by performing a predetermined process.

  In the processing from step F6 to step F8, when the collation result for each information is collation OK, the processing unit 21a and the processing unit 23a are stored in each first storage area in the subsequent communication. The encrypted communication using the temporary authentication key included in the temporary information is performed (step F9).

  That is, when information is transmitted from the main control unit 21 to the communication control IC 23, the processing unit 21a encrypts the information using the temporary authentication key recorded in the first storage area of the storage unit 21b and transmits the information. The processing unit 23a decrypts and uses the information using the temporary authentication key recorded in the first storage area of the storage unit 23b. When information is transmitted from the communication control IC 23 to the main control unit 21, the processing unit 23a encrypts the information using the temporary authentication key recorded in the first storage area of the storage unit 23b and transmits the information. The processing unit 21a decrypts and uses the information using the temporary authentication key recorded in the first storage area of the storage unit 21b.

  For example, the processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23 include information stored in the respective storage units 21a and 21b (for example, main control unit operation information and communication control IC operation information). In step F9, the information included is the same as the description of the installation stage described above, and is transmitted and received by encrypted communication using this authentication key. Subsequent processing may be performed after authentication.

  Subsequently, the processing unit 21a performs the process of step F10. Since the process of step F10 is the same process as the setting of the effective key in step E16, the description of the process of step F10 is omitted (the encryption communication is not performed). If used, the temporary authentication key is used instead of the real authentication key).

  Next, the processes from Step F11 to Step F17.5 are performed. Since these processes are the same as the processes from Step E17 to Step E23.5, detailed description of these processes will be omitted. Note that the encrypted communication using the authentication key between the processing unit 21a and the processing unit 23a replaces the encrypted communication using the temporary authentication key.

  After step F17.5, the control unit 511 transmits registration information including the game hall information to the key management center server 310 together with the verification request, similarly to step E24, but cannot perform this transmission (step F18). In this case, since the NG operation permission setting is NG operation permission as described above, the control unit 511 transmits the NG operation permission to the main control unit 21 (step F19).

  When the processing unit 21a of the main control unit 21 receives the NG operation permission, the processing unit 21a and the processing unit 23a perform the processes from Step F20 to F22. Since these processes are the same as steps E27 to E29, detailed description thereof is omitted. In steps F20 to F22, the main authentication key in steps E27 to E29 replaces the temporary authentication key stored in each first storage area of each storage unit 21b and 23b.

  Thereafter, the main control unit 21 and the communication control IC 23 cause the card unit 20 to perform a normal operation during business hours of the game hall 500 while performing encrypted communication using a session key (for example, a ball lending process). , A process of turning on the lamp, etc.).

  As described above, in this embodiment, even if the key management center server 310 and the upper server 510 cannot communicate with each other, it is possible to detect the replacement of the communication control IC 23 and the like. Further, by using the setting of NG operation permission, even if the key management center server 310 and the upper server 510 are in a state where communication is impossible, for example, by setting permission information in the communication control IC 23, the card It is possible to cause the unit 20 to perform a normal operation performed when the game hall 500 is in business. As a result, it is possible to reduce troubles in the business of the game hall 500.

(Exception 2)
Next, a case in which the host server is offline at the operation stage will be described with reference to FIG.

  In this case, it is a case where the authentication request cannot be received in step G2 in the operation stage and the operation when the host server is online, that is, the unit serial ID cannot be transmitted (step H1).

  In this case, the processing unit 21a of the main control unit 21 determines whether this information is stored in the first storage area of the storage unit 21b (step H2). This determination is made, for example, by determining whether information is stored in the second storage area of the storage unit 21b. When this information is stored in the first storage area of the storage unit 21b, the information is stored in the second storage area. For this reason, if information is stored in the second storage area of the storage unit 21b, this information is stored in the first storage area. Here, since the host server is offline after the installation stage, information is stored in the second storage area, so this determination is YES.

  After step H2, the processing unit 21a of the main control unit 21, the processing unit 23a of the payout control chip 23, and the pachinko machine 10 perform the processing from step H3 to step H9. Therefore, the detailed description of these processes is the same as the process from steps G6 to G10.

  Next, when the registration information is transmitted from the processing unit 23a in step H9, the processing unit 21a determines whether the verification result is stored in the storage unit 21b of the main control unit 21 (step H10, verification result). Confirmation), it is determined whether or not the same registration information as the transmitted registration information is stored in the storage unit 21b (step H11, confirmation of registration information). The fact that both pieces of registered information to be collated are the same is the case where all the results obtained by collating each information included in both pieces of registered information are collation OK.

  Here, the collation result is stored in the storage unit 21b (step H10; YES), and the same registration information as the transmitted registration information is stored in the storage unit 21b (step H10; YES). The processing unit 21a of the control unit 21 transmits a session key request indicating a request for transmitting a session key to the processing unit 23a of the communication control IC 23 (step H12). Thereafter, the processing unit 21a and the processing unit 23a perform the processes of steps H13 and H14. Since the processing from step H12 to H14 is the same as the processing from step G15 to G17, the detailed description of these processing is in accordance with the description of the processing from step G15 to G17.

  According to the above processing, even when the upper server 510 is in an offline state, appropriate verification is performed using previously registered information, and the management system 1 indicates that the upper server 510 is in an offline state. If it is, authentication can be performed. It is possible to reduce the trouble in the operation of the playground 500.

(Exception 3)
As described above, when the key management center server 310 and the IC writer 610 cannot communicate with each other at the manufacturing stage of the card unit 20, the IC writer 610 stores in the auxiliary storage unit 616 after the communication with the key management center server 310 is restored. The stored shipping information is transmitted to the key management center server 310 (step C11). However, communication with the key management center server 310 may not be restored for a long time, and in this case, the card unit 20 may be installed in the game hall 500 without provisional information being registered in the key management center server 310. is there. In addition, registration of information from the chip maker computer 110 to the key management center server 310 may be delayed, and the card unit 20 may be installed in the game hall 500 without provisional information being registered in the key management center server 310. The operation of the management system 1 in such a case will be described below with reference to FIG.

  As shown in the figure, the management system 1 performs processing from step J1 to step J4, and this processing corresponds to the processing from step E1 to step E4 in FIG. For this reason, the description of the process from step J1 to step J4 is based on the description in step E1 to E4.

  Although the control unit 311 of the key management center server 310 receives the unit serial ID and the authentication request transmitted from the host server 510, the auxiliary storage unit 316 stores no provisional information. Temporary information including a unit serial ID indicating the same content cannot be retrieved from the auxiliary storage unit 316. In this case, the control unit 311 transmits an unregistered notification indicating that temporary information is not stored to the upper server 510 (step J5).

  When receiving the unregistered notification from the key management center server 310, the control unit 511 of the upper server 510 acquires an NG operation permission setting stored in advance in the auxiliary storage unit 316.

  Subsequently, when the content of the NG operation permission setting is NG operation permission, the control unit 511 of the upper server 510 transmits the NG operation permission to the main control unit 21 (step J6). On the other hand, when the content of the read NG operation permission setting is NG operation prohibition, the control unit 511 cancels the process and displays on the display unit included in the input / output unit 513 that temporary information is not stored. The notification process is performed.

  When receiving the NG operation permission from the host server 510, the main control unit 21 communicates with the communication control IC 23, and the temporary information stored in the first storage area of the storage unit 21b and the first of the storage unit 23b. The temporary information stored in the storage area is collated (step J7 to step J9). The processing from step J7 to step J9 differs in that the stored information is temporary information, but corresponds to the processing from step E12 to step E14. For this reason, the description of the processing from step J7 to step J9 is in accordance with the description in steps E12 to E14.

  When all the collation results in Step J7 to Step J9 are collation OK, the main control unit 21 and the communication control IC 23 encrypt and decrypt the temporary authentication keys stored in the mutual storage units 21b and 23b. The encryption communication used as the key is started (step J10). Thereafter, the processing unit 21a and the processing unit 23a perform encrypted communication using the temporary authentication key (details conform to the description of step E15, etc. This authentication key replaces the temporary authentication key).

  Subsequently, the processing unit 21a transmits the valid key stored in the storage unit 21b to the communication control IC 23 via the communication unit 21c when all the verification results in steps J7 to J9 are verification OK ( Step J11). The processing unit 23a of the communication control IC acquires the transmitted effective key, decrypts it with the write key, and stores (sets) it in the storage unit 23b.

  Subsequent processing can be performed, for example, the same processing as the processing from step E17.

