JP7402189B2 - Secret delivery matching method, secret delivery matching device, and secret delivery matching program - Google Patents

Description

The present invention relates to a secret delivery matching method, a secret delivery matching device, and a secret delivery matching program for determining a delivery company to which a shipper requests an additional order.

As a technique for handling a matching service between shippers and delivery companies, Patent Document 1 below discloses a matching processing system for supporting many-to-many transactions. This matching processing system for supporting many-to-many transactions supports transactions between multiple service providers and multiple service purchasers, and discloses the terms and conditions of each other's transactions upon request from both clients. Conditions and non-disclosure conditions are registered separately in a database, the conditions related to transactions registered in this database are evaluated, candidates for both trading partners are extracted from the database based on the evaluation results, and negotiations are conducted from among the candidates. A matching processing server is provided that executes processing for determining a counterparty and supporting the conclusion of a transaction with the negotiating counterparty.

JP2001-283037A

The demand for matching services between shippers and delivery companies is increasing, and if matching services are expanded, the number of users of matching services will not increase if the platform that performs the matching does not have sensitive information about shippers and delivery companies. . Further, in Patent Document 1, data between a delivery company and a purchaser is kept secret, but data concealment from a platformer that performs matching is not taken into account.

An object of the present invention is to promote the use of delivery matching by users while suppressing leakage of user information.

A confidential delivery matching method, which is an aspect of the invention disclosed in this application, is a confidential delivery matching method in which a server determines a destination for an additional order from a shipper from among one or more delivery companies, and is capable of communicating with the server. The shipper terminal of the shipper encrypts the position information indicating the first loading point and the position information indicating the first unloading point included in the additional order using homomorphic encryption using a common key, thereby encrypting the additional order. The delivery company's delivery company terminal, which is capable of communicating with the server, generates and sends it to the server, and the delivery company's delivery company terminal, which is capable of communicating with the server, generating an encrypted delivery route by encrypting positional information indicating the second loading point and positional information indicating the second unloading point on the delivery route with homomorphic encryption using the common key; and when the server transmits the partial route via the first loading point and the first unloading point while remaining encrypted based on the encrypted additional order and the encrypted delivery route. An encryption index value regarding the delivery efficiency of the cargo of the additional order is calculated and transmitted to two or more terminals among the shipper terminal and the delivery company terminal, and the two or more terminals each calculate the encryption index value on the partial route. decrypt the encrypted index value, select a specific index value from the index values in the partial route, and encrypt it with homomorphic encryption using the common key to generate a specific encrypted index value and send it to the server. and the server determines whether or not the specific encryption index values from the two or more terminals match each other in the encrypted state, thereby specifying the request destination for the additional order. The method is characterized in that the delivery company is determined and the delivery company terminal of the specific delivery company is notified.

According to a typical embodiment of the present invention, it is possible to promote the use of delivery matching by users while suppressing leakage of user information. Problems, configurations, and effects other than those described above will become clear from the description of the following examples.

FIG. 1 is an explanatory diagram showing an example of a system configuration of a secure delivery matching system according to a first embodiment. FIG. 2 is a block diagram showing an example of the hardware configuration of a computer. FIG. 3 is an explanatory diagram showing an example of a vendor master. FIG. 4 is an explanatory diagram showing an example of point information. FIG. 5 is an explanatory diagram showing an example of a delivery route. FIG. 6 is a sequence diagram showing an example of a secure delivery sequence in the secure delivery system according to the first embodiment. FIG. 7 is an explanatory diagram showing an example of homomorphic encryption of additional order information. FIG. 8 is an explanatory diagram showing an example of homomorphic encryption of the delivery route R1. FIG. 9 is an explanatory diagram showing an example of homomorphic encryption of the delivery route R2. FIG. 10 is an explanatory diagram showing an example of homomorphic encryption of the delivery route R3. FIG. 11 is an explanatory diagram showing an example of homomorphic encryption of the delivery route R4. FIG. 12 is an explanatory diagram showing an example of calculating the encryption additional distance. FIG. 13 is an explanatory diagram showing an example of an encrypted additional distance table according to the first embodiment. FIG. 14 is an explanatory diagram showing an example of the encrypted total additional distance according to the first embodiment. FIG. 15 is an explanatory diagram illustrating an example of decoding the encrypted total additional distance and selecting the minimum distance in step S611. FIG. 16 is an explanatory diagram showing a match example in encryption match verification. FIG. 17 is an explanatory diagram showing an example of a mismatch in encryption match verification. FIG. 18 is an explanatory diagram showing an example of the encrypted total addition distance after deletion of minority entries. FIG. 19 is a sequence diagram showing an example of a secure delivery sequence in the secure delivery system according to the second embodiment. FIG. 20 is an explanatory diagram showing an example of homomorphic encryption of the delivery route R1. FIG. 21 is an explanatory diagram showing an example of calculating an encrypted mileage. FIG. 22 is an explanatory diagram showing an example of an encrypted additional distance table according to the second embodiment. FIG. 23 is an explanatory diagram showing an example of the encrypted total additional distance according to the second embodiment. FIG. 24 is an explanatory diagram showing an example of total additional distance. FIG. 25 is an explanatory diagram showing an example of optimum distance selection.

<System configuration example>
FIG. 1 is an explanatory diagram showing an example of a system configuration of a secure delivery matching system according to a first embodiment. The confidential delivery matching system 100 includes a matching server 101, delivery company terminals Td1 to Tdn of delivery companies D1 to Dn (n is an integer of 2 or more), and shipper terminals Ts1 of shippers S1 to Sm (m is an integer of 1 or more). ~Tsm. The matching server 101 is communicably connected to the delivery agent terminals Td1 to Tdn and the shipper terminals Ts1 to Tsm via a network 103 such as the Internet, a LAN (Local Area Network), or a WAN (Wide Area Network). The matching server 101 has a vendor master 111. The vendor master 111 is a table for managing delivery companies D1 to Dn and shippers S1 to Sm.

Furthermore, the map server 102 is an external server that manages map information 120, and is communicably connected to the matching server 101, delivery company terminals Td1 to Tdn, and shipper terminals Ts1 to Tsm via a network 103. The map information 120 is information including the address, latitude and longitude of a point, and geographic data such as topography, rivers, and roads.

Any delivery company among delivery companies D1 to Dn is Di (i is an integer satisfying 1≦i≦n), and any shipper among shippers S1 to Sm is Sj (j is 1≦j≦m). integer). The delivery agent terminal Tdi and the shipper terminal Tsj each have point information Tpi and Tqj. The point information Tpi, Tqj is information including the latitude and longitude of the point in the map information 120.

In addition to the delivery company terminal Tdi, the delivery company Di includes a user Udi who uses the delivery company terminal Tdi, and a truck Tti that delivers the cargo Csj. In addition to the shipper terminal Tsj, the shipper Sj includes a user Usj who uses the shipper terminal Tsj, and a cargo Csj.

<Example of hardware configuration of computer (matching server 101, map server 102, delivery company terminal Tdi, shipper terminal Tsj)>
FIG. 2 is a block diagram showing an example of the hardware configuration of a computer. The computer 200 includes a processor 201, a storage device 202, an input device 203, an output device 204, and a communication interface (communication IF) 205. The processor 201, storage device 202, input device 203, output device 204, and communication IF 205 are connected by a bus 206. Processor 201 controls computer 200 . Storage device 202 serves as a work area for processor 201 . Furthermore, the storage device 202 is a non-temporary or temporary recording medium that stores various programs and data. Examples of the storage device 202 include ROM (Read Only Memory), RAM (Random Access Memory), HDD (Hard Disk Drive), and flash memory. Input device 203 inputs data. Examples of the input device 203 include a keyboard, mouse, touch panel, numeric keypad, scanner, and microphone. Output device 204 outputs data. Examples of the output device 204 include a display, a printer, and a speaker. Communication IF 205 connects to network 103 and transmits and receives data.

