JP7490244B2 - Delivery box - Google Patents

Description

The present invention relates to a delivery box that can be unlocked/locked using a terminal with short-range wireless communication capabilities.

In recent years, the number of parcels handled by courier services has increased significantly with the expansion of online shopping and online auctions, resulting in a major problem of an increase in redelivery due to the absence of recipients. In addition, the spread of COVID-19 has led to an increase in demand for non-face-to-face receipt of parcels. In this context, there is an increasing demand for parcel lockers that are installed in users' homes, where the delivery company places deliveries inside the box and locks them, and the recipient can unlock and retrieve them.

Roughly speaking, the existing delivery boxes that are commercially available or have been announced include the following:

For example, in a padlock-type delivery box, the delivery person places the delivery item in the box with the padlock unlocked, then the recipient uses a key to unlock it and remove the delivery item (Non-Patent Document 1).

In a combination lock delivery box, the delivery person places the delivery item inside the unlocked box, then turns a dial to lock it. The recipient unlocks the box by dialing a preset PIN number and can then retrieve the delivery item (Non-Patent Document 2).

It is known that in delivery boxes that use electronic locks, the delivery person opens the lock by holding the barcode on the waybill over the reader on the delivery box, and after depositing the delivery, the recipient displays a specific QR code (registered trademark) on the screen of a smartphone (terminal) with a dedicated smartphone app installed, and then holds the code over the reader to open the lock (Non-Patent Document 3).

In addition, there are also known systems that open electronic locks by entering a password into an operation panel with a numeric keypad installed on the delivery box (Non-Patent Document 3).

Patent Document 1 discloses a delivery system that uses a parcel box device in which the delivery company stores the delivery in the storage box and locks the opening and closing key with a new unlocking number, and the delivery company terminal transmits to a server a notice that the delivery of the delivery is complete, and the recipient terminal receives the new unlocking number for the storage box's opening and closing key from the server and unlocks it.

Patent Document 2 discloses a delivery box that is equipped with a communication device that receives instructions to lock and unlock the door from outside, and when a delivery slip is inserted into the slip stamping slot, an operation mechanism locks and stamps the door, enabling communication with the communication device, and the recipient can press an "unlock" button on the operation screen of a portable information terminal device to communicate via a Wi-Fi router and unlock the door without having to enter an unlocking PIN number. It is shown that a battery is used as the power source.

JP 2018-119037 A JP 2019-146761 A

Advertisement on the Internet URL: https://direct.sanwa.co.jp/ItemPage/300-DLBOX016 Advertising article on the Internet URL: https://www.shinyei-shc.co.jp/product/post/post_box_skcbx202.html Advertisement on the Internet URL: https://direct.sanwa.co.jp/ItemPage/300-DLBOX017

The conventional delivery boxes mentioned above have the following problems that need to be improved:

Conventional padlock-type delivery boxes have the risk of losing the key. In addition, they cannot be used for collection because delivery companies cannot open them.

With combination lock delivery boxes, there is no risk of losing the key, but there is a risk of the PIN being leaked or the box being opened accidentally. Furthermore, these delivery boxes cannot be used for collection because they cannot be opened by delivery companies.

The delivery box with the electronic lock described above solves these problems, but it is necessary to provide a barcode or QR code (registered trademark) reader in the delivery box, which not only increases costs but also makes the reading operation cumbersome for users who are not familiar with it.

In the delivery box device described in Patent Document 1, when unlocking (opening) the opening and closing key, the user must enter an unlocking number (personal identification number) using the numeric keypad attached to the storage box, which can lead to problems with the unlocking number being leaked, and the input of the unlocking number is cumbersome and can lead to incorrect input.

In the delivery box described in Patent Document 2, when the user (recipient) receives a parcel, the delivery box can be unlocked using a portable information terminal device without operating the number keys on the delivery box itself or inputting a PIN on the terminal. However, when the delivery person unlocks the box, they must input the specified PIN.

Although battery-powered delivery boxes that use electronic locks are easy to install, it is inevitable that the battery will run out. Therefore, to extend the battery life, it is preferable to turn the power on only when the electronic lock is being operated and to keep the power off under normal circumstances. However, in order for the delivery box to respond to external access via wireless communication at any time, it is necessary to keep a certain amount of standby current flowing even during the power-off period.