  As described above, when the permission information is set and the NG operation permission is set, even if the temporary information is not registered in the key management center server 310, the same processing as that when the temporary information is registered is performed. Therefore, the card unit 20 or the like can be made to perform a normal operation at the time of business of the game hall 500. For this reason, it is possible to reduce troubles in the business of the game hall 500.

(Exception 4)
Similarly to the case of the card unit 20, the pachinko machine 10 may be installed in the game hall 500 with the pachinko machine information not registered in the key management center server 310. Even at the manufacturing stage of the pachinko machine 10, the key management center server 310 and the IC writer 210 may not be able to communicate as in the manufacturing stage of the card unit 20. Therefore, the information on the pachinko machine 10 may not be registered on the key management center server 310 as in the case where the information on the card unit 20 is not registered on the key management center server 310. The operation of the management system 1 in such a case will be described with reference to FIG.

  As shown in the figure, the management system 1 performs processing from step K1 to step K8, and this processing corresponds to the processing from step E17 to step E24. For this reason, the description of the processing from step K1 to step K8 is in accordance with the description from step E17 to step E24.

  Although the control unit 311 of the key management center server 310 receives the registration information and the verification request transmitted by the upper server 510, the registration information cannot be verified because the registration information is not stored in the auxiliary storage unit 316. . In this case, the control unit 311 transmits an unregistered notification indicating that registration information is not stored to the upper server 510 (step K9).

  When receiving the registration information non-registration notification from the key management center server 310, the control unit 511 of the upper server 510 acquires an NG operation permission setting stored in advance in the auxiliary storage unit 316.

  Subsequently, when the content of the acquired NG operation permission setting is NG operation permission, the control unit 511 of the upper server 510 notifies the main control unit 21 of NG operation permission (step K10). On the other hand, when the content of the read NG operation permission setting is NG operation prohibition, the control unit 511 cancels the process and displays on the display unit included in the input / output unit 513 that temporary information is not stored. The notification process is performed.

  Next, when the NG operation permission is notified, the main control unit 21 performs processing from step K11 to step K13 with the processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23. Since the processing is the same as the processing from steps E27 to E29, the description of these processing will follow from steps E27 to E29.

  Thereafter, the main control unit 21 and the communication control IC 23 cause the card unit 20 to perform a normal operation during business hours of the game hall 500 while performing encrypted communication using a session key (for example, a ball lending process). , A process of turning on the lamp, etc.).

  In addition, the process before step K1 performs the process of step E1 to E16, etc., for example.

  As described above, when the NG operation permission is set, even if the registration information is not registered in the key management center server 310, the same processing as that when the registration information is registered is performed. The pachinko machine 10 and the like can be made to perform normal operations at the time of business of the game hall 500. For this reason, it is possible to reduce troubles in the business of the game hall 500.

(Exception 5)
When the pachinko machine is replaced, the upper server 510 and the card unit 20 may not be able to communicate with each other. This will be described with reference to FIG. In this case, first, for example, processing similar to the processing from step H1 to step H14 is performed.

  As a premise, in step L1, the processing unit 21a of the main control unit 21 transmits a connection request indicating a signal requesting connection to the upper server 510 to the upper server 510. However, since the upper server 510 is offline, the connection request Will be NG. In addition, the processing unit 21a cannot acquire an authentication request from the upper server. Therefore, the processing unit 21a cannot transmit the unit serial ID and the authentication request to the upper server 510.

  In such a case, the processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23 perform the processing from step L2 to step L4, and correspond to the processing from step E17 to step E22. For this reason, the description of the processing from step L2 to step L4 is in accordance with the description from step E17 to step E22.

  Subsequently, the processing unit 21a of the main control unit 21 receives the registration information transmitted from the communication control IC 23 and checks whether or not the registration information is stored in the storage unit 21b, but the registration information is not stored. Therefore, the received registration information is stored in the storage unit 21b (step L5). The processing unit 21a refers to the collation result stored in the storage unit 21b. In this case, since the collation result is not stored in the storage unit 21b, the processing unit 21a determines that there is no collation result (step) L6).

  Next, the processing unit 21a acquires the NG operation permission setting stored in advance in the storage unit 21b, and performs processing according to the content of the NG operation permission setting. Specifically, if the NG operation permission setting is NG operation permission, the processing unit 21a and the processing unit 23a perform the processing from step L7 to step L9. On the other hand, when the NG operation permission setting is NG operation prohibition, the processing unit 21a turns on the lamp of the card unit 20 to notify that fact and notifies that the subsequent processing cannot be performed.

  Since the processing from step L7 to step L9 is the same as the processing from step G15 to G17, the detailed description of these processing is in accordance with the description of the processing from step G15 to G17.

  As described above, when the NG operation permission is set, the management system 1 can operate smoothly even when the host server is offline, and the pachinko machine 10 and the like can be Normal operation can be performed. For this reason, it is possible to reduce troubles in the business of the game hall 500.

(Exception 6)
As described above, there is a case where the card unit 20 is installed in the game arcade 500 without storing the temporary information and the main information in the key management center server 310, and then the pachinko machine 10 is replaced. The operation of the management system 1 in this case will be described with reference to FIG. It is assumed that the upper server 510 and the main control unit 21 cannot communicate.

  When the power of the card unit 20 is turned on, the processing unit 21a of the main control unit 21 makes a connection request or the like but cannot receive the authentication request, that is, cannot transmit the unit serial ID (step M1).

  Subsequently, the processing unit 21a determines whether the processing unit 21a of the main control unit 21 stores this information in the first storage area of the storage unit 21b (step M2). This determination is made, for example, by determining whether information is stored in the second storage area of the storage unit 21b. When this information is stored in the first storage area of the storage unit 21b, the information is stored in the second storage area. For this reason, if information is stored in the second storage area of the storage unit 21b, this information is stored in the first storage area. Here, since the temporary information is stored in the first storage area, this determination is NO.

  Therefore, the processing unit 21a acquires the NG operation permission information stored in the storage unit 21b, and performs a process according to the content of the NG operation permission information. Specifically, when the NG operation permission information is NG operation permission, the processing unit 21a transmits the unit serial ID of the temporary information stored in the first storage area to the communication control IC 23, and the communication control IC 23 The processing unit 23a collates the transmitted unit serial ID with the unit serial ID of the temporary information stored in the first storage area of the storage unit 23b of the communication control IC 23 (step M3).

  Subsequently, the processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23 communicate with each other to perform authentication in Step M4 and Step M5. This processing is the same as the processing in Steps E13 and E14. Therefore, the description follows that of steps E13 and E14.

  The processing unit 21a of the main control unit 21 and the processing unit 23a of the communication control IC 23 are stored in each first storage area in the subsequent communication when the collation result notified in step M5 is collation OK. The encrypted communication is performed using each of the present authentication keys (step M6). This process conforms to the description of the process in step E15.

  Note that if there is a collation NG in the collation in any of the above steps M3, M4, and M5, the main control unit 21 or the communication control IC 23 may not be valid (that is, the main control). The processing unit 21a or the processing unit 23a stops the subsequent processing, for example, because the switching of the unit 21 or the communication control IC 23 (the side that has not been verified in the verification of each step) may have been performed. If the communication control IC 23 is not valid, the processing unit 21a turns on the lamp of the card unit 20 to notify that there is a possibility that the communication control IC 23 is not valid. As described above, when the collation is NG, the processing unit 21a or the processing unit 23a can cope with replacement of the main control unit 21 and the communication control IC 23 by performing a predetermined process.

  The processing after step M6 is, for example, processing from step E17 to step E29.

  As described above, when the NG operation permission is set, the management system 1 can operate smoothly even when the host server is offline, and the pachinko machine 10 and the like can be Normal operation can be performed. For this reason, it is possible to reduce troubles in the business of the game hall 500. Setting permission information means that the main control unit 21 and the upper server 510 have once communicated with each other, so that a certain level of security is ensured without significantly reducing security.

(Exception 7)
For example, the effective key is transmitted from the main control unit 21 to the communication control IC 23 without shipping information being registered in the key management center server 310 at the installation stage, and the effective key is stored in the storage unit 23b of the communication control IC 23. There is a case. In this case, when communication between the IC writer 610 and the key management center server 310 is restored, shipping information is registered from the IC writer 610 to the key management center server 310. Also, for example, when the host server 510 and the key management center 310 cannot communicate with each other at the installation stage, this information is not registered in the main control unit 21 and the communication control IC 23, but is valid from the control unit 21 to the communication control IC 23. In some cases, the key is transmitted and the valid key is stored in the storage unit 23 b of the communication control IC 23. In this case, it is conceivable that communication between the upper server 510 and the key management center 310 is restored later. In these cases, the card unit 20 and the like perform the following processing (see FIGS. 36 to 38).