<Vendor master 111>
FIG. 3 is an explanatory diagram showing an example of the vendor master 111. The vendor master 111 has a vendor ID 301, a longitude 302, a latitude 303, a communication address 304, a public key 305, and an NG count 306 as fields. "Trader" includes delivery company Di and shipper Sj. The trader ID 301 is identification information that uniquely identifies the delivery trader Di or the shipper Sj. The longitude 302 is a longitude that specifies the east-west position of the delivery company Di or the shipper Sj. The latitude 303 is a latitude that specifies the position of the delivery company Di or the shipper Sj in the north-south direction.

The communication address 304 is address information such as an IP address for communicating with the delivery company terminal Tdi or the shipper terminal Tsj via the network 103. The public key 305 is key data set at the delivery company terminal Tdi or the shipper terminal Tsj and passed to the matching server 101 from among a pair of encryption keys used in public key cryptography. The number of NGs 306 is the cumulative number of times that the delivery company terminal Tdi or the shipper terminal Tsj has not been matched with other companies.

<Point information Tpi, Tqj>
FIG. 4 is an explanatory diagram showing an example of point information Tpi, Tqj. The point information Tpi, Tqj includes a point ID 401, a longitude 402, and a latitude 403 as fields. The location ID 401 is identification information that uniquely identifies a location. In the case of the point information Tpi, the point specified by the point ID 401 is a loading point (collection destination, ie, shipper Sj) or an unloading point (delivery destination) where the delivery company Di collects the cargo Csj. In the case of the point information Tqj, the point specified by the point ID 401 is the delivery company Di or the unloading point (delivery destination) from which the delivery company Di requests collection of the cargo Csj. The longitude 402 is a longitude that specifies the east-west position of the point specified by the point ID 401. The latitude 403 is the latitude that specifies the position in the north-south direction of the point specified by the point ID 401.

In the following description, xP# indicates the longitude 402 of the point P# (# is a number), and yP# indicates the latitude 403 of the point P#. For example, xP1 is the longitude 402 of point P1, and yP1 is the latitude 403 of point P1.

<Delivery route>
FIG. 5 is an explanatory diagram showing an example of a delivery route. FIG. 5 shows delivery routes R1 to R4 created by delivery company terminals Td1 to Td4 of delivery companies D1 to D4. P1 to P20 indicated by black dots indicate points. Links L1 to L22 indicated by arrows between black dots indicate partial routes configuring delivery routes R1 to R4. Truck Tti moves in the direction of the arrow of links L1 to L22. White triangular points P21 and P22 and a link L23 between them indicate an additional order. The longitudes and latitudes of the points composing the delivery routes R1 to R4 are registered in the point information Tp1 to Tp4 of the delivery company terminals Td1 to Td4 from which the delivery routes R1 to R4 are created.

<Secret delivery sequence>
FIG. 6 is a sequence diagram showing an example of a secure delivery sequence in the secure delivery system according to the first embodiment. Note that the matching server 101 encrypts data using the public keys pdi and psj of the delivery company terminal Tdi and the shipper terminal Tsj, and transmits the encrypted data to the delivery company terminal Tdi and the shipper terminal Tsj. It is assumed that each shipper terminal Tsj encrypts data with a private key corresponding to each public key pdi, psj, and transmits the encrypted data to the matching server 101.

First, the shipper terminal Tsj transmits an additional order occurrence notification to the matching server 101 (step S601). Here, the additional order is an order in which the point P21 shown in FIG. 5 is the loading point of the cargo Csj of the shipper Sj, the point P22 is the unloading point of the cargo Csj, and the link L23 is the delivery route of the cargo Csj. A specific example is shown below.

When the matching server 101 receives the notification of the additional order, it selects delivery company candidates (step S602). Specifically, for example, the matching server 101 may select all delivery companies managed by the vendor master 111 as delivery company candidates for the additional order, or may select delivery companies in a specific region as delivery company candidates for the additional order. . A specific area is, for example, the same city, ward, town or village as the shipper Sj or the delivery destination (unloading point), the same prefecture as the shipper Sj or the delivery destination (unloading point), or the area centered around the shipper Sj or the delivery destination (unloading point). It may be an area specified by a circle within a predetermined distance. Here, delivery companies D1 to D4 are assumed to be delivery company candidates.

Further, when the shipper terminal Tsj sends a notification of the occurrence of an additional order to the matching server 101, it generates a common key CK (step S603), and sends the delivery company candidate (delivery company) selected in step S602 via the matching server 101. (Step S604). Thereafter, the shipper terminal Tsj encrypts the additional order using homomorphic encryption using the common key CK (step S605).

[Homomorphic encryption of additional order information]
FIG. 7 is an explanatory diagram showing an example of homomorphic encryption of additional order information. Additional order information 700 includes additional order 701 and consignor information 702. The additional order 701 includes the longitude 402 and latitude 403 of the loading point (point P21) and the longitude 402 and latitude 403 of the unloading point (point P22), but the name of the unloading point (point P22) (i.e., the destination (Name) and cargo Csj are not included. The consignor information 702 includes the vendor ID 301 of the consignor Sj. The shipper terminal Tsj executes homomorphic encryption of the additional order 701 using the common key CK, and generates an encrypted additional order E701. The encrypted additional order information 710 is information including an encrypted additional order E710 and consignor information 702.

Returning to FIG. 6, the shipper terminal Tsj transmits the encrypted additional order information 710 to the matching server 101 (step S606). Further, the delivery company terminals Td1 to Td4 that have received the common key CK from the matching server 101 execute homomorphic encryption of each delivery route R1 to R4 using the common key CK (step S607), and The information is transmitted to the matching server 101 (step S608). Here, the homomorphic encryption of the delivery routes R1 to R4 in step S607 will be explained. Note that the delivery routes R1 to R4 are created in advance at the delivery company terminals Td1 to Td4.

[Homomorphic encryption of delivery route]
FIG. 8 is an explanatory diagram showing an example of homomorphic encryption of the delivery route R1. Delivery route information 800 includes delivery route R1 and delivery company information 804. The delivery route R1 includes a link ID 801, a loading point 802, and an unloading point 803. The link ID 801 is identification information that uniquely identifies a link that is a partial route. Delivery route R1 is composed of five links L1 to L5 (value of link ID 801).

The loading point 802 and the unloading point 803 are positional information of the corresponding points P1 to P5, respectively, and the values of the loading point 802 and the unloading point 803 are, for example, the longitudes of the corresponding points P1 to P5. 402 and latitude 403. The delivery company information 804 includes the company ID 301 of the delivery company D1.

The delivery company terminal Td1 executes homomorphic encryption on the values of the loading point 802 and the unloading point 803 of the delivery route R1 using the common key CK, and generates an encrypted delivery route E(R1). The encrypted delivery route information 810 includes the encrypted delivery route E (R1) and the delivery company information 804 whose company ID is D1. The delivery company terminal Td1 transmits the encrypted delivery route information 810 to the matching server 101 (step S608).

FIG. 9 is an explanatory diagram showing an example of homomorphic encryption of the delivery route R2. Delivery route information 900 includes delivery route R2 and delivery company information 804. The delivery route R2 includes a link ID 801, a loading point 802, and an unloading point 803. Delivery route R2 is composed of five links L6 to L10 (value of link ID 801).