As an alternative, it is possible to configure the delivery box so that the power is completely cut off when the power button is turned off, and the power button is turned on only when necessary; however, there is a risk that the user may forget to turn the power off after use.

The present invention was made against this background, and its objective is to provide a delivery box that can be unlocked and locked by not only the recipient but also the delivery person at the time of delivery and collection without having to operate the number keys on the delivery box itself or enter a PIN number on a terminal.

Another object of the present invention is to provide a delivery box that can improve security when the recipient and the delivery person use a terminal with short-range wireless communication capabilities to perform unlocking and locking operations.

Another objective of the present invention is to provide a delivery box that extends the battery life when powered by a battery and prevents the user from forgetting to turn off the power.

In the present invention, these objects are independent of each other, and it is not necessary that all objects are achieved , but it is sufficient that at least one object is achieved.

The home delivery box according to the present invention is a home delivery box in a home delivery system that is composed of a home delivery box, a user terminal, a company terminal of a delivery company, and a server, and is equipped with a box body having an opening, a box opening/closing unit that is attached to the box body and opens and closes the opening, an electronic lock unit that can unlock/lock the box opening/closing unit to the box body, a short-range wireless communication unit, and a control unit, and the control unit issues an authentication request encrypted with a public key A assigned to the home delivery box to a terminal located within a short distance via the short-range wireless communication unit, and when the control unit receives an authentication response encrypted with a public key B assigned to the home delivery box from the terminal, it decrypts the authentication response with a private key B assigned in advance to the home delivery box, and stores the decryption result in a storage device. When the result meets specified conditions, the terminal permits an unlock/lock instruction from the terminal, receives an unlock/lock instruction encrypted with the public key B from the terminal and decrypts it with the private key B, unlocking/locking the electronic lock unit , and if the terminal is a user terminal related to the user of the delivery box, the user terminal generates and encrypts the authentication response and the unlock/lock instruction, and if the terminal is a company terminal of a delivery company, the company terminal transfers the authentication request to the server via a communication network, the server generates and encrypts the authentication response and the unlock/lock instruction, and the company terminal returns the encrypted text of the authentication response and the unlock/lock instruction obtained from the server via the communication network to the delivery box .

The electronic lock of this delivery box is unlocked and locked by instructions from a nearby terminal via wireless communication through the short-range wireless communication unit. At that time, mutual authentication between the delivery box and the communication partner, as well as requests and instructions, are performed by encryption/decryption using a public encryption method. This allows for a highly secure delivery service.

In the above configuration, if the terminal is a user terminal related to the user of the delivery box, the user terminal generates the authentication response and unlock/lock instructions and encrypts them, and if the terminal is a company terminal of a delivery company, the company terminal transfers the authentication request to the server via a communications network, the server generates the authentication response and unlock/lock instructions and encrypts them, and the company terminal returns to the delivery box the encrypted text of the authentication response and unlock/lock instructions obtained from the server via the communications network, thereby preventing the company terminal from being involved in encryption and decryption.

In another aspect of the present invention, in the above configuration, the authentication request and the authentication response can include identification information of the delivery box. This identifies the delivery box that is the target of the authentication request and the authentication response.

In another aspect of the invention, when the terminal is a vendor terminal, when the result of decrypting the ciphertext of the authentication response with the private key B matches a predetermined condition, the control unit requests vendor information and delivery information from the vendor terminal, receives the information from the vendor terminal, and then sends an unlock/lock instruction request including the information encrypted with the public key A to the server via the vendor terminal. This makes it possible to obtain vendor information and delivery information, encrypt them on the delivery box side, and pass them to the server, while excluding the vendor terminal from being involved in the encryption/decryption.

In another aspect of the present invention, the above configuration further includes a sight glass provided in the box opening/closing section, the sight glass having a shutter mechanism that can be opened and closed manually and a locking means that locks the closed state of the sight glass under the control of the control section, the inside of the box can be viewed when the shutter mechanism is open, and the inside of the box cannot be viewed when the shutter mechanism is closed, and the control section may unlock the sight glass after locking the electronic lock section as the delivery is placed inside the box, and lock the sight glass in the closed state in response to an instruction from the server that has received an image captured by the carrier terminal.