  As shown in the figure, the operation of the management system 1 in this case is the same as the basic operation in the installation stage, although the effective key is already stored in the storage unit 23b of the communication control IC 23. Accordingly, the operation of the management system 1 in this case is the same as the operation when step E16 in FIGS.

  In this way, even if an error occurs during processing, it can be handled here.

(Exception 8)
For example, in the installation stage, the processing from step E1 to step E5 shown in FIGS. 24 to 25 may be executed, and then the processing after step E6 may not be executed. In this case, for example, the card unit 20 or the like is reset and dealt with. In this case, the card unit 20 or the like performs the following processing (see FIGS. 39 to 41).

  In this case, this information is transmitted from the key management center server 310 to the upper server 510 and stored in the auxiliary storage unit 516. Therefore, since this information is already stored in the auxiliary storage unit 516, the operation of the management system 1 in this case is the same as the basic operation in the installation stage. Therefore, when the host server 510 receives this authentication key request from the main control unit 21 together with the unit serial ID, it searches for the unit serial ID having the same content as the received unit serial ID from the information stored in the auxiliary storage unit 516. The main information including the unit serial ID is transmitted to the main control unit 21. Therefore, the operation of the management system 1 in this case is the same as the operation when step E2, step E4, step E4.6, and step E5 in FIGS.

  In this way, even if an error occurs during processing, it can be handled here.

(Exception 9)
For example, in the above installation stage, after step E9 (after registering this information in the communication control IC) and before step E16 (before an effective key is set in the communication control IC), the main control is performed for some reason. The unit 21 and the communication control IC 23 cannot communicate with each other, or one of them cannot operate, and a series of processing in the installation stage may be interrupted. In this case, when the card unit 20 is turned on again, the card unit 20 and the like perform the following processing (see FIG. 42).

  The processing unit 21a of the main control unit 21, the processing unit 23a of the communication control IC 23, and the host server 510 perform the processing from Step R1 to R9. These processing are the same as the processing from Step G1 to G9 at the operation stage and online. Therefore, the detailed description conforms to the description in the processing of steps G1 to G9.

  Next, the processing unit 21a and the processing unit 23a perform the process of step R10, and an effective key is set in the communication control IC 23. Since this process is the same process as step E16 in the installation stage, the detailed description follows the description of the process in step E16.

  The processing after step R10 is the same as the processing from step E17. Other explanations are the same as those in the installation stage and the operation stage.

  In this way, even if an error occurs during processing, it can be handled here.

(Exception 10)
For example, in the installation stage, after the main control unit 21 and the communication control IC 23 authenticate using temporary information and set the valid key in the communication control IC 23, the process proceeds to the operation stage and the auxiliary storage unit 516 of the upper server 510. Before this information is stored, for some reason, either the main control unit 21 or the communication control IC 23 may not operate, and a series of processing may be interrupted. In this case (when temporary information is stored in the first storage area of the main control unit 21 and a valid key is set in the communication control IC 23), when the card unit 20 is turned on again, the card The unit 20 and the like perform the following processing (see FIGS. 43 to 45).

  The processing unit 21a of the main control unit 21 and the control unit 511 of the host server 510 perform the processing from step S1 to S4, but these processing are the same processing as steps G1 to G4 at the operation stage and online. The detailed description follows that of steps G1 to G4.

  Next, the processing unit 21a of the main control unit 21, the processing unit 23a of the communication control IC 23, and the control unit 511 of the upper server 510 perform the processing from step S5 to S13. Since the processing is the same as that from E7 to E15, the detailed description follows that of steps E7 to E15.

  The processing after step S14 is the same as the processing from step E17. Other explanations are the same as those in the installation stage and the operation stage.

  In this way, in this embodiment, it is possible to cope with an error that occurs during processing.

(Exception 11)
For example, at the installation stage, after the main control unit 21 and the communication control IC 23 authenticate using temporary information and set the valid key in the communication control IC 23, for some reason, the main control unit 21 and the communication control IC 23 There is a case where a series of processing is interrupted because one of them cannot be operated. In such a case (when temporary information is stored in the first storage area of the main control unit 21 and a valid key is set in the communication control IC 23), when the card unit 20 is turned on again. The card unit 20 and the like perform the following processing (see FIG. 46).

  The processing unit 21a of the main control unit 21 and the control unit 511 of the host server 510 perform the processing from Step T1 to T3, but these processing are the same as the processing from Step G1 to G3 at the operation stage and online. The detailed description follows that of steps G1 to G3.

  Next, the processing unit 21a of the main control unit 21, the control unit 511 of the host server 510, and the communication control IC 23a perform the processing from step T4 to T9. Since the processing is the same, the detailed description follows that of steps F4 to F9.

  The processing after step T9 is the same as the processing from step E17. Other explanations are the same as those in the installation stage and the operation stage.

  In this way, even if an error occurs during processing, it can be handled here.

(Exception 12)
For example, at the installation stage, the main control unit 21 and the communication control IC 23 authenticate using temporary information and distribute the valid key to the main control unit 21. A series of processing may be interrupted because either the control unit 21 or the communication control IC 23 cannot operate. In such a case (when temporary information is stored in the first storage area of the main control unit 21, no valid key is set in the communication control IC 23, and a valid key is stored in the main control unit 21) When the card unit 20 is turned on again, the card unit 20 and the like perform the following processing (see FIG. 47).

  The processing unit 21a of the main control unit 21 and the control unit 511 of the host server 510 perform the processing from step U1 to U3, but these processing are the same as the processing from step G1 to G3 at the operation stage and online. The detailed description follows that of steps G1 to G3.

  Next, the processing unit 21a of the main control unit 21, the control unit 511 of the host server 510, and the communication control IC 23a perform the processing of steps U4 to U10. These processing are performed from the steps F4 to F10 in the installation stage. Since the processing is the same, the detailed description conforms to the description of steps F4 to F10.

  The processing after step F10 is the same as the processing from step E17. Other explanations are the same as those in the installation stage and the operation stage.

  In this way, even if an error occurs during processing, it can be handled here.

(Exception 13)
For example, after setting the valid key in the communication control IC 23 in the installation stage, either the main control unit 21 or the communication control IC 23 cannot operate for some reason before the authentication of the pachinko machine 10, and a series of processing is performed. It may be interrupted. In such a case (when temporary information (or this information) is stored in the second storage area of the main control unit 21 and a valid key is set in the communication control IC 23), the card unit 20 is turned on again. In such a case, the card unit 20 or the like performs the following processing (see FIG. 48).

  The processing unit 21a of the main control unit 21, the control unit 511 of the host server 510, the communication control IC 23a, and the like perform the processing from step V1 to V9, but these processing are the same as the processing from steps F11 to F22 in the installation stage. The detailed description follows that of steps F4 to F9.

  The process before step V1 is the same as the process from step G1 to G9. Other explanations are the same as those in the installation stage and the operation stage.

  In this way, even if an error occurs during processing, it can be handled here.

(Exception 14)
In the above exception, etc., the processing performed by the host server 510, the main control unit 21, the communication control IC 23, etc. after the unregistered notification is performed, and the host server 510, the main control after the communication with other devices cannot be performed. The processing performed by the unit 21, the communication control IC 23, etc. is common as appropriate. That is, the processing after step T5 in FIG. 46 and the processing after step J6 in FIG. In this way, in particular, when the upper server 510 and the key management center server 310 cannot communicate with each other and when the key management center server 310 transmits an unregistered notification to the upper server 510, the subsequent processing is appropriately the same. .

(NG operation permission)
Here, when the NG operation permission setting is NG operation permission, the processing unit 21a and the control unit 511 execute subsequent processing. However, when processing is performed with this NG operation permission, a predetermined condition is satisfied. Only after the above, the subsequent processing is executed (the above-mentioned exceptional situation may occur continuously a plurality of times. For example, when registration information or temporary information is unregistered or when an offline state continues). If the predetermined condition is not satisfied, the subsequent processing is not performed even if the NG operation is permitted (in addition, the fact may be notified).