The loading point 802 and the unloading point 803 are positional information of the corresponding points P6 to P10, respectively, and the values of the loading point 802 and the unloading point 803 are, for example, the longitudes of the corresponding points P6 to P10. 402 and latitude 403. The delivery company information 804 includes the company ID 301 of the delivery company D2.

The delivery company terminal Td2 executes homomorphic encryption on the values of the loading point 802 and the unloading point 803 of the delivery route R2 using the common key CK, and generates an encrypted delivery route E(R2). The encrypted delivery route information 910 includes the encrypted delivery route E (R2) and the delivery company information 804 with the company ID D2. The delivery company terminal Td2 transmits the encrypted delivery route information 910 to the matching server 101 (step S608).

FIG. 10 is an explanatory diagram showing an example of homomorphic encryption of the delivery route R3. Delivery route information 1000 includes delivery route R3 and delivery company information 804. The delivery route R3 includes a link ID 801, a loading point 802, and an unloading point 803. Delivery route R3 is composed of seven links L11 to L17 (value of link ID 801).

The loading point 802 and the unloading point 803 are positional information of the corresponding points P6, P11 to P16, respectively, and the values of the loading point 802 and the unloading point 803 are, for example, the corresponding points P6, P11. ~P16 longitude 402 and latitude 403. The delivery company information 804 includes the company ID 301 of the delivery company D3.

The delivery company terminal Td3 executes homomorphic encryption on the values of the loading point 802 and the unloading point 803 of the delivery route R3 using the common key CK, and generates an encrypted delivery route E(R3). The encrypted delivery route information 1010 includes an encrypted delivery route E (R3) and delivery company information 804 whose company ID is D3. The delivery company terminal Td3 transmits the encrypted delivery route information 1010 to the matching server 101 (step S608).

FIG. 11 is an explanatory diagram showing an example of homomorphic encryption of the delivery route R4. Delivery route information 1100 includes delivery route R4 and delivery company information 804. The delivery route R4 includes a link ID 801, a loading point 802, and an unloading point 803.

Delivery route R4 is composed of five links L18 to L22 (value of link ID 801). The loading point 802 and the unloading point 803 are positional information of the corresponding points P14, P17 to P20, respectively, and the values of the loading point 802 and the unloading point 803 are, for example, the corresponding points P14, P17. ~P20 longitude 402 and latitude 403. The delivery company information 804 includes the company ID 301 of the delivery company D4.

The delivery company terminal Td4 executes homomorphic encryption on the values of the loading point 802 and the unloading point 803 of the delivery route R4 using the common key CK, and generates an encrypted delivery route E(R4). The encrypted delivery route information 1110 includes an encrypted delivery route E (R4) and delivery company information 804 whose company ID is D4. Delivery company terminal Td4 transmits encrypted delivery route information 1010 to matching server 101 (step S608).

Returning to FIG. 6, when the matching server 101 receives the encrypted delivery route information 810, 910, 1010, and 1110 from the delivery company terminals Td1 to Td4, it calculates the encrypted additional distance (step S609). Specifically, for example, the matching server 101 calculates the encrypted additional distances E{A(L1)} to E{A (L20)} is calculated.

[Encryption additional distance]
FIG. 12 is an explanatory diagram showing an example of calculating the encryption additional distance. FIG. 12 shows an example of calculating the encrypted additional distance E{A(L3)} for the delivery route R1. E(P1) to E(P5) indicate the longitude 402 and latitude 403 of the homomorphically encrypted points P1 to P5, which are obtained from the encrypted delivery route E(R1).

That is, referring to FIG. 8, E(P1) is a ciphertext obtained by homomorphically encrypting the longitude xP1 and latitude yP1 of the loading point 802 of the record with the value L1 of the link ID 801 of the delivery route R1. is, for example, (Grawogf, uhjryio) of the loading point 802 of the record with the value L1 of the link ID 801 of the encrypted delivery route E (R1). E(P2) to E(P5) are similarly specified.

Also, referring to FIG. 7, E(P21) is a ciphertext obtained by homomorphically encrypting the longitude 402 value xP21 and the latitude 403 value yP21 of the loading point record of the additional order 701. are, for example, the value "VNCUO" of the longitude 402 and the value "65f54w" of the latitude 403 of the loading point record of the encrypted additional order E701.

Similarly, E(P22) is a ciphertext obtained by homomorphically encrypting the longitude 402 value xP22 and the latitude 403 value yP22 of the unloading point record of the additional order 701. Specifically, for example, The value of the longitude 402 of the record of the unloading point of the additional order E701 is "Kiu@Z", and the value of the latitude 403 is "Uj7op". Hereinafter, such ciphertext will be referred to as encrypted longitude and encrypted latitude.

Then, the encryption additional distance E{A(L3)} is calculated by the following formula (1).

E{A(L3)}=E{d(L24)}+E{d(L23)}+E{d(L25)}
-E{d(L3)}...(1)

In the above formula (1), E{d(L24)} is the encrypted distance of the link L24, and the longitude of E(P3) x P3 is the encrypted longitude "njyfc" and the longitude of E(P21) is the encrypted longitude x P21. The sum of the square of the difference between the longitude "VNCUO" and the square of the difference between the encrypted latitude "ryio" of the latitude yP3 of E(P3) and the encrypted latitude "65f54w" of the latitude yP21 of E(P21). It is determined by the square root.

E{d(L23)} is the encrypted distance of link L23, and the longitude of E(P21) x the encrypted longitude of P21 "VNCUO" and the longitude of E(P22) x the encrypted longitude of P22 "Kiu@Z". and the square of the difference between the encrypted latitude "65f54w" of latitude yP21 of E(P21) and the encrypted latitude "Uj7op" of latitude yP22 of E(P22).

E{d(L25)} is the encrypted distance of link L25, and the longitude of E(P22) x the encrypted longitude of P22 "Kiu@Z" and the longitude of E(P4) x the encrypted longitude of P4 "xsdr". and the square of the difference between the encrypted latitude "Uj7op" of the latitude yP22 of E(P22) and the encrypted latitude "o6gc" of the latitude yP4 of E(P4).

E{d(L3)} is the encrypted distance of link L3, and is the difference between longitude of E(P3) x encrypted longitude of P3 "njyfc" and longitude of E(P4) x encrypted longitude of P4 "xsdr" and the square of the difference between the encrypted latitude "ryio" of the latitude yP3 of E(P3) and the encrypted latitude "o6gc" of the latitude yP4 of E(P4). E{A(L1)}, E{A(L2)}, E{A(L4)}, and E{A(L5)} are also obtained by similar processing. Then, the matching server 101 registers the calculated encrypted additional distance in the encrypted additional distance table.

[Encryption additional distance table]
FIG. 13 is an explanatory diagram showing an example of an encrypted additional distance table according to the first embodiment. The encrypted additional distance table 1300 has an additional distance ID 1301, an encrypted additional distance 1302, a vendor ID 301, and a link ID 801 as fields. The additional distance ID 1301 is identification information that uniquely identifies the encrypted additional distance 1302. The additional distance ID 1301 may be a consecutive number assigned in the order of links, or a value assigned using a random number. By using a random number, it becomes difficult for the delivery company Di to guess which additional distance is his own additional distance, so it is possible to reduce the possibility of fraud.

The encrypted additional distance 1302 is the additional distance of the encrypted state obtained from the homomorphic ciphertext as described in FIG. 12. For example, the value of the encrypted additional distance 1302 when the additional distance ID 1301 is "A(L3)" is E{A(L3)}=34vqwmeipo according to the above equation (1).