In another aspect of the present invention, the above configuration may further include a sight window provided in the box opening/closing section, the sight window having a shutter mechanism that can be opened and closed by the control section, the inside of the box can be viewed when the shutter mechanism is open, and the inside of the box cannot be viewed when the shutter mechanism is closed, and the control section may open the shutter mechanism after locking the electronic lock section as the delivery is placed in the box, and close the shutter mechanism in response to an instruction from the server that has received an image captured by the carrier terminal.

As another aspect of the present invention, in the above configuration, the box may further include a sight glass provided in the opening and closing section, the sight glass having a light-adjusting film whose light transmission can be controlled by the control unit, and the control unit may make the light-adjusting film transparent after locking the electronic lock unit as the delivery item is placed inside the box, and may make the light-adjusting film opaque in response to instructions from the server which receives the image captured by the carrier terminal.

After the delivery box is locked, a photograph of the inside of the box can be taken through these viewing windows, providing proof that the parcel has been safely placed and delivered to the recipient's delivery box.

In another aspect of the present invention, the above configuration further includes a battery, a power supply circuit section for driving the electronic lock section, a first switch of an automatic return type arranged between the battery and the power supply circuit section and operated by a user to establish electrical continuity between the battery and the power supply circuit section, and a second switch connected in parallel to the first switch and controlled to be turned on and off based on a control signal, and the control section may be configured to turn on the second switch when the first switch is turned on by the user, and to control the unlocking/locking of the electronic lock section in response to operation of the terminal, and to turn off the second switch after processing of the delivery box by operation of the terminal is completed. With this configuration, power consumption when the delivery box is not in use is reduced to zero, thereby extending the life of the battery.

In another aspect of the present invention, a movable member that is linked to the unlocking/locking operation of the electronic lock unit may be provided, and a status display unit that displays the unlocked/locked state in color according to the operation of the movable member may be provided. With this configuration, the unlocked/locked state can be displayed even when the delivery box is powered off.

Another delivery box according to the present invention is a delivery box that can be locked with an electronic lock, and includes a box body, a box opening/closing unit attached to the box body , an electronic lock unit that can unlock/lock the box opening/closing unit to the box body, a battery, a power supply circuit unit that drives the electronic lock unit, a first switch of an automatic return type that is arranged between the battery and the power supply circuit unit and is operated by a user to conduct electricity between the battery and the power supply circuit unit, a second switch that is connected in parallel to the first switch and is controlled to be turned on and off based on a control signal, and a control unit that turns on the second switch when the first switch is turned on by the user and controls the unlocking/locking of the electronic lock unit in response to the user's operation, and turns off the second switch after the process of the delivery box by the user's operation is completed. With this configuration, power consumption when the delivery box is not in use is reduced to zero, thereby extending the life of the battery.

The above-mentioned viewing window configuration can also be used in this delivery box.

In such a configuration, the control unit may lock the electronic lock unit and turn off the second switch after the sight glass is closed or locked. This allows the power-off of the delivery box to be postponed and processing related to the sight glass to be completed reliably.

According to one embodiment of the present invention, not only the recipient but also the courier can unlock and lock the box at the time of delivery and collection using a terminal with short-range wireless communication capabilities, without having to operate the number keys on the box itself or enter a PIN number on the terminal.

According to another aspect of the present invention, security can be improved when recipients and couriers perform unlocking and locking operations using terminals with short-range wireless communication capabilities.

According to yet another aspect of the present invention, when the device is battery-powered, the battery life can be extended and the device can be prevented from forgetting to turn off the power.

1 is a diagram showing a schematic external appearance of a delivery box according to an embodiment of the present invention; 1 is a block diagram showing a schematic configuration of a home delivery system according to an embodiment of the present invention. 1 is a block diagram showing a schematic configuration of a delivery box according to an embodiment of the present invention; 2 is a diagram showing an example of the configuration of a locking mechanism included in the electronic lock unit of the delivery box shown in FIG. 1 . 2 is a diagram for explaining a configuration example of a locking state display unit of the delivery box shown in FIG. 1 . FIG. 2 is a diagram showing an example of the configuration of a viewing window of the delivery box shown in FIG. 1 . 1. FIG. 4 is a diagram showing another example of the configuration of the observation window of the delivery box shown in FIG. 2 is a diagram showing the key relationships of the public key cryptography between the components of the home delivery system according to the embodiment of the present invention, and an outline of the exchange of communication data. FIG. FIG. 4 is a diagram showing an example of a screen of a user terminal in the embodiment of the present invention. FIG. 2 is a sequence diagram showing specific processing steps of a process for unlocking at the time of delivery in an embodiment of the present invention. FIG. 2 is a sequence diagram showing specific processing steps of a locking process at the time of delivery in an embodiment of the present invention. FIG. 2 is a sequence diagram showing specific processing steps of a user unlocking/locking process in an embodiment of the present invention. FIG. 11 is a sequence diagram showing specific processing steps of a collection unlocking process in an embodiment of the present invention. FIG. 11 is a sequence diagram showing specific processing steps of a locking process at the time of collection in an embodiment of the present invention.