  In this case, for example, the processing unit 21a measures the time (NG operation time) from when the NG operation permission setting for NG operation permission is acquired or received by an internal timer. Then, the processing unit 21a has a predetermined time (for example, stored in the storage unit 21b in advance and included in the main control unit operation information and written in the main control unit 21) and an NG operation time measured by a timer. And compare. Alternatively, the processing unit 21a counts the number of times the NG operation permission setting for NG operation permission is acquired or received, and stores it in the storage unit 21b. Then, the processing unit 21a compares a predetermined number of times (for example, stored in the storage unit 21b in advance and included in the main control unit operation information and written in the main control unit 21) with the counted number of processes. To do.

When the NG operation time measured by the timer has passed a predetermined time, or when the counted number exceeds the predetermined number, the processing unit 21a determines that the predetermined condition is not satisfied, Even if it is NG operation permission, the subsequent processing is not performed (in addition, the fact may be notified). Note that the time includes a period in units of days or weeks in addition to a period in hours or minutes. That is, the subsequent processing may be performed only when the number of days or the number of weeks is equal to or less than a predetermined number of days or a predetermined number of weeks.
In this way, the processing unit 21a monitors the state from when the processing with the NG operation permission was first performed until the present (the state with the processing with the NG operation permission is continuous, for example, the time and the number of times). When the monitored state does not satisfy the predetermined condition, even if the NG operation permission setting is NG operation permission, notification to that effect, subsequent processing is not executed (subsequent processing is stopped), etc. Processing different from that for the NG operation permission is performed.
The control unit 511 may perform the same processing as the processing (the monitoring or the like) performed by the processing unit 21a. In addition, the control unit 511 and the processing unit 21a change the NG operation permission setting stored in the storage unit 512 or the storage unit 21b to NG operation prohibition when the monitoring state does not satisfy the predetermined condition. May be. Also by this, processing different from that at the time of NG operation permission is performed.

(Summary of this embodiment)
As described above, the management system 1 according to the present embodiment makes a determination by checking whether the integrated circuit mounted on the card unit 20 or the pachinko machine 10 is valid for each stage. According to this configuration, since collation is performed at each stage, detection and countermeasures such as replacement of an integrated circuit can be performed at each stage according to the collation result.

(Other 1)
In the above embodiment, the management system 1 has the above configuration.
A game device (for example, card unit 20) installed in a game hall (for example, game room 500) equipped with an integrated circuit (for example, communication control IC 23) storing its identification information (for example, communication control serial ID). )When,
A first management device (for example, key management center server 310) installed outside the game arcade that stores identification information of the integrated circuit as verification information;
A second management device (for example, an upper level) installed in the game hall that stores permission information (for example, a valid key) that allows the integrated circuit to perform a predetermined process by being set in the integrated circuit. Server 510);
With
The gaming device and the second management device are communicably connected in the game hall,
The management system collates the collation information stored in the first management device with the identification information stored in the integrated circuit (for example, a process of collating the communication control serial ID in step E13). With reference)
The gaming device includes a first acquisition unit that acquires the permission information from the second management device (for example, refer to a process in which the permission information is distributed from the upper server 510 in step E2), and the collation unit includes the verification unit Setting means for setting the permission information acquired by the first acquisition means in the integrated circuit when it is determined that the verification information and the identification information identify the same integrated circuit (for example, effective key setting in step E16) Reference).

  As a result, when it is determined by collation by the collation means that the collation information and the identification information identify the same integrated circuit, permission information is set in the integrated circuit. If it is determined that the matching information and the identification information identify the same integrated circuit, the integrated circuit is not replaced. In other words, the integrated circuit from which such a verification result is obtained is a genuine product. For this reason, in the above management system, after the gaming device is installed in the amusement hall, permission information is set in the genuine integrated circuit, and the integrated circuit does not perform predetermined processing until the permission information is set. Can be done. Therefore, according to the management system, security against fraud can be improved.

  In the above-described embodiment, the matching unit is provided in the gaming device, but the matching unit may be provided in another device. For example, the collating unit may be provided in a first management device such as the key management center server 310. In this case, the collation means obtains the identification information (communication control serial ID) of the integrated circuit from the gaming device (in the above, it is performed via the second management device) and performs collation. And a collation means transmits a collation result to a game device. The gaming device performs setting processing according to the transmitted verification result. Further, the first acquisition unit may acquire the permission information when both identification information identifies the same integrated circuit in the collation result.

In the above embodiment, the management system 1 has the above configuration.
A first output device (for example, a chip maker computer 110) of an integrated circuit manufacturer that manufactures the integrated circuit, which outputs identification information stored in the integrated circuit to the first management device;
The gaming apparatus, which is information relating to the gaming apparatus and outputs apparatus information (for example, shipping information) including identification information of the integrated circuit mounted on the gaming apparatus to the first management apparatus. A second output device (for example, IC writer 610) of a gaming device manufacturer that manufactures
The verification information stored in the first management device is an integrated circuit in which the identification information output from the first output device and the identification information included in the device information output from the second output device are the same. The information stored by the first management apparatus when it is identified (for example, refer to the process for verifying the communication control serial ID in step B15) (for example, refer to the process for registering shipping information in step B16). .

  According to the above configuration, when the identification information output from the integrated circuit manufacturer and the identification information output from the gaming device manufacturer identify the same integrated circuit, the verification information is recorded in the first management device. Therefore, it is ensured that the verification information is identification information about the genuine integrated circuit. For this reason, the security against fraud can be improved by the management system.

In the above embodiment, the management system 1 has the above configuration.
The second management device (for example, the upper server 510) acquires and stores the permission information (for example, effective key) in an encrypted state (for example, acquires the effective key distributed in step C1). Process)
The gaming device further includes decryption key storage means for storing in advance a decryption key (for example, a write key) for decrypting the encrypted permission information,
The first acquisition means acquires the permission information from the second management device in an encrypted state (for example, see the process for acquiring the effective key distributed in step E2),
The setting unit may decrypt the encrypted permission information acquired by the acquisition unit, and set the decrypted permission information in the integrated circuit (for example, the valid key distributed in step E16). (See the process of decrypting and registering).

  According to the above configuration, since the permission information is in an encrypted state until it is set in the integrated circuit, even if the permission information leaks on the communication path of the management system, the permission information is not easily abused. For this reason, the security about permission information is also ensured.

Moreover, in the said embodiment, by said structure,
The gaming device (for example, the card unit 20) includes the first acquisition unit and the verification unit, and a control unit (for example, a main control unit) that can communicate with the integrated circuit (for example, the communication control IC 23). 21),
The integrated circuit includes the setting unit,
The control unit includes an identification information storage unit (for example, a storage unit 21b) that stores the identification information of the integrated circuit in advance, and a second acquisition unit that acquires the identification information stored in the integrated circuit from the integrated circuit ( For example, in the communication control serial ID matching process in step E13, the main control unit 21 further includes a process of acquiring the communication control serial ID from the communication control IC).
The collation means obtains the collation information and collates the obtained collation information with the identification information of the integrated circuit obtained by the second acquisition means and the identification information stored in the identification information storage means. Then, when all the identification information identifies the same integrated circuit, the permission information acquired by the first acquisition means is supplied to the integrated circuit (for example, see the process of setting an effective key in step E16). ,
The setting means may set the permission information in the integrated circuit by acquiring and storing the permission information supplied by the collating means (for example, setting the valid key distributed in step E16) Processing).

  According to the above configuration, the replacement of the integrated circuit can be detected with high accuracy by the verification.

Moreover, in the said embodiment, by said structure,
When the collation information cannot be obtained (for example, when the information cannot be obtained in step F4), the identification information of the integrated circuit obtained by the second acquisition means, and the identification When the identification information stored in the information storage means is collated and both identification information identifies the same integrated circuit, the permission information acquired by the second acquisition means is supplied to the integrated circuit (for example, (Refer to the process of distributing the valid key in step F8).

  According to the above configuration, even if the gaming device cannot acquire the verification information from the first management device, the permission information can be set in a state where certain security is ensured. For example, even if registration of the verification information to the first management apparatus is delayed, the integrated circuit can perform a predetermined process, so that convenience can be improved.

Moreover, in the said embodiment, by said structure,
The device information includes device identification information which is identification information (for example, a unit serial ID) of the gaming device,
The first management device stores the device identification information together with the verification information in association with the verification information.

  As a result, the relationship between the integrated circuit and the gaming device is also known from the authentication information, and it can be confirmed that the authorized integrated circuit is mounted on the authorized gaming device in the later authentication.