Returning to FIG. 6, the matching server 101 distributes the encrypted total additional distance to the shipper terminal Tsj and the delivery company terminals Td1 to Td4 of delivery company candidates (step S610).

[Encryption total additional distance]
FIG. 14 is an explanatory diagram showing an example of an encrypted total additional distance 1400 according to the first embodiment. The encrypted total additional distance 1400 is data obtained by deleting the columns of vendor ID 301 and link ID 801 from the encrypted additional distance table 1300. Note that since the terminal that is likely to commit fraud is the delivery company Di who wants to increase revenue with the additional order 701, the matching server 101 does not need to transmit the encrypted total additional distance to the shipper terminal Tsj.

Returning to FIG. 6, the shipper terminal Tsj and delivery company candidate terminals Td1 to Td4, which have received the encrypted total additional distance 1400 from the matching server 101, each decrypt the encrypted total additional distance 1400 using the common key CK. , selects the minimum distance from all the decoded additional distances (step S611). Then, the shipper terminal Tsj and the delivery company terminals Td1 to Td4 of delivery company candidates each encrypt the selected minimum distance using the common key CK (step S612), and transmit the encrypted selected distance information to the matching server 101 (step S613). ).

[Decryption of all encrypted additional distances and minimum distance selection]
FIG. 15 is an explanatory diagram illustrating an example of decoding the encrypted total additional distance and selecting the minimum distance in step S611. In FIG. 15, the explanation will be given using the delivery company terminal Td1 as an example, but the same applies to the delivery company terminals Td2 to Td4 and the shipper terminal Tsj.

The delivery company terminal Td1 decrypts the encrypted additional distance 1302 of the encrypted total additional distance 1400 into an additional distance 1502 using the common key CK. Then, the delivery company terminal Td1 selects the minimum distance from the additional distances 1502. In the example of FIG. 15, the additional distance ID 1301 is “A(L3)” and the value “0.05” of the additional distance 1502 is the minimum distance, so the delivery company terminal Td1 selects the additional distance ID 1301 as the selected additional distance 1501. The value "0.05" of the additional distance 1502 of "A(L3)" is selected. Then, the delivery company terminal Td1 encrypts the value "0.05" of the selected additional distance 1502 using the common key CK to generate an encrypted selected additional distance E1501.

The delivery company terminal Td1 transmits the encrypted selection distance information 1500 including the generated encrypted selection additional distance E1501 and the company information 1503 including the company ID: D1 of the delivery company terminal Td1 to the matching server 101 (step S613). For the delivery company terminals Td2 to Td4 and the shipper terminal Tsj, encrypted selection distance information 1500 including an encrypted selection additional distance E1501 and vendor information 1503 including each vendor ID is transmitted to the matching server 101 (step S613).

Returning to FIG. 6, when the matching server 101 receives the encrypted selection distance information 1500 from the shipper terminal Tsj and the delivery company candidate terminals Td1 to Td4, it executes encryption matching verification (step S614). Encryption matching verification (step S614) is a process of determining whether or not the plurality of encrypted selection additional distances E1501 included in the plurality of encrypted selection distance information 1500 match as ciphertexts.

[Encryption match verification]
FIG. 16 is an explanatory diagram showing a match example in encryption match verification. In order to distinguish between the plurality of encrypted selection distance information 1500 and the plurality of encrypted selection additional distances E1501, a vendor ID is added to the end of 1500 and E1501.

The matching server 101 extracts the encrypted selection additional distances E1501D1 to 1501D4, 1501Sj from the encrypted selection distance information 1500D1 to 1500D4, 1500Sj, determines whether they unanimously match, and extracts the encrypted additional distances from the encrypted additional distance table 1300. Identify matching entries. In the example of FIG. 16, the encrypted selection additional distances E1501D1 to 1501D4 and 1501Sj are unanimous, and all of them match the additional distance ID 1301 and the encrypted additional distance 1302 of the entry whose additional distance ID 1301 is "A(L3)". .

Since the matching server 101 verifies the match in the encrypted text, it is not known whether the encrypted additional distance "34vqwmeipo" of the encrypted additional distances E1501D1 to 1501D4 and 1501Sj is the minimum distance, but the encrypted additional distance E1501D1 Since 1501D4 and 1501Sj match, the additional encryption distance "34vqwmeipo" is determined to be the ciphertext with the minimum distance.

FIG. 17 is an explanatory diagram showing an example of a mismatch in encryption match verification. In the example of FIG. 17, the encrypted selection additional distances E1501D1, E1501D3, 1501D4, and 1501Sj match, and the additional distance ID 1301 and the encrypted additional distance 1302 of the entry whose additional distance ID 1301 is "A(L3)" are the encrypted additional distance table. 1300.

On the other hand, the encrypted additional distance E1501D2 does not match the encrypted additional distances E1501D1, E1501D3, 1501D4, and 1501Sj, and the additional distance ID value "A(L2)" and the encrypted additional distance value "C43wtjgioa" include. Therefore, the additional distance ID 1301 and encrypted additional distance 1302 of the entry whose additional distance ID 1301 is “A(L2)” are specified from the encrypted additional distance table 1300.

In this case, the confidential delivery matching system 100 repeats steps S610 to S613 until the encrypted selection additional distances E1501D1 to 1501D4 and 1501Sj are unanimous, as shown in FIG. Note that the matching server 101 increases the NG count 306 in the vendor master 111 by 1 for the vendor D2 corresponding to the encrypted selection additional distance E1501D2 that is a mismatch.

Furthermore, as shown in FIG. 17, if there is no unanimity, the matching server 101 may determine the minimum distance by majority vote. In the example of FIG. 17, the encryption additional distance "34vqwmeipo" is determined to be the minimum distance.

Further, as shown in FIG. 17, if there is no unanimity, the matching server 101 may delete the minority additional distance ID 1301 and the encrypted additional distance 1302 from the encrypted total additional distances 1400.

FIG. 18 is an explanatory diagram showing an example of the encrypted total addition distance after deletion of minority entries. In this case, the confidential delivery matching system 100 may repeat steps S610 to S613 for the encrypted total additional distance 1800 after deletion. In the example of FIG. 17, as shown in FIG. 18, "A(L2)" of the additional distance ID 1301 and "C43wtjgioa" of the encrypted additional distance 1302 are deleted from the encrypted total additional distance 1400, and the encrypted total additional distance 1400 is deleted. The distance will be 1800.

Further, as shown in FIG. 17, if there is no unanimity, the confidential delivery matching system 100 repeats steps S610 to S613, excluding the terminals that have transmitted the minority additional distance ID 1301 and the encrypted additional distance 1302. Good too. In the example of FIG. 17, the encrypted total additional distance 1400 is not sent to the delivery company terminal Td2 that sent the encrypted selected additional distance E1501D2, and steps S610 to S613 are repeated.

Further, if steps S610 to S613 are repeated a predetermined number of times and there is still no unanimity, the matching server 101 may determine the minimum distance by majority vote.

Furthermore, for a trader whose number of NGs 306 is equal to or greater than the threshold, the matching server 101 may delete the additional distance ID 1301 and the encrypted additional distance 1302 of the trader from the encrypted total additional distances 1400. Furthermore, the matching server 101 may not transmit the encrypted total additional distance to the delivery company terminal Tdi of the company whose NG count 306 is equal to or greater than the threshold value. This makes it possible to exclude delivery companies that have committed fraudulent acts.