The following describes in detail the embodiments of the present invention with reference to the drawings.

<Configuration of the embodiment>
FIG. 1 shows a schematic external view of a delivery box 10 according to the present embodiment. FIG. 1(a) shows a closed state in which the box opening/closing unit 13 is closed, and FIG. 1(b) shows an open state in which the box opening/closing unit 13 is open. The box opening/closing unit 13 is a member that is openably attached to a box body 12 having an opening 12a and opens and closes the opening 12a. In this example, the opening 12a opens vertically upward, so it is recognized as a lid. Alternatively, the opening may open vertically to the side. In that case, the box opening/closing unit 13 is recognized as a door. Therefore, in this specification, the term "box opening/closing unit" includes both the lid and the door.

As shown in FIG. 1(a), the box opening/closing section 13 is provided with a home delivery button 14, a locking status display section 15, and a viewing window 16. In addition, an electronic lock section (electronic lock module) 17 and a high-brightness LED 18 are provided on the inside of the box opening/closing section 13.

The delivery button 14 is an operation unit that is operated by the user of the delivery box 10 (either a user or a delivery person from a delivery company) when unlocking/locking the delivery box 10, and essentially functions as a power button for turning on the power to the delivery box 10. In this embodiment, the delivery button 14 is configured as a push button, and is linked to a momentary switch (described later) and is an automatic return type that retreats only while it is pressed and returns to its original position when the pressure is released.

The locking status display unit 15 is a section that displays the current state of the electronic lock unit 17 with regard to whether it is locked or unlocked. The locking status display unit 15 can be configured using electronic devices such as light-emitting diodes (LEDs), but here, as an example of a mechanical display unit, a transparent member is placed in an opening in the box opening/closing unit 13, allowing changes in the internal mechanism to be seen through the transparent member as color changes. For example, the color change is "red" for a locked state and "blue" for an unlocked state. A specific configuration example will be described later. The display of the state is not limited to color changes, and any display form that can indicate the state, such as density, letters, symbols, etc., can be used.

The peephole 16 is a window provided in the box opening/closing unit 13 of the delivery box 10, and allows the inside of the box to be viewed from the outside through this window even when the box opening/closing unit 13 is closed. The peephole 16 can also be opened and closed, and when the peephole 16 is open the inside of the box can be viewed, and when it is closed the inside of the box cannot be viewed. The peephole 16 can be opened and closed either manually or automatically. When it is automatic, the opening and closing is controlled according to the control of the control unit 100 in conjunction with the unlocking and locking operation of the electronic lock unit 17 at the time of delivery by the delivery company (hereinafter also simply referred to as the company). When it is manual, it is preferable that the peephole 16 is unlocked (allowed to be opened) at least after the box opening/closing unit 13 is locked, and locked in the closed state after it is closed.

More specifically, for example, when a company's courier stores (stores) an item in the delivery box 10, the view window 16 is opened after the electronic lock unit 17 is locked, allowing the delivery item inside to be photographed from outside the box by a camera. Furthermore, after the image captured by the company's terminal 30 is received, the view window 16 is closed and locked in response to a window closing instruction from the server 40. This specification makes it possible to prevent fraudulent behavior in which a courier photographs an item that has been stored before locking it, and then locks the box after removing the item.

Some specific examples of the sight glass 16 will be described later.

The electronic lock unit 17 is a device that can lock/unlock the box opening/closing unit 13 to the box body 12, and is attached to the inside of the box opening/closing unit 13. This device can switch between a locked state, in which the box opening/closing unit 13 is locked to the box body 12, and an unlocked state, in which the lock is released, by wireless communication with an external terminal. The electronic lock unit 17 of this embodiment has a control unit (including a CPU) that is powered by a battery, electronic circuits for realizing various functions, and a locking mechanism for locking. The locking mechanism can be one that uses a motor or a self-holding solenoid.