(Other 2)
Moreover, in the said embodiment, collation system (management system 1) is the said structure,
A writing device (for example, IC writer 610) for writing information to an integrated circuit (for example, communication control IC 23) mounted on a gaming device (for example, card unit 20) manufactured by a gaming device manufacturer, and the integrated circuit A management system (for example, key management center server 310) that stores the identification information of
The integrated circuit is manufactured by an integrated circuit manufacturer, shipped from the integrated circuit manufacturer to the gaming device manufacturer,
The writing device is used by the gaming device manufacturer and is capable of communicating with the management device, and writing means for writing the information stored in advance into the integrated circuit (for example, each information in the communication control IC in step B13). And a reading means for reading the identification information (for example, communication control serial ID) of the integrated circuit stored in the integrated circuit (for example, see the process of reading the communication control serial ID in step B9), Transmission means for transmitting the identification information read by the reading means to the management device (for example, refer to processing for outputting shipping information in step B14),
The transmission means stores the identification information to be transmitted to the management device when the writing device and the management device cannot communicate (for example, when the connection request is NG in step C4) (for example, step C11). When the communication between the writing device and the management device becomes possible, the stored identification information is transmitted to the management device (for example, the shipping information is output in step C11). Processing)),
The management apparatus includes a collation unit that collates the identification information transmitted by the transmission unit and the identification information stored in the management apparatus (for example, refer to the process of collating the communication control serial ID in Step C12). .

  According to the configuration, when the writing device and the management device cannot communicate, the transmission unit stores the identification information to be transmitted to the management device, and the writing device and the management device can communicate with each other. Since the stored identification information is transmitted to the management device when it becomes, even if the identification information cannot be transmitted to the management device, verification can be performed in the management device after communication becomes possible . If the two pieces of identification information collated by the collation of identification information in the management apparatus do not identify the same control circuit, it can be understood that the integrated circuit has been replaced at the shipping stage. In this way, the verification system can detect the replacement of the integrated circuit at the shipping stage.

Moreover, in the said embodiment, in the said collation system by said structure,
In the writing device, the first operation setting or the second operation setting is set,
The reading means is a case where the management device and the writing device cannot communicate, and the first operation setting is set in the writing device (for example, the writer operation setting in step C5 is 2). The identification information is read and the management device and the writing device cannot communicate and the second operation setting is set in the writing device. Information may not be read.

  According to the above configuration, when the management device and the writing device cannot communicate with each other, the writing device may or may not perform certain processing depending on the operation setting set in the writing device. . With such a configuration, the writing device can perform an operation suitable for the situation.

Moreover, in the said embodiment, in the said collation system by said structure,
In the writing device, the first operation setting or the second operation setting is set,
The writing means is a case where the management device and the writing device cannot communicate, and the first operation setting is set in the writing device (for example, the writer operation setting in step C5 is 2), the information is written when the management device and the writing device cannot communicate with each other, and the second operation setting is set in the writing device. May not be written.

  According to the above configuration, when the management device and the writing device cannot communicate with each other, the writing device may or may not perform certain processing depending on the operation setting set in the writing device. . With such a configuration, the writing device can perform an operation suitable for the situation.

Moreover, in the said embodiment, in the said collation system by said structure,
The information written by the writing means may include information recorded by the integrated circuit manufacturer (for example, a manufacturer code stored in the IC writer 610 shipped in step B1).

  If the information includes information recorded by the integrated circuit manufacturer, the recorded information can also be written directly to the integrated circuit by the integrated circuit manufacturer. However, by deliberately writing the information into the integrated circuit with a writing device by a gaming device manufacturer, the information is illegally performed from the integrated circuit at the shipping stage of the integrated circuit (unauthorized reading, information Falsification, etc.) is prevented. This is because the information is not written in the integrated circuit at the shipping stage. As a result, information on the integrated circuit at the shipping stage can be protected.

Moreover, in the said embodiment, in the said collation system by said structure,
The transmission unit transmits the information written by the writing unit and the identification information read by the reading unit as output information (for example, see the process of transmitting shipping information in step B14).
The collation unit acquires the output information transmitted by the transmission unit (for example, see the process of receiving shipping information after step B14),
When the identification information indicates the same integrated circuit as a result of collation by the collating means, the management device uses at least a part of the information included in the output information as authentication information for authentication of the integrated circuit. Recording means (see processing for storing shipping information as temporary information in step B16).

  With such a configuration, since the authentication information is authentication information for a gaming device equipped with an authentic integrated circuit, authentication using the authentication information is accurate authentication, and the integrated circuit The presence or absence of replacement can be confirmed.

(Other 3)
Moreover, in the said embodiment, in the said collation system by said structure,
A gaming system comprising a gaming device (for example, card unit 20) and a management device (for example, key management center server 310) capable of communicating with the gaming device,
The gaming device includes first transmitting means (for example, steps E32 and E4) for transmitting identification information (for example, unit serial ID) of the gaming device stored in advance in the gaming machine device to the management device. In the process of transmitting the unit serial ID together with the authentication key request in FIG.
The management apparatus includes a first acquisition unit that acquires the identification information transmitted by the first transmission unit (see, for example, the process of acquiring the unit serial ID transmitted in step E4), and the first acquisition unit. Determination means for determining whether or not the same identification information as the identification information acquired by the means is stored (for example, refer to the search process of this information performed in step E4.6), and the determination result determined by the determination means Second transmission means for transmitting the information to the gaming device (for example, refer to the process of transmitting this information in steps E5 and E6 or the process of transmitting an unregistered notification in step J6),
The gaming apparatus includes a second acquisition unit that acquires the determination result transmitted by the second transmission unit (for example, refer to the process of acquiring the information transmitted in step E6), and the second acquisition unit. When the determination result obtained by the means indicates that the same identification information is stored, and permission information (for example, a valid key) permitting the first predetermined processing to be performed is the gaming device The first predetermined process (for example, refer to the process of transmitting a registration information transmission request in step E17), and the identification result acquired by the second acquisition means is the same. Is stored in the game device, and permission information (for example, a valid key) permitting the first predetermined processing is set in the gaming device. Under the conditions of ( In example further comprises, processing means for performing said first predetermined processing when the NG operation permission in step J11).

  According to the above configuration, even if the identification information of the integrated circuit is not registered in the management device, if the permission information is set in the gaming device, the gaming device performs the first predetermined process. It can be carried out. As described above, the gaming system having the above configuration can cause the gaming device to perform predetermined processing even if the identification information of the integrated circuit is not registered in the management device that can communicate with the gaming device.

  The identification information may be integrated circuit identification information such as a communication control serial ID. This is because if the integrated circuit is mounted on the gaming device, this information will eventually correspond to the identification information of the gaming device.

Moreover, in the said embodiment, in the said collation system by said structure,
When the determination result is a result indicating that the same identification information is not stored, the processing means performs the first processing under a predetermined condition (for example, when NG operation is permitted in Step J6). Storage means for storing the history information of performing the first predetermined process, and performing the first predetermined process,
A second predetermined process may be performed when the history information stored in the storage means satisfies a predetermined condition.

  According to such a configuration, for example, when the same identification information is not stored, the integrated circuit is disabled or such a state continues as the second predetermined processing. Since a notification process or the like can be performed, security against replacement of the integrated circuit can be ensured.

(Other 4)
Moreover, in the said embodiment, with the said structure, the said collation system (management system 1) is
A first gaming device (for example, card unit 20) including a first control unit (for example, main control unit 21) and a second control unit (for example, communication control IC 23), and the second control unit A second gaming device (for example, a pachinko machine 10) equipped with an integrated circuit (for example, a payout control chip 11) capable of communicating with the first control unit and a management device (for example, a key management center) capable of communicating with the first control unit Server 310), and a gaming system comprising:
The second control unit obtains identification information (for example, chip ID) of the integrated circuit stored in the integrated circuit from the integrated circuit (for example, a process of receiving the registration information transmitted in step E21) Reference) and first supply means for supplying the identification information acquired by the acquisition means to the first control unit (for example, refer to the process of transmitting registration information in step E22),
The first control unit is a second supply unit that supplies the identification information supplied from the first supply unit to the management apparatus (for example, a process of transmitting registration information together with a verification request in steps E23 and E24). With reference)
The management device includes a collation unit that collates the identification information stored in advance with the identification information supplied from the second supply unit (see, for example, the process of collating registration information in step E24.5). The collation result (collation result of collation OK) indicating that the identification information identifies the same integrated circuit when both identification information identifies the same integrated circuit by collation by the collation means. Third supply means (for example, refer to the process of transmitting the verification result of verification OK in step E25) to be supplied to the control unit,
The first control unit is configured to store the collation result supplied from the third supply unit together with the identification information (for example, refer to the process of storing the collation result and registration information transmitted in step E27). ), And processing means for performing a first predetermined process (for example, refer to a process for requesting a session key in step E27) when the collation result is supplied from the third supply means,
The processing means is a case where the second supply means cannot supply the identification information supplied from the first supply means to the management device (for example, in the case of a connection request NG in step H1). When the storage means stores the collation result together with the identification information (for example, check the collation result in step H10), the identification information supplied from the first supply means and the storage means Is compared with the stored identification information (for example, check the registration information in step H11), and when both identification information identifies the same integrated circuit, the first predetermined processing is performed,
The processing means is a case where the second supply means cannot supply the identification information supplied from the first supply means to the management device, and the storage means does not store the collation result. In this case (for example, refer to the case where the collation result is confirmed in step L6 when there is no collation result), the first predetermined process is performed under a predetermined condition (for example, refer to the case of NG operation permission in step L7). I do.