Further, for example, if there is no unanimity, the matching server 101 may delete the additional distance ID 1301 and the encrypted additional distance 1302 of the group that does not include the shipper Sj from the encrypted total additional distance 1400. This is because it is unlikely that the shipper Sj will commit fraud when selecting a delivery company.

After that, if the ciphertext with the minimum distance is determined by the encryption matching verification (step S614), the matching server 101 sends the message to the delivery company terminal Tdi of the delivery company Di specified by the company ID 301 of the encryption additional distance table 1300. A result notification is sent (step S615). In the examples of FIGS. 6 and 16, the matching server 101 transmits a result notification to the delivery company terminal Td1.

The result notification is a notification requesting a delivery request from the delivery company D1 to which the result notification is sent. Specifically, for example, the result notification might say something like, ``We have asked you to place an additional order.Are you sure?'' ”, an additional order 701, and the determined additional distance ID 1301. The delivery company terminal Td1 identifies the target point and link of the additional order 701 from the determined additional distance ID 1301. In this example, since the additional distance ID 1301 is "A(L3)", link L3 and points P3 and P4 at both ends thereof are specified.

The delivery company terminal Td1 corrects the link L3 in the delivery route R1 to points P3 and P4 and links L24, L23, and L25 that pass through the points P23 and P24 included in the additional order 701, and adds the above character string and the corrected Delivery route R1 is displayed. This allows the user Ud1 to confirm the route change due to the additional order.

The delivery company terminal Td1 selects whether to accept or reject the delivery request for the additional order with the additional distance ID 1301 through the operation of the user Ud1, and returns a response including the selection result to the matching server (step S616).

Based on the response from the delivery company terminal Td1, the matching server 101 determines whether the delivery company D1 has accepted or rejected the delivery request for the additional order with the additional distance ID 1301 (step S617). If the delivery company D1 rejects the delivery request for the additional order, the matching server 101 deletes the entry of the additional distance ID 1301 determined in the encrypted match verification (step S614) from the encrypted total additional distances 1400, and The encrypted total additional distance 1400 is retransmitted (step S610). Thereby, the confidential delivery matching system 100 repeats steps S610 to S613. Therefore, it is possible to stop transmitting the result notification regarding the additional distance ID 1301 determined in the encryption matching verification (step S614) to the delivery company terminal Td1.

Furthermore, the delivery company terminal Td1 may reject the delivery request for the additional order itself through the operation of the user Ud1. In this case, the delivery company terminal Td1 returns a response including the selection result to the matching server (step S616). The matching server 101 refers to the encrypted additional distance table 1300 and identifies an additional distance ID 1301 whose vendor ID 301 is the delivery company D1 that rejected the delivery request for the additional order itself.

Then, the matching server 101 deletes the entry of the specified additional distance ID 1301 (A(L1) to A(L5)) from the encrypted total additional distance 1400, and resends the encrypted total additional distance 1400 after the deletion. (Step S610) The confidential delivery matching system 100 repeats steps S610 to S613. Thereby, it is possible to stop sending the result notification to the delivery company terminal Td1.

Further, when the delivery company D1 accepts the delivery request for the additional order, the matching server 101 transmits a delivery company determination notification to the shipper terminal Tsj (step S618). The delivery company determination notification includes, for example, the company ID 301, longitude 302, latitude 303, communication address 304, and public key 305 of the delivery company D1 that accepted the delivery request for the additional order. Therefore, from now on, using the existing technology, the shipper Sj and the delivery company D1 will communicate with each other between the shipper terminal Tsj and the delivery company terminal Td1 using public key cryptography to set a delivery plan for the additional order.

As described above, according to the first embodiment, the matching server 101 calculates the additional distance of each link with the ciphertext intact, and calculates the minimum distance with the ciphertext from the encryption selection distance from the delivery company terminal Tdi and the shipper terminal Tsj. Verify the match. Therefore, the shipper Sj and the delivery company Di can use the matching server 101 while keeping the delivery destination, delivery route, and additional order 701 secret in the matching server 101. Therefore, it is possible to promote the use of delivery matching by users while suppressing the leakage of user information such as addresses (for example, customers of delivery company Di) of departure and arrival points (loading and unloading points).

Example 2 will be explained. In the first embodiment, the matching server 101 allocates an additional order using the minimum additional distance as an index, but in the second embodiment, in the first embodiment, the matching server 101 further assigns an additional order using other indexes. assign. Specifically, for example, in the second embodiment, the matching server 101 allocates additional orders using the additional distance and actual vehicle rate as indicators in addition to the additional distance. The actual vehicle rate is the ratio of the distance traveled with the truck Tti actually loaded with the cargo Csj among the distance traveled by the truck Tti (see formula (2) below). The higher the actual vehicle rate, the better the transportation efficiency, which decreases as the distance traveled without loading cargo Csj (empty vehicle distance) increases.

Actual vehicle rate = distance traveled with cargo loaded/mileage...(2)

Note that in the second embodiment, in order to mainly explain the differences from the first embodiment, the same components as those in the first embodiment are given the same reference numerals, and the explanation thereof will be omitted.

<Secret delivery sequence>
FIG. 19 is a sequence diagram showing an example of a secure delivery sequence in the secure delivery system according to the second embodiment. The differences from FIG. 6 are delivery route encryption (step S1907), encrypted additional distance & encrypted mileage calculation (step S1909), decryption & actual vehicle rate calculation (step S1911), and optimal distance selection & encryption (step S1912). ), transmission of encryption selection information (step S1913), and encryption matching verification (step S1914).

In FIG. 19, the delivery agent terminals Td1 to Td4 that have received the common key CK from the matching server 101 execute homomorphic encryption of each delivery route R1 to R4 using the common key CK (step S1907), and The delivery route information is transmitted to the matching server 101 (step S608).
[Homomorphic encryption of delivery route]
FIG. 20 is an explanatory diagram showing an example of homomorphic encryption of the delivery route R1. The delivery route R1 includes a link ID 801, a loading point 802, an unloading point 803, and a loading status 2000. Loading presence/absence 2000 is information indicating whether cargo Csj is loaded in the link specified by link ID 801. If the cargo Csj is loaded, it will be marked "〇", and if it is not loaded, it will be marked "×".

Then, the delivery company terminal Td1 transmits the encrypted delivery route information 810 including the loading status 2000 to the matching server 101 (step S1908). Although not shown, similarly to FIG. 20, the delivery routes R2 to R4 shown in FIGS. 9 to 11 also include loading status 2000.

Returning to FIG. 19, the matching server 101 receives encrypted additional order information 710 from the shipper terminal Tsj, and encrypted delivery route information 810, 910, 1010, 1110 including loading status 2000 from delivery company terminals Td1 to Td4. When received, the encrypted additional distance 1302 and the encrypted travel distance are calculated for each link using the encrypted text (step S1909). The encryption additional distance 1302 is calculated in the same manner as in the first embodiment.

[Calculation of encrypted mileage]
FIG. 21 is an explanatory diagram showing an example of calculating an encrypted mileage. FIG. 21 shows an example of calculation of the encrypted loaded mileage and the encrypted unloaded mileage on the delivery route R1 when an additional order is applied to the link L3. In the delivery route R1 in which the additional order is applied to the link L3, the links whose loading status 2000 is "0" indicating loaded are links L2 and L4. The link L23 from the loading point (point P21) to the unloading point (point P22) of the encrypted additional order E710 becomes "O" unconditionally indicating that the order is loaded.

Also, the links that are marked as "x" with no loading in the loading status 2000 are links L1, L3, and L5. Since the link L3 is "x" with no loading, the link L24 from point P to the loading point (point P21) of the encrypted additional order E710 is unconditionally "x" with no loading. Similarly, at the unloading point (point P22) of the encrypted additional order E710, the cargo Csj of the additional order is unloaded, so the link 25 from the unloading point (point P22) to the point P4 is also unconditionally marked as "No loading" "become.