The high-brightness LED 18 is a device that constitutes the interior lighting section in this embodiment, and is used to illuminate the inside of the box when photographing the inside of the box from the outside through the viewing window 16. In this example, two high-brightness LEDs 18 are used, but the number is not particularly limited.

Although not specifically illustrated, the delivery box 10 may be fixed to a part of the house or connected with a chain to prevent theft of the delivery box 10.

Such a delivery box 10 functions as one component of a delivery system as shown in FIG. 2. This delivery system is composed of the delivery box 10, a user terminal 20, a business terminal 30, and a server (management server) 40.

The delivery box 10 wirelessly communicates with an external user terminal 20 and a business terminal 30 via short-range wireless communication such as Bluetooth (registered trademark), particularly low-power consumption Bluetooth Low Energy (BLE).

The user terminal 20 is a mobile information terminal such as a smartphone or tablet of the user associated with the delivery box 10. A combination of the delivery box 10 and the user terminal 20 may exist for each user home 25.

The delivery company terminal 30 is a mobile information terminal carried by a delivery person of the delivery company.

The server 40 is a computer for managing the individual delivery boxes 10 in multiple user homes 25, and is connected to the user terminal 20 and the business terminal 30 via a communication network 27 such as the Internet.

Figure 3 is a block diagram showing the general configuration of the delivery box 10.

The delivery box 10 is configured with a control unit 100, a battery 101, a first switch 103, a second switch 105, a power supply circuit unit 109, a box opening/closing unit opening/closing detection unit 111, a sight window opening/closing detection unit 113, an interior lighting unit 115, a memory unit 121, a short-range wireless communication unit 123, an interior temperature measurement unit 125, an unlock/lock drive unit 127, a sight window drive unit 128, and a sound output unit 129.

The control unit 100 includes a CPU and an encryption/decryption module, and is the part that controls the operation of the delivery box 10.

The battery 101 is a battery that provides operating power for the delivery box 10. In preparation for the battery running out, an emergency external power input 107 can be used instead of the output of the battery 101.

The power supply circuit section 109 converts the voltage of the battery 101 into the desired voltage and provides it to the control section 100 and each required section.

The first switch 103 is a momentary switch that temporarily conducts the output of the battery 101 to the power supply circuit unit 109 when the user presses the home delivery button 14.

The second switch 105 is connected in parallel to the first switch 103, and is normally in the OFF state under the control of the control unit 100. It turns ON in response to the momentary ON operation of the momentary switch 103 caused by the user pressing the delivery button 14, and then returns to the OFF state when the processing (unlocking/locking operation) of the delivery box 10 is completed.

The first switch 103 and the second switch 105 ensure that not even standby current flows except when the delivery box 10 is being unlocked or locked, and the power is completely turned off. This also prevents the user from forgetting to turn off the power. This reduces the power consumption of the battery 101, making it possible to extend the usable period of the battery 101.

The box opening/closing section opening/closing detection section 111 is a section that detects whether the box opening/closing section 13 is closed relative to the box body 12, and its output is input to the control section 100. Its operating principle can be mechanical, optical, magnetic, or any other.

The sight glass open/close detection unit 113 is a unit that detects whether the sight glass 16 is open or closed, and its output is input to the control unit 100. The means for "opening and closing the sight glass 16" is not limited to mechanical opening and closing means, but also includes other means such as optical opening and closing means.

The interior lighting unit 115 is a light-emitting device for illumination, such as a high-brightness LED as described above.

The storage unit 121 is connected to the control unit 100 and is a device such as a non-volatile memory that stores data in a non-volatile manner.

The short-range wireless communication unit 123 is a part that performs short-range wireless communication with nearby terminals under the control of the control unit 100, and is preferably a device capable of peer-to-peer operation. In this embodiment, the use of BLE is assumed.

The internal temperature measuring unit 125 is a unit that measures the temperature inside the delivery box 10, and its output is input to the control unit 100. The internal temperature measuring unit 125 is started in response to a request from an external terminal such as the user terminal 20, and the measurement result is returned to that terminal.

The unlocking/locking drive unit 127 is a functional unit for unlocking/locking the electronic lock unit 17 that operates under the control of the control unit 100.