  According to the above configuration, even when the management device and the first gaming device cannot communicate with each other, the first control unit collates the previous collation results (the collated identification information is the same as the accumulated information). When a verification result indicating that the circuit is identified is stored, verification is performed using the identification information stored together with the verification result. Here, since this identification information was recorded when it was determined in the previous collation that both collated identification information identified the same integrated circuit, it was recorded together with the collation result. The identification information is guaranteed to be regular identification information. For this reason, since the collation performed by the first control unit is collation based on regular identification information, replacement of the integrated circuit can be detected appropriately. Further, even when the storage means does not store the collation result, the first predetermined process is performed under a predetermined condition. Conventionally, the first predetermined processing is not performed uniformly when the collation result as described above is not obtained. However, according to the above configuration, the first predetermined processing is performed as necessary. Done. Therefore, the gaming system can perform appropriate processing even when the gaming device cannot communicate with the management device that stores the identification information of the integrated circuit mounted on the gaming device. I can do it.

Moreover, in the said embodiment, in the said collation system by said structure,
When the first predetermined process is performed when the determination result is not stored in the storage unit, the processing unit performs up to the current state after performing the first predetermined process. The current state is monitored, and the second process (for example, the subsequent process is stopped) may be performed when the monitored result satisfies a predetermined standard.

  According to such a configuration, for example, when a state where the determination is not performed continues, as the second process, the subsequent process is stopped, a notification process that the state is continued, or the like Therefore, security against replacement of the integrated circuit can be ensured.

(Other 5)
In the embodiment, the gaming system (management system 1) is configured as described above.
A gaming device (for example, card unit 20) having a first control unit (for example, main control unit 21) and a second control unit (for example, communication control IC 23) capable of cryptographic communication with each other, and the first control A gaming system comprising: a first management device (for example, a higher-level server 510) capable of communicating with a game unit; and a second management device (for example, a key management center server 310) capable of communicating with the first management device. Because
The first control unit, the second control unit, and the second management device use a first key (for example, a temporary authentication key), which is a common key used in encrypted communication, as the first key. Stored together with first key information (e.g., key version) indicating key information of
The second management device uses a second key different from the first key (for example, a real authentication key) together with second key information (for example, a key version) indicating information on the second key. Encrypted with the first key and transmitted to the first management device (for example, see the process of encrypting and transmitting this information with the temporary authentication key in step E5)
The first management device transmits the second key and the second key information transmitted from the second management device to the first control unit in an encrypted state (for example, , See the process of transmitting the main information encrypted in step E6 to the main control unit 21),
The first control unit decrypts the second key and the second key information transmitted from the first management device with the first key (for example, temporarily stores the information in step E7). The process of decrypting with the authentication key), the second key information of the decrypted second key and the second key information is collated with the first key information stored in advance. (For example, refer to the process of collating in step E7). If they are different, the second key is stored as the first key (for example, temporary information is stored in the second storage area in step E7.5). And refer to the process of storing this information in the first storage area), and supply the second key in an encrypted state to the second control unit (for example, in step E9, this information is sent to the communication control IC 23). Refer to the process to register),
The second control unit receives the second key from the first control unit, decrypts the received second key with the first key, and transmits the decrypted second key to the second key. Store as the first key (for example, see the process of registering this information in the communication control IC 23 in step E9),
The first control unit and the second control unit perform cryptographic communication using the newly stored first key (for example, see the process of performing cryptographic communication using the authentication key in step E15). ).

  According to the above configuration, the second key is distributed from the second management device to the first control unit and the second control unit, and the first key information and the second key information are verified by collating the key information. Since the distributed second key is stored in the first control unit and the second control unit, the key used for encryption communication is automatically and easily updated. Since the second key passes through the first management apparatus in an encrypted state, there is little risk of leakage of the second key. Thus, according to the above gaming system, even if a key used for cryptographic communication leaks, a new key can be distributed by simple and secure processing.

(Other 6)
In the embodiment, the gaming system (management system 1) is configured as described above.
A second gaming device (for example, a pachinko machine) equipped with a first gaming device (for example, card unit 20) and an integrated circuit (for example, payout control chip 11) that can communicate with the first gaming device. 10), a first management device that can communicate with the first gaming device (for example, the host server 510), and a second management device that can communicate with the first management device (for example, the key management center). Server 310), and a gaming system comprising:
The first gaming device receives the integrated circuit identification information (eg, chip ID) stored in the integrated circuit from the integrated circuit (for example, receives the registration information transmitted in step E21). And a first transmission unit that transmits the identification information acquired by the acquisition unit to the first management device (for example, refer to a process of transmitting registration information in step E23),
The first management device transmits second identification information transmitted from the first transmission device to the second management device (see, for example, processing for transmitting registration information in step E24). With
The second management device collates the storage means for storing the identification information of the integrated circuit in advance, the identification information stored in the storage means and the identification information transmitted from the second transmission means. If the identification means identifies the integrated circuit in which both identification information is the same in the collation means (for example, refer to the processing for collating the registered information in step E24.5) and the collation by the collation means, the integrated information in which both identification information is the same A third transmission means for transmitting a collation result (collation result of collation OK) indicating the identification to the first management apparatus (for example, see the process of transmitting the collation result to the upper server 510 in step E25); With
When the first management device receives the collation result transmitted by the third transmission unit, the first management device notifies the first gaming device of the collation result (for example, the collation result in step E26). (See the process of transmitting to the main control unit 21),
The first gaming device performs a first predetermined process (for example, refer to a process of transmitting a session key request in step E27) when the verification result is notified from the notification unit of the first management apparatus. Further comprising processing means,
The notification means of the first management apparatus, when it cannot receive the collation result (for example, see the case of receiving an unregistered notification in step K9), a predetermined notification (for example, refer to the NG operation permission notification in step K10) ) To the first gaming device,
The processing means of the first gaming device is based on a predetermined condition (for example, refer to NG operation permission in step K11) when the predetermined notification is notified from the notification means of the first management device. Then, the first predetermined process is performed.

  According to the above configuration, the first gaming device is configured so that the predetermined result can be obtained even when the verification result (result indicating that both identification information identifies the same integrated circuit in the verification) cannot be obtained. When the first notification is notified, the first predetermined process can be performed under a predetermined condition, so that the verification result that the verified identification information identifies the same integrated circuit cannot be obtained. Even so, the gaming device is not unnecessarily disabled, and appropriate processing is performed in the gaming device.

In the above embodiment, the gaming device (card unit 20) is configured as described above.
A gaming device capable of communicating with an integrated circuit (for example, the payout control chip 11) mounted on another gaming device (for example, the pachinko machine 10),
Acquisition means for acquiring identification information (for example, chip ID) of the integrated circuit stored in the integrated circuit from the integrated circuit (for example, see the process for acquiring the registration information transmitted in step E21);
In order to cause the management apparatus to collate the identification information of the integrated circuit stored in advance by an external management apparatus (for example, the key management center server 310) with the identification information acquired by the acquisition means, the acquisition means Transmitting means for transmitting the acquired identification information to the outside (see, for example, processing for transmitting registration information in steps E22 and E23);
Receiving means for receiving from the outside a collation result (collation result of collation OK) indicating that the collated both identification information identifies the same integrated circuit, or a predetermined notification (NG operation permission) indicating other results (For example, refer to the process of acquiring the collation result transmitted in step E26).
When the receiving means receives the collation result, a first predetermined process (for example, refer to the process of transmitting a session key request in step E27) is performed, and when the receiving means receives the predetermined notification, a predetermined condition (for example, Processing means for performing the first predetermined processing under NG operation permission in step K11),
Is provided.