When encrypted additional order E710 is applied to link L3 (additional distance ID 1301 is A(L3)), the encrypted loaded mileage E{MwL(L3)} is the encrypted distance of the link with loaded "〇". The encrypted mileage E{MoL(L3)} is the sum of the encrypted distances of the "x" links without a load (see formula (3) below).

E{MwL(L3)}=E{d(L2)}+E{d(L23)}+E{d(L4)}
...(3)
E{MoL(L3)}=E{d(L1)}+E{d(L24)}+E{d(L25)}
+E{d(L5)} ...(4)

The matching server 101 similarly calculates the encrypted loaded mileage and the encrypted unloaded mileage for the other links L1, L2, L4 to L20.

[Encryption additional distance table]
FIG. 22 is an explanatory diagram showing an example of an encrypted additional distance table according to the second embodiment. The encrypted additional distance table 2200 has, as fields, an additional distance ID 1301, an encrypted additional distance 1302, a vendor ID 301, and a link ID 801, as well as an encrypted mileage distance with loading 2203 and an encrypted mileage distance without loading 2204. . For example, the encrypted mileage 2203 with loading for which the additional distance ID 1301 is A(L3) is E{MwL(L3)}="Hbjr5ioh5e6", and the encrypted mileage 2204 without loading is E{MoL(L3)} = "H7eio".

Returning to FIG. 19, the matching server 101 distributes the encrypted total additional distance to the shipper terminal Tsj and the delivery company terminals Td1 to Td4 of delivery company candidates (step S1910).

[Encryption total additional distance]
FIG. 23 is an explanatory diagram showing an example of an encrypted total additional distance 2300 according to the second embodiment. The encrypted total additional distance 2300 is data obtained by deleting the columns of vendor ID 301 and link ID 801 from the encrypted additional distance table 2200.

Returning to FIG. 19, the shipper terminal Tsj and delivery company candidate terminals Td1 to Td4, which have received the encrypted total additional distance 2300 from the matching server 101, each encrypt the encrypted total additional distance 2300 using the common key CK. The additional distance 1302, encrypted mileage with load 2203, and encrypted mileage without load 2204 are decrypted. Then, the shipper terminal Tsj and the delivery company terminals Td1 to Td4 of delivery company candidates each calculate the actual vehicle rate for each additional distance ID 1301 based on the decoded loaded mileage and non-loaded mileage (step S1911).

[Actual vehicle rate calculation]
FIG. 24 is an explanatory diagram showing an example of total additional distance. The total additional distance 2400 is data obtained by decrypting the encrypted total additional distance 2300 using the common key CK. The total additional distance 2400 includes an additional distance 1502, a loaded mileage 2403, and an unloaded mileage 2404. The matching server 101 uses the loaded mileage 2403 and the unloaded mileage 2404 to calculate the actual vehicle rate for each additional distance ID 1301.

In the above equation (2), the "traveling distance" in the denominator on the right side is the sum of the loaded traveling distance 2403 and the unloaded traveling distance 2404. The “distance traveled with cargo loaded” in the numerator on the right side is the loaded mileage 2403. The shipper terminal Tsj and the delivery company terminals Td1 to Td4 that are delivery company candidates each calculate an actual vehicle rate 2405 for each additional distance ID 1301 and add it to the total additional distance 2400.
[Optimum distance selection]
FIG. 25 is an explanatory diagram showing an example of optimal distance selection. In FIG. 25, the shipper terminal Tsj and the delivery company terminals Td1 to Td4, which are delivery company candidates, each create a matrix Standardize and convert to matrix x. Note that since it is desirable that the additional distance 1502 be as small as possible, it is normalized by a reciprocal number.

Then, the shipper terminal Tsj and the delivery company terminals Td1 to Td4, which are delivery company candidates, each calculate a comprehensive index vector y using the following equation (5).

y=x・w (5)

w is a weight vector having a weight value of the additional distance 1502 and a weight value of the actual vehicle rate 2405. Each weight value takes a value of 0 or more and 1 or less. If the weight value of the actual vehicle rate 2405 is set to 0, the result will be the same as in the first embodiment. Alternatively, the weight value of the additional distance 1502 may be set to 0, and the weight value of the actual vehicle rate 2405 may be set to a value larger than 0. The weight vector w is set in advance by the matching server 101, and is transmitted to the shipper terminal Tsj and the delivery company terminals Td1 to Td4 of delivery company candidates in step S1910, for example.

Each element of the comprehensive index vector y is an index value that takes into consideration the additional distance 1502 and the actual vehicle rate 2405, and the larger the value, the higher the evaluation. Note that when the actual vehicle rate 2405 is normalized by a reciprocal instead of the additional distance 1502, the smaller the value of each element of the comprehensive index vector y, the higher the evaluation.

The shipper terminal Tsj and the delivery company terminals Td1 to Td4 that are delivery company candidates each select the maximum comprehensive index value from the comprehensive index vector y. In the example of FIG. 25, 1.34 is the maximum value. 1.34 corresponds to A(L3), which is the additional distance ID 1301.

Returning to FIG. 19, the shipper terminal Tsj and delivery company candidate terminals Td1 to Td4 each encrypt the selected maximum comprehensive index value and the company information 1503 including its own company ID 301. , is transmitted to the matching server 101 (step S1913).

The matching server 101 performs encryption matching verification on the encrypted maximum comprehensive index values from the shipper terminal Tsj and the delivery company terminals Td1 to Td4 of delivery company candidates (step S1914).

In this way, according to the second embodiment, it is possible to select a delivery company suitable for the additional order by taking into consideration not only the additional distance but also the actual vehicle rate. In addition, the matching server 101 calculates the encrypted loaded mileage 2203 and the encrypted unloaded mileage 2204, which are the sources of calculating the actual vehicle rate. calculation of the rate can be suppressed. Further, since the matching server 101 calculates the encrypted mileage with loading 2203 and the encrypted mileage without loading 2204 in the encrypted state, the delivery companies D1 to D4 can use the matching service with peace of mind.

Further, in the second embodiment, another index called the actual vehicle rate is added, but the congestion degree of the link may be added instead of the actual vehicle rate. Furthermore, the congestion degree of the link may be added as another index along with the actual vehicle rate. In this case, the weight of the link congestion level is added to the weight vector w. In this way, in the second embodiment, by taking a weighted average of a plurality of indicators, the shipper terminal Tsj and the delivery company terminals Td1 to Td4 of delivery company candidates can each select the optimal additional distance.

Furthermore, the confidential delivery matching method in the embodiment described above can also be configured as shown in (1) to (9) below.