The sight glass drive unit 128 is a functional unit that operates under the control of the control unit 100 to open and close (including making transparent/opaque) the sight glass 16 and to lock it, and may include a shutter mechanism, a locking mechanism, a light control film, etc., which will be described later.

The sound output unit 129 is a part that generates sounds such as operating sounds and voices in association with locking/unlocking under the control of the control unit 100. Preferably, different sounds are generated when locking and unlocking.

Figure 4 shows an example of the configuration of the lock mechanism included in the electronic lock unit 17. This lock mechanism has a motor 51, a reduction gear 53 (gears 53a, 53b), a screw shaft 54, a movable table 57, and a bearing unit 59. The screw shaft 54, the movable table 57, and the bearing unit 59 constitute a ball screw 55. When the lock mechanism is in operation, the motor 51 rotates, and this rotation is decelerated by the reduction gear 53 and transmitted to the ball screw 55, and the rotational motion of the ball screw 55 is converted into a linear motion of the nut unit 57a, so that the movable table 57 moves along the ball screw 55. Depending on the rotation direction of the motor 51, the rod-shaped portion 57b of the movable table 57 protrudes/retracts into a recess (not shown) provided in the box body 12, thereby realizing the unlocking/locking operation of the home delivery box 10 (electronic lock unit 17). When the motor 51 stops, the position of the movable table 57 is maintained even if the power is turned off. Instead, a self-holding solenoid may be used. A self-holding solenoid is a device that achieves the same locking/unlocking action using electromagnetic principles, and by using a permanent magnet, the movable iron core can be kept attracted to the permanent magnet even when no current is flowing through the coil.

An example of the configuration of the locking status display unit 15 will be described with reference to FIG. 5. The locking status display unit 15 has a movable member that is linked to the unlocking/locking operation of the electronic lock unit 17, and displays the unlocked/locked status in color according to the operation of this movable member. Specifically, for example, a movable table 58 separate from the movable table 57 is provided for the screw shaft 54 of the ball screw 55 in the locking mechanism of the electronic lock unit 17 shown in FIG. 4, and a window 15a made of an opening or transparent material is provided in the bearing unit 59. The background of this window 15a is colored in a color (here, blue) indicating "unlocked". On the other hand, at least the portion of the sliding portion 58b of the movable table 58 facing the window 15a is colored in a color (here, red) indicating "locked". With this configuration, the window 15a displays blue when unlocked and red when locked. By using such a mechanical display mechanism, the locking (or unlocked) status can be correctly displayed even when the delivery box 10 is completely powered off.

An example of the configuration of the peephole 16 will be described with reference to FIG. 6. The size of the peephole 16 is at least large enough to allow the camera of the terminal to take a picture of the inside of the box. This peephole 16 uses a manual mechanical shutter mechanism 60. This shutter mechanism 60 is a transparent member 63 arranged on the box opening/closing section 13 so as to overlap the peephole 16, and an opaque member 61 of approximately the same size is held slidably on the transparent member 63. The opaque member 61 is provided with a knob (operation section) 62 that the user can manually operate by sliding it. Preferably, a peephole opening/closing detection section 113 is provided that detects a state in which the opaque member 61 completely covers the transparent member 63. As with the box opening/closing section opening/closing detection section 111 described above, the principle of operation of this peephole opening/closing detection section 113 may be any, such as mechanical, optical, or magnetic.

In addition, a shutter lock mechanism 127a is provided as a locking means for the shutter mechanism 60, which locks the state in which the opaque member 61 completely covers the transparent member 63. The shutter lock mechanism 127a can be one that uses the motor described above or one that uses a self-holding solenoid.

Other configurations are possible for the sight glass 16 as modified mechanical means. Although not specifically shown, for example, a configuration example can be used in which a shutter plate as a mechanical shutter is fixed to the nut portion that engages with the motor-driven ball screw as described above, and the shutter plate moves with the movement of the nut portion engaged with the ball screw. When this shutter plate covers the sight glass 16, it blocks visibility inside the box, and when it retreats from in front of the sight glass 16, visibility is permitted.