  According to the above configuration, the gaming device may receive the predetermined notification even when the verification result (result indicating that both identification information identifies the same integrated circuit in the verification) cannot be obtained. When notified, the first predetermined processing can be performed under a predetermined condition, so that the collation result indicating that the collated identification information identifies the same integrated circuit cannot be obtained. However, the gaming device is not unnecessarily disabled, and appropriate processing is performed in the gaming device.

Moreover, in the said embodiment, in the said game system by said structure,
The processing means monitors the current state from the execution of the first processing to the current state when the predetermined notification is notified, and second when the monitored result satisfies a predetermined condition (For example, the subsequent processing is canceled).

  According to such a configuration, for example, when a state where the determination is not performed continues, as the second process, the subsequent process is stopped, a notification process that the state is continued, or the like Therefore, security against replacement of the integrated circuit can be ensured.

(Modification)
The present invention (and the configuration described elsewhere) is not limited to the embodiment described above, and various modifications and applications are possible. The modification is illustrated below. The following modifications are applied individually or in combination.

(Modification 1)
In the above-described embodiment, the case where the integrated circuit mounted on the pachinko machine 10 and the card unit 20 which are gaming devices installed in the game hall is authenticated by the management system has been described. However, the present invention is not necessarily limited thereto. . For example, the game hall 500 is not limited to a pachinko parlor, but may be a casino, a game center, or the like. Further, the gaming apparatus is not limited to the pachinko machine 10 but may be any gaming apparatus equipped with one or more integrated circuits such as a slot machine, a game machine, or peripheral devices thereof.

  The slot machine is, for example, after a predetermined number of bets are set for one game on a predetermined game medium, and then the player operates the start lever to start variable display of identification information by the variable display device. When the player operates a stop button provided corresponding to each variable display device, the variable display of identification information is stopped within a predetermined maximum delay time from the operation timing, and all variable displays are performed. When a winning occurs according to the display result derived and displayed when the variable display of the device is stopped, a predetermined game medium predetermined according to the winning is paid out, and a specific winning occurs, a predetermined game state is determined. This is a gaming machine configured to give a player a game value.

  The slot machine is arranged at a predetermined position for each model or the like on the game island in the pachinko parlor (game room 500). Similarly to the pachinko machine 10, the slot machine also includes a payout control chip (chip that performs a process of paying out game media and the like) and a main control chip (a chip that controls the variable display device, controls the effects of the game state, etc.). There is a case to prepare. In this case, the present invention can be applied as in the above embodiment.

(Modification 2)
In the above embodiment, an example in which each of the main control chip 13 and the payout control chip 11 is configured as a package has been described. However, the main control chip 13 and the payout control chip 11 are formed into one package. Also good. In this case, for example, the IC writer 210 writes information common to the main control chip 13 and the payout control chip 11. That is, the chip ID, the manufacturer code, and the model code of the main control chip 13 and the payout control chip 11 are common. Therefore, the integrated circuit can be managed more easily than when an ID or the like is assigned to each chip. Thus, the integrated circuit is a set of integrated circuits (here, the main control chip 13 and the payout control chip 11), and the device information output from the second output device is used as identification information as a gaming device. It is also possible to include identification information of a set of integrated circuits determined at the manufacturing stage of the pachinko machine (here, the pachinko machine 10) and mounted on the gaming device.

(Modification 3)
The main control unit 21 may also be packaged and manufactured by the chip manufacturer 100. In this case, for example, the main control unit 21 may be shipped from the chip manufacturer 100 and predetermined information may be written by the IC writer 600.

(Modification 4)
Also, the security center server 410 may be used in the management of the communication control IC 23. In this case, for example, the second authentication information or the like is registered in the security center server 410 instead of the key management center server 310, and the registered information is the shipping information supplied from the IC writer 610 in the security center server 410. Matched. If the verification is OK, the security center server 410 transmits the shipping information to the key management center server 310 and registers it.

(Modification 5)
Further, the security center server 410 may not be used in the management of the main control chip 13 and the payout control chip 11. In this case, for example, authentication information or the like is registered in the key management center server 310, and the registered information is collated with shipping information supplied from the IC writer 210 in the key management center server 310. And the key management center server 310 memorize | stores the shipping information as registration information, when collation is OK.

(Modification 6)
In the above embodiment, a case has been described in which communication is performed between the key management center server 310 and the IC writer 610 in the manufacturing stage, and IC writer information verification and communication control serial ID verification are performed, but this is an example. is there. The key management center server 310 encrypts the IC writer information stored in the auxiliary storage unit 316 with the delivery key and outputs it to a removable medium such as an SD card. The IC writer 610 stores the IC writer stored in the removable medium. The IC writer information may be verified by reading the writer information.

(Modification 7)
Further, the IC writer 610 outputs the shipping information stored in the auxiliary storage unit 606 to a removable medium such as an SD card, and the key management center server 310 reads the shipping information stored in the removable medium. The communication control serial ID may be verified.

  According to the configurations of the modification examples 6 and 7, even when the key management center server 310 is in an off-line state, it is possible to collate IC writer information and collate shipping information.

(Modification 8)
Further, in the above-described embodiment, an example in which the chip maker computer 110 writes information to each integrated circuit in the manufacturing stage is shown, but this is an example. A method of writing information to each integrated circuit is arbitrary, and for example, the information may be written in a manufacturing process in which the integrated circuit is manufactured.

(Modification 9)
In the above-described embodiment, an example of determining replacement of an integrated circuit has been described. However, when it is determined that replacement has been performed (in the case of collation NG), the main control unit 21 of the card unit 20 The operation of the pachinko machine 10 may be stopped by controlling the main control chip 13 and the payout control chip 11 of the pachinko machine 10 via the communication control IC 23. That is, in the present invention, a predetermined process may be performed according to the collation result.

(Modification 10)
In the above-described embodiment, the case where the integrated circuit mounted on the pachinko machine 10 is verified by the security center server 410 and the integrated circuit mounted on the card unit 20 is verified by the key management center server 310 in the manufacturing stage. However, this is an example. For example, the integrated circuit mounted on the pachinko machine 10 may be verified by the key management center server 310, and the integrated circuit mounted on the card unit 20 may be verified by the security center server 410. The integrated circuit mounted in each of the pachinko machine 10 and the card unit 20 may be verified by one authentication center having the respective functions in the management center server 310.

(Modification 11)
Moreover, you may perform encryption communication suitably also in the communication between components which is not referred to above in encryption communication. For example, a key for encryption communication may be set in the communication control IC 23 and the payout control chip 11 (stored in the storage unit), and encryption communication may be performed using this key during communication. When performing encrypted communication, a key is set for both parties performing the communication.

(Modification 12)
In the above embodiment, the encryption communication is performed using the common key. However, the encryption communication may be communication using a public key and a secret key. In this case, a public key and a secret key are set as appropriate between components that perform encrypted communication. Other encryption methods are arbitrary, and encryption is performed by various methods.

(Modification 13)
The program stored in the storage unit of each device constituting the management system 1 may be downloaded via the network N.

(Modification 14)
Note that at least a part of the control unit and the processing unit of each device configuring the management system 1 may be configured by a dedicated circuit for performing at least a part of the above-described processing.

(Modification 15)
Moreover, although the example which distinguishes and uses this authentication key and a temporary authentication key was shown in the said embodiment, this is an example. The authentication key and the temporary authentication key do not need to be particularly distinguished, and may be a common key. In addition, for example, information common to both the unit serial ID, communication control serial ID, writer ID, writer code, manufacturer code, etc. included in this information and temporary information is appropriately included in both this information and temporary information. It may be set in common. That is, the information common to the both may be appropriately stored in a predetermined storage area as the main information and temporary information. In particular, for example, information (main information) stored in the first storage area and information stored in the second storage area (main information or temporary information) of the storage unit 21b or the storage unit 23b in the above embodiment. The common information included in and may be stored in a storage area different from the first storage area and the second storage area.

(Modification 16)
Note that the key management center server 310 and the security center server 410 may total the types of gaming devices installed in each gaming hall 500 and the number of devices corresponding thereto.

(Modification 17)
The unit serial ID may be generated by a predetermined calculation based on a unit serial number (a number that uniquely identifies the card unit 20 or the main control unit 21) stored in advance in the writing tool 620. Further, the unit serial ID and the unit serial number may be properly used. For example, the unit serial ID and the unit serial number are associated with each other, and these pieces of information are transmitted and received as a pair of information or stored in the storage unit. Further, the unit serial number is stored in the storage unit of each device in association with the main information and the temporary information including the corresponding unit serial ID. For example, the unit serial number is appropriately used for verification or the like instead of the unit serial ID.