(1) In the confidential delivery matching method in which the matching server 101 determines the request destination of the additional order 701 from the shipper Sj from one or more delivery companies D1 to D4, the shipper terminal Tsj of the shipper Sj that can communicate with the matching server 101 is used. However, by encrypting the position information indicating the first loading point P21 and the position information indicating the first unloading point P22 included in the additional order 107 using homomorphic encryption using the common key CK, an encrypted additional order E710 is generated. is generated and transmitted to the matching server 101 (S605, S606), and the delivery agent terminals Td1 to Td4 of the delivery companies D1 to D4 that can communicate with the matching server 101 transfer the data from the second loading point to the second unloading point. Position information indicating the second loading point and a position indicating the second unloading point on the delivery routes R1 to R4 of the delivery companies D1 to D4, which are composed of one or more partial routes (links L1 to L20) up to By encrypting the information using homomorphic encryption using the common key CK, encrypted delivery routes E(R1) to E(R4) are generated and sent to the matching server 101 (S607, S608), and the matching Based on the encrypted additional order E701 and the encrypted delivery routes E(R1) to E(R4), the server 101 sends the first cargo on the partial route (links L1 to L20) in an encrypted state. An encryption index value regarding the delivery efficiency of the cargo Csj of the additional order 701 when passing through the point P21 and the first unloading point P22 is calculated, and the encryption index value is sent to two or more of the shipper terminal Tsj and the delivery company terminals Td1 to Td4. (S609, S610), and each of the two or more terminals decrypts the encrypted index value in the partial route (links L1 to L20), and decrypts the index value in the partial route (links L1 to L20). Select a specific index value from the values and encrypt it with homomorphic encryption using the common key CK to generate a specific encryption index value and send it to the matching server 101 (S611, S612, S613); The matching server 101 determines whether or not the specific encryption index values from the two or more terminals match each other in the encrypted state, thereby specifying the request destination of the additional order 701. The delivery company D1 is determined, and the delivery company terminal Td1 of the specific delivery company D1 is notified (S614, S615).

As a result, the shipper Sj and the delivery companies D1 to D4 can use the delivery matching service for the additional order 701 while the data of the shipper Sj and the delivery companies D1 to D4 are kept confidential in the matching server 101, which is a platformer. This makes it possible to prevent data leakage of the shipper Sj and the delivery companies D1 to D4.

(2) In the confidential delivery matching method of (1) above, the two or more terminals may be the two or more delivery company terminals Td1 to Td4 excluding the shipper terminal Tsj.

Since the shipper Sj does not need to commit fraud in the delivery matching of the additional order 701, there is no problem in excluding the shipper terminal Tsj from the destination of the encrypted index value regarding the delivery efficiency of the additional order 701 cargo Csj.

(3) In the confidential delivery matching method of (1) above, the two or more terminals may include the shipper terminal Tsj and one or more of the delivery agent terminals Td1 to Td4.

Since the shipper Sj does not need to commit fraud regarding the delivery matching of the additional order 701, the shipper terminal Tsj calculates the encryption index value regarding the delivery efficiency of the cargo Csj of the additional order 701 without performing any fraudulent acts. . Therefore, the matching server 101 can use the encryption index value as correct answer data.

(4) In the confidential delivery matching method of (1) above, the matching server 101 maintains the encrypted state based on the encrypted additional order E701 and the encrypted delivery routes E(R1) to E(R4). , the encrypted delivery distance of the cargo Csj of the additional order 701 when passing through the first loading point P21 and the first unloading point P22 in the partial route (links L1 to L20) (in the case of link L3, E{ d(L24)}+E{d(L23)}+E{d(L25)}) and the encrypted delivery distance of the partial route (link L3) when the cargo Csj is not delivered (in the case of link L3, E{d (L3)}) (in the case of link L3, the encryption additional distance E{A(L3)}) is calculated as the encryption index value and transmitted to the two or more terminals (S609, S610).

As a result, the matching server 101 calculates the encrypted difference (in the case of link L3, the encrypted additional distance E{A(L3)}) without changing the encrypted state. (L3)) can be concealed.

(5) In the confidential delivery matching method of (4) above, the two or more terminals each calculate the encrypted difference (in the case of link L3, the encrypted additional distance E{A( L3)}) and calculates the minimum difference (additional distance A(L3)) from the difference (in the case of link L3, additional distance A(L3)) of the partial route (links L1 to L20) to the specific index value. Select as.

As a result, if there is no fraud in any of the two or more terminals, the minimum difference (additional distance A(L3)) selected by the two or more terminals will be the same.

(6) In the confidential delivery matching method of (1) above, when the specific encryption index values from the two or more terminals unanimously match while remaining in the encrypted state, the matching server 101 determines that the The request destination for the additional order 701 is determined to be a specific delivery company D1 that delivers on a specific delivery route R1 that includes a specific partial route (link L3) corresponding to the specific encryption index value, and The delivery company terminal Td1 of D1 is notified (S614, S615).

Thereby, the matching server 101 can allocate the additional order 701 when there is no fraud in any of the two or more terminals.

(7) In the confidential delivery matching method of (1) above, the matching server 101 determines whether or not the specific encryption index values from the two or more terminals match each other in the encrypted state. By doing so, a specific delivery company that delivers the request destination of the additional order 701 via a specific delivery route R1 that includes a specific partial route (link L3) corresponding to a specific encryption index value with the maximum number of matches. D1 is determined, and the delivery company terminal Td1 of the specific delivery company D1 is notified (S614, S615).

Thereby, the matching server 101 can allocate the additional order 701 when there is little fraud in the two or more terminals.

(8) In the confidential delivery matching method of (1) above, if the specific delivery company is not determined, the matching server 101 resends the encryption index value to the two or more terminals (S609, S610 ).

As a result, the matching server 101 does not allocate the additional order 701 if any of the two or more terminals is fraudulent, thereby making it possible to suppress fraud.

(9) In the confidential delivery matching method of (1) above, the matching server 101 selects the additional order 701 based on the encrypted additional order E701 and the encrypted delivery routes E(R1) to E(R4). The encrypted first index value (encrypted additional distance 1302) and encrypted second index value (encrypted mileage with loading 2203, encrypted mileage without load 2204) regarding the delivery efficiency of cargo Csj are calculated, and the above-mentioned 2 (S609, S610), and the two or more terminals respectively transmit the encrypted first index value (encrypted additional distance 1302) and the encrypted index value for each partial route (links L1 to L20). The two index values (encrypted mileage with load 2203, encrypted mileage without load 2204) are decrypted to obtain the first index value (additional distance 1502) and second index value for each of the partial routes (links L1 to L20). (Loaded mileage 2403, unloaded mileage 2404) to calculate a comprehensive index value, select a specific comprehensive index value (maximum comprehensive index value) from the comprehensive index values for each of the partial routes, By encrypting with homomorphic encryption using the common key CK, a specific encryption comprehensive index value is generated and transmitted to the matching server 101 (S1911, S1912, S1913), and the matching server 101 The destination of the additional order 701 is determined to be the specific delivery company D1 by determining whether the specific encryption comprehensive index values from two or more terminals match each other in the encrypted state. Then, the delivery company terminal Td1 of the specific delivery company D1 is notified (S1914, S615).

This makes it possible to select a delivery company D1 suitable for the additional order 701 by considering a plurality of indicators from different viewpoints.

Note that the present invention is not limited to the embodiments described above, and includes various modifications and equivalent configurations within the scope of the appended claims. For example, the embodiments described above have been described in detail to explain the present invention in an easy-to-understand manner, and the present invention is not necessarily limited to having all the configurations described. Further, a part of the configuration of one embodiment may be replaced with the configuration of another embodiment. Further, the configuration of one embodiment may be added to the configuration of another embodiment. Furthermore, other configurations may be added to, deleted from, or replaced with some of the configurations of each embodiment.

Further, each of the above-mentioned configurations, functions, processing units, processing means, etc. may be realized in part or in whole by hardware, for example by designing an integrated circuit, and a processor realizes each function. It may also be realized by software by interpreting and executing a program.

Information such as programs, tables, and files that realize each function is stored in storage devices such as memory, hard disks, and SSDs (Solid State Drives), or on IC (Integrated Circuit) cards, SD cards, and DVDs (Digital Versatile Discs). It can be stored on a medium.