Figure 7 shows another example of the configuration of the peephole 16 in this embodiment. Instead of using mechanical means to block the view inside the delivery box through the peephole 16, Figure 7 shows an example in which a light-adjusting film 19 is used. In this example, a light-adjusting film 19 capable of controlling light transmission is installed in the peephole 16. The light-adjusting film 19 is a film that is made transparent/opaque (can be switched between a transparent state and an opaque state) by electrical control. Although not required, in this example, a lens 19a is arranged on the light-adjusting film 19 to enable a wide-angle view of the interior of the box along the viewing direction 19b. This allows the entire contents of the description of the slip attached to the top of the delivery item and code information (such as a barcode or two-dimensional code) to be photographed. In this specification, for convenience, the switching between the transparent and non-transparent states of the light-adjusting film 19 is included in the concept of opening and closing the peephole 16.

Figure 8 shows the key relationships of the public key cryptography (e.g., RSA) between the components of the home delivery system in this embodiment, and an overview of how communication data is exchanged.

In the server 40, an encryption/decryption module 41 that encrypts and decrypts data, delivery box numbers #1 to #N as delivery box identification information for each delivery box 10, and the corresponding private keys A1 to AN and public keys B1 to BN are stored. In the delivery box 10, an encryption/decryption module 11, the delivery box number #N, and the corresponding public key AN and private key BN are stored. The public key AN in the delivery box 10 and the private key AN in the server 40 form a pair of keys in the public key cryptosystem. Similarly, the private key BN in the delivery box 10 and the public key BN in the server 40 form a pair of keys in the public key cryptosystem. Basically, the public key in the public key cryptosystem is used to encrypt information, and the private key corresponding to the public key is used to decrypt information encrypted with the public key. The public key AN and private key BN in the delivery box 10 are stored in the storage unit 121 of the delivery box 10 when the delivery box 10 is shipped or afterwards.

The user terminal 20 stores an encryption/decryption module 21, the delivery box number #N, the private key AN, and the public key BN of the delivery box 10 related to this user. The delivery box number #N, the private key AN, and the public key BN are stored in the user terminal 20 at the time of initial setup. For this reason, the user of the delivery box 10 performs a predetermined initial setup using the user terminal 20 before using the delivery box 10. A dedicated app (application program) for this initial setup and for subsequent use of the delivery box 10 can be downloaded from a predetermined site on the communication network 27 and installed in the user terminal 20. However, a dedicated app is not essential, and it is also possible to log in to a predetermined website each time and perform the required operations.

In the initial setting, the user inputs user information such as the name, address, telephone number, and email address of the main user (master) into the user terminal 20, and issues an initial setting authentication request to the server 40 (S201). (If the location where the delivery box 10 is installed is different from the address, the installation location is also input.) In response to this, the server 40 confirms that the received delivery box number #N is a legitimate number and that user information has not yet been registered. At this time, the server 40 may request the input of a temporary user ID and temporary password assigned to the delivery box 10. After such confirmation, the server 40 registers the user information of the user in association with the delivery box number #N, and returns an authentication response to the user terminal 20 indicating that authentication and registration have been performed (S202). During this initial setting, the user's login ID and password are also registered for future server access by the user.

Next, the user terminal 20 issues a key request to the server 40 (S203), and in response, the server 40 returns the private key AN and public key BN corresponding to the delivery box number #N to the user terminal 20 (S204). In addition to this, the server 40 may send an email or message to the user indicating that the initial settings (registration) have been completed.

The user terminal 20 stores the received private key AN and public key BN internally together with the delivery box number #N.

Furthermore, as an initial setting on the delivery box 10 side, the user operates (e.g., presses and holds) the delivery button 14 on the delivery box 10, causing the delivery box 10 to request initial setting information from the user terminal 20 (S211), and in response, the user terminal 20 returns the initial setting information (S212). This initial setting information includes, for example, the user information described above, and the delivery box 10 receives this initial setting information and stores it in the internal memory unit 121. This completes the initial setting.

In the end, the information stored internally in the delivery box 10 is the delivery box number #N, the main user (master)'s name, address, telephone number (mobile phone number), email address, public key AN, private key BN, etc.

When multiple users use the same delivery box 10, additional users can be registered using the same procedure. However, from a security standpoint, it is preferable to allow only the IDs (mobile phone numbers, etc.) of other users previously registered by the first user (master) to be registered.