  For example, the main control unit 21 stores the unit serial number in association with the temporary information in the storage unit 21b, and the auxiliary storage unit 316 of the key management center server 310 associates the unit serial number with the temporary information. Stored. For example, in step E3, the processing unit 21a transmits the unit serial number stored in the storage unit 21b to the upper server 510 together with the authentication key request. Subsequently, in step E3.5, the control unit 511 of the upper server 510 determines whether or not the unit serial number having the same content as the unit serial number is stored in the auxiliary storage unit 516 of the upper server 510.

  In step E4, the control unit 511 stores the unit serial number transmitted from the main control unit 21 in the auxiliary storage unit 516, and the unit serial number and the authentication request transmitted from the main control unit 21. Is transmitted to the key management center server 310. In step E4.5, the control unit 311 of the key management center server 310 searches the auxiliary storage unit 316 for temporary information corresponding to the same unit serial number as the unit serial ID received from the host server 510.

  Then, in step E4.6, the control unit 311 may be a temporary authentication key (writer ID or the like) having the same content as the temporary authentication key (may be a writer ID or the like) included in the searched temporary information. IC writer information including ..) is specified, and this information corresponding to this temporary information is stored in the auxiliary storage unit 316 as in the above embodiment. The control unit 311 of the key management center server 310 transmits this information to the upper server 510 in step E5. When transmitting the information, the control unit 311 encrypts each information of the information with the temporary authentication key included in the temporary information searched in step E4.5 and transmits the information together with the unit serial number.

  In step E6, the control unit 311 of the key management center server 310 stores the main information transmitted from the upper server 510 in the auxiliary storage unit 316 in association with the unit serial number, and stores the main information in the main storage unit 316. It transmits to the control part 21. The information stored in the auxiliary storage unit 316 is maintained in an encrypted state.

  Then, in step E7, the processing unit 21a of the main control unit 21 decrypts each information of this information with the temporary authentication key stored in the storage unit 21b, and the main information including the decrypted information and the storage unit 21b. Is collated with temporary information stored in.

  Further, for example, in step G3, the processing unit 21a transmits the unit serial number stored in the storage unit 21b to the upper server 510 together with an authentication key request that is information for requesting transmission of the information described later.

  Then, in step G3.5, the control unit 511 of the upper server 510 determines whether the same unit serial number as the unit serial number is stored in the auxiliary storage unit 516 of the upper server 510.

  When the control unit 511 of the upper server 510 determines that the unit serial ID is stored, the control unit 511 distributes the information corresponding to the unit serial ID to the processing unit 21a of the main control unit 21 in step G4. .

  As described above, by using the unit serial number, the unit serial ID of this information can be encrypted, so that security is improved.

(Modification 18)
In the above-described embodiment, an example in which various processes are executed when power is turned on is shown, but this is an example. For example, various processes may be repeatedly executed in response to the elapse of a predetermined time by an internal timer (not shown).

(Modification 19)
The writer operation setting may be applied to the IC writer 210. In this case, the IC writer 210 operates in the same manner as the IC writer 610. For example, when the IC writer 210 and the security center server 410 cannot communicate, information is written to the main control chip 13 and the payout control chip 11 or not depending on the writer operation setting. If the IC writer 210 and the security center server 410 cannot communicate with each other, the IC writer 210 stores the shipping information in the auxiliary storage unit 207 until communication is possible, and collectively when the communication becomes possible. It transmits to the security center server 410.

(Modification 20)
The NG operation permission setting may be set separately for the verification of the information (main information) of the card unit 20 and the verification of the information (registered information) of the pachinko machine 10. In this case, the storage unit 21b and the auxiliary storage unit 516 store the NG operation permission setting for the card unit 20 and the NG operation permission setting for the pachinko machine 10, and the processing unit 21a and the control unit 511 perform processing. The NG operation permission setting that is predetermined according to the content is referred to. For example, after step J6, when the control unit 511 of the upper server 510 receives an unregistered notification from the key management center server 310, the control unit 511 acquires the NG operation permission setting for the card unit 20 stored in advance in the auxiliary storage unit 316. To do. In addition, after step K10, when receiving the unregistered notification from the key management center server 310, the control unit 511 of the upper server 510 acquires the NG operation permission setting of the pachinko machine 10 stored in advance in the auxiliary storage unit 316. .

(Modification 21)
In the above, when the collation is NG or when a predetermined condition is not satisfied in the NG operation permission, a notification to that effect is given. For example, the processing unit 21a of the main control unit 21 or the like is notified by the communication control IC 23. Alternatively, the main control chip 13 and the payout control chip 11 of the pachinko machine 10 may be controlled via the CPU to stop the operation of these chips. For example, the processing unit 21a or the like of the main control unit 21 may disable the communication control IC 23.

(Modification 22)
Further, since the key management center server 310 and the security center server 410 store information (temporary information, shipping information, and registration information) related to the card unit 20 and the pachinko machine 10, the control unit 311 and the security center of the key management center server 310 are stored. The control unit 411 of the server 410 may manage the shipping status by taking statistics on the shipping status of the card unit 20 or the pachinko machine 10 using these pieces of information. In particular, depending on the type code and game hall information included in the registration information, and the number of registration information including the same type code and game hall information, which pachinko machine 10 is in which game hall 500 and how much It can be ascertained whether it is shipped and installed.

DESCRIPTION OF SYMBOLS 1 Management system 10 Pachinko machine 11 Discharge control chip 11a Processing part 11b Storage part 11c Communication part 13 Main control chip 13a Processing part 13b Storage part 13c Communication part 20 Card unit 21 Main control part 21a Processing part 21b Storage part 21c Communication part 23 Communication Control IC
23a processing unit 23b storage unit 23c communication unit 100 chip maker 110 chip maker computer 111 control unit 112 storage unit 113 input / output unit 114 system bus 115 main storage unit 116 auxiliary storage unit 200 game machine manufacturer 205 main storage unit 207 auxiliary storage unit 210 IC writer 211 control unit 212 storage unit 213 input / output unit 214 system bus 215 write / read unit 220 game machine manufacturer computer 221 control unit 222 storage unit 223 input / output unit 224 system bus 225 main storage unit 226 auxiliary storage unit 300 key management center 310 key Management center server 311 Control unit 312 Storage unit 313 Input / output unit 314 System bus 315 Main storage unit 316 Auxiliary storage unit 400 Security center 410 Security center server 411 Control unit 412 Storage unit 413 I / O unit 414 System bus 415 Main storage unit 416 Auxiliary storage unit 500 Amusement hall 510 Upper server 511 Control unit 512 Storage unit 513 I / O unit 514 System bus 515 Main storage unit 516 Auxiliary storage unit 600 card unit maker 605 main storage unit 606 auxiliary storage unit 610 IC writer 611 control unit 612 storage unit 613 input / output unit 614 system bus 615 write reading unit 620 writing tool 621 control unit 622 storage unit 623 input / output unit 624 system bus 625 Main storage unit 626 Auxiliary storage unit

Claims (2)

A management system,
A gaming device installed in a game arcade equipped with an integrated circuit that stores its own identification information;
A first management device installed outside the game arcade for storing the identification information of the integrated circuit as verification information;
A second management device installed in the game arcade that stores permission information that allows the integrated circuit to perform a predetermined process by being set in the integrated circuit;
With
The gaming device and the second management device are communicably connected in the game hall,
The management system includes collation means for collating the collation information stored in the first management device with the identification information stored in the integrated circuit,
The gaming apparatus acquires the permission information from the second management apparatus, and the acquisition means when the verification means determines that the verification information and the identification information identify the same integrated circuit Setting means for setting the permission information acquired in step 1 to the integrated circuit,
Management system characterized by that. A gaming device installed in a game arcade equipped with an integrated circuit storing its own identification information,
Storing the identification information of the integrated circuit as verification information, communicating with a first management device installed outside the game hall after the game hall is installed, and
It is possible to communicate with a second management device installed in the game hall that stores permission information that allows the integrated circuit to perform predetermined processing by being set in the integrated circuit after the game hall is installed. ,
A verification unit that communicates with the first management device to verify the verification information stored in the first management device and the identification information stored in the integrated circuit;
Obtaining means for obtaining the permission information from the second management device;
Setting means for setting the permission information acquired by the acquisition unit in the integrated circuit when the verification information and the identification information identify the same integrated circuit as a result of verification by the verification unit;
A gaming device comprising:

Images