Furthermore, the control lines and information lines shown are those considered necessary for explanation, and do not necessarily show all the control lines and information lines necessary for implementation. In reality, almost all configurations can be considered interconnected.

100 Confidential delivery matching system 101 Matching server 102 Map server 103 Network 107 Additional order 111 Vendor master 700 Additional order information 710 Encrypted additional order information 800, 900, 1000, 1100 Delivery route information 810, 910, 1010, 1110 Encrypted delivery route Information 1300 Encrypted additional distance table 1400 Encrypted total additional distance 1500 Encrypted selected distance information 1501 Selected additional distance 1800 Encrypted total additional distance 2000 Loading presence/absence 2200 Encrypted additional distance table 2300 Encrypted total additional distance CK Common key Csj Cargo D1 -Dn Delivery company E1501 Encryption selection additional distance E1501 Encryption additional distance Sj Shipper Td1~Tdn Delivery company terminal Tp1~Tpm Shipper terminal Tpi, Tqj Point information

Claims (11)

A confidential delivery matching method in which a server determines a destination for an additional order from a shipper from among one or more delivery companies, the method comprising:
The shipper terminal of the shipper that can communicate with the server encrypts position information indicating a first loading point and position information indicating a first unloading point included in the additional order with homomorphic encryption using a common key. generating an encrypted additional order and sending it to the server;
A delivery company terminal of the delivery company that is capable of communicating with the server is connected to the second loading point on the delivery route of the delivery company, which is comprised of one or more partial routes from a second loading point to a second unloading point. generating an encrypted delivery route by encrypting location information indicating the location information and location information indicating the second unloading point using homomorphic encryption using the common key, and transmitting the encrypted delivery route to the server;
When the server passes through the first loading point and the first unloading point on the partial route, the additional order remains encrypted based on the encrypted additional order and the encrypted delivery route. calculating an encryption index value regarding cargo delivery efficiency and transmitting it to two or more terminals among the shipper terminal and the delivery company terminal;
The two or more terminals each decrypt the encrypted index value in the partial route, select a specific index value from the index values in the partial route, and encrypt it with homomorphic encryption using the common key. generate a specific encryption index value and send it to the server;
The server determines whether or not the specific encryption index values from the two or more terminals match each other in the encrypted state, thereby assigning the additional order to a specific delivery company. determining and notifying a carrier terminal of the specific carrier;
A secret delivery matching method characterized by: The confidential delivery matching method according to claim 1,
The two or more terminals are two or more of the delivery company terminals excluding the shipper terminal,
A secret delivery matching method characterized by: The confidential delivery matching method according to claim 1,
The two or more terminals include the shipper terminal and one or more of the delivery company terminals,
A secret delivery matching method characterized by: The confidential delivery matching method according to claim 1,
When the server passes through the first loading point and the first unloading point on the partial route, the additional order remains encrypted based on the encrypted additional order and the encrypted delivery route. calculating an encryption difference between an encrypted delivery distance of the cargo and an encrypted delivery distance of the partial route when the cargo is not delivered as the encryption index value, and transmitting it to the two or more terminals;
A secret delivery matching method characterized by: The confidential delivery matching method according to claim 4,
The two or more terminals each decrypt the encrypted difference of the partial route and select a minimum difference from the differences of the partial route as the specific index value,
A secret delivery matching method characterized by: The confidential delivery matching method according to claim 1,
If the specific encryption index values from the two or more terminals are unanimously agreed while remaining in the encrypted state, the server determines that the request destination for the additional order corresponds to the specific encryption index value. determining a specific delivery company to deliver on a specific delivery route including a specific partial route, and notifying a delivery company terminal of the specific delivery company;
A secret delivery matching method characterized by: The confidential delivery matching method according to claim 1,
The server determines whether the specific encryption index values from the two or more terminals match each other in the encrypted state, and selects the request destination for the additional order based on the number of matches with the maximum number of matches. determining a specific delivery company to deliver on a specific delivery route including a specific partial route corresponding to a specific encryption index value, and notifying the delivery company terminal of the specific delivery company;
A secret delivery matching method characterized by: The confidential delivery matching method according to claim 1,
If the specific delivery company is not determined, the server resends the encryption index value to the two or more terminals;
A secret delivery matching method characterized by: The confidential delivery matching method according to claim 1,
The server calculates an encrypted first index value and an encrypted second index value regarding the delivery efficiency of cargo of the additional order based on the encrypted additional order and the encrypted delivery route, and Send to the terminal,
The two or more terminals each decrypt the encrypted first index value and the encrypted second index value for each partial route, and based on the first index value and second index value for each partial route, By calculating a comprehensive index value, selecting a specific comprehensive index value from the comprehensive index values for each partial route, and encrypting it with homomorphic encryption using the common key, a specific encrypted comprehensive index is obtained. generate a value and send it to the server;
The server determines whether or not the specific encryption comprehensive index values from the two or more terminals match each other in the encrypted state, thereby determining the destination of the additional order for delivery to the specific delivery order. determining the delivery company and notifying the delivery company terminal of the specific delivery company;
A secret delivery matching method characterized by: A confidential delivery matching device that determines a request destination for an additional order from a shipper from one or more delivery companies,
a processor that executes a program; and a storage device that stores the program; the processor is capable of communicating with a shipper terminal of the shipper and a delivery company terminal of the delivery company;
The processor includes:
An encrypted additional order in which position information indicating a first loading point and position information indicating a first unloading point included in the additional order are encrypted with homomorphic encryption using a common key is sent from the consignor terminal of the consignor. receive,
Position information indicating the second loading point on the delivery route of the delivery company, which is comprised of one or more partial routes from a second loading point to a second unloading point, from the delivery company terminal of the delivery company; receiving an encrypted delivery route in which position information indicating a second unloading point is encrypted with homomorphic encryption using the common key;
Based on the encrypted additional order and the encrypted delivery route, the delivery efficiency of the cargo of the additional order when passing through the first loading point and the first unloading point on the partial route while remaining encrypted. calculating an encryption index value for and transmitting it to two or more terminals among the shipper terminal and the delivery company terminal;
receiving a specific encryption index value among the encryption index values in the partial route from each of the two or more terminals;
By determining whether or not the specific encryption index values from the two or more terminals match each other in the encrypted state, the destination of the additional order is determined to be a specific delivery company; Notify the carrier terminal of a specific carrier,
A secret delivery matching device characterized by: A confidential delivery matching program that causes a server processor to execute a process of allocating an additional order from a shipper to one of one or more delivery companies, the program comprising:
From the shipper terminal of the shipper that can communicate with the server, position information indicating a first loading point and position information indicating a first unloading point included in the additional order are encrypted with homomorphic encryption using a common key. received an encrypted add-on order,
The second loading point on the delivery route of the delivery company, which is comprised of one or more partial routes from a delivery company terminal of the delivery company that can communicate with the server to a second loading point and a second unloading point. and position information indicating the second unloading point, and receive an encrypted delivery route encrypted with homomorphic encryption using the common key,
Based on the encrypted additional order and the encrypted delivery route, the delivery efficiency of the cargo of the additional order when passing through the first loading point and the first unloading point on the partial route while remaining encrypted. calculating an encryption index value for and transmitting it to two or more terminals among the shipper terminal and the delivery company terminal;
receiving a specific encryption index value among the encryption index values in the partial route from each of the two or more terminals;
By determining whether or not the specific encryption index values from the two or more terminals match each other in the encrypted state, the destination of the additional order is determined to be a specific delivery company; Notify the carrier terminal of a specific carrier,
A confidential delivery matching program characterized by causing the processor to execute processing.

Images