After that, when the user wants to unlock or lock the delivery box 10 (hereinafter referred to as "unlock/lock"), the user places the user terminal 20 near the delivery box 10 (carried by the user) with a dedicated app or the like running on the registered user terminal 20, and presses the delivery button 14 on the delivery box 10. This causes the control unit 100 of the delivery box 10 to issue an authentication request ciphertext via the short-range wireless communication unit 123 (S213). This authentication request ciphertext is an authentication request encrypted with the public key AN. The "authentication request" here is a request to authenticate the other terminal.

The user terminal 20 receives the authentication request ciphertext and decrypts it with the private key AN held by the user terminal 20. In response, the user terminal 20 prepares an authentication response and issues an authentication response ciphertext by encrypting it with the public key BN (S214). The "authentication response" here is information for authenticating the user terminal itself, such as (part of) user information held by the user terminal 20, for example, the delivery box number #N held by the user terminal 20 or the user's mobile phone number.

When the delivery box 10 receives the authentication response ciphertext and decrypts it with the private key BN to obtain authentication response information that meets a predetermined condition, it authorizes the unlock/lock request from the terminal. Specifically, after confirming that the authentication response information matches the information held by the delivery box 10 and that the user terminal 20 is registered with the delivery box 10, it issues an instruction request ciphertext in which an instruction request is encrypted with the public key AN to request an instruction from the other terminal (S215). The user terminal 20 decrypts this instruction request ciphertext with the private key AN to recognize the instruction request, and issues an unlock/lock instruction ciphertext in which the unlock/lock instruction is encrypted with the public key BN (S216). The delivery box 10 unlocks/locks the electronic lock unit 17 in response to the unlock/lock instruction obtained by decrypting the unlock/lock instruction ciphertext with the private key BN.

Here, the "unlock/lock instruction" is either an "unlock" instruction, a "lock" instruction, or a toggle instruction. A "toggle" instruction is an instruction to invert the state of the electronic lock, i.e., it requests unlocking if the state at the time of the instruction is "locked," and requests locking if the state is "unlocked." However, a toggle instruction is not necessarily required.

In this embodiment, the vendor terminal 30 holds a vendor ID, which is information for identifying the vendor. The vendor terminal 30 does not hold any public or private keys and is not involved in encryption or decryption.

When the courier wants to unlock/lock the delivery box 10 when the delivery company delivers the package, he/she first presses the delivery button 14. This causes the delivery box 10 to issue the authentication request cipher text as described above (S221). The company terminal 30, which receives this authentication request cipher text, adds a company terminal message (including the company ID) such as its own company ID to this cipher text and transmits it to the server 40 (S231). The delivery box 10 holds in advance the destination information (e.g. IP address) used when the company terminal 30 sends information to the server 40, and adds the destination information to the authentication request cipher text issued by the delivery box 10. The destination information is not encrypted. If the company terminal 30 holds the server's IP address, there is no need to add the destination information to the authentication request cipher text issued by the delivery box 10.

The server 40 that has received the authentication request ciphertext decrypts the authentication request ciphertext with the private key AN of the delivery box number N, confirms that the delivery box number N has been registered, and confirms that the company terminal message is valid, then creates a predetermined authentication response, encrypts it with the public key BN, and returns it to the company terminal 30 as an authentication response ciphertext (S232). The authentication response here may include information such as the server 40's identification information (e.g., IP address), the delivery box number, and the company ID.

The provider terminal 30 that receives this authentication response ciphertext transmits it as is to the delivery box 10 (S222).

The delivery box 10 decrypts the received authentication response ciphertext with its own private key BN, and when the obtained authentication response information matches a predetermined condition, it issues a request to the company to unlock/lock (S223). When the predetermined condition is met, for example, when it is confirmed that information such as the server 40's identification information (e.g., IP address), the delivery box number, and the company ID matches the information stored in the delivery box 10 based on information from the server 40. In response, the company terminal 30 returns a company information response (S224). This company information response may include the unlock/lock request, the company ID, delivery identification information (such as a slip number or waybill number), and delivery information such as the delivery item and delivery address.

Next, the delivery box 10 issues an unlock/lock instruction request ciphertext in which the unlock/lock instruction request is encrypted with the public key AN (S225). The unlock/lock instruction request is a message requesting (allowing) an unlock/lock instruction to be given to an external terminal. The provider terminal 30 that receives this adds a provider terminal message (including the provider ID) to the unlock/lock instruction request ciphertext and sends it to the server 40 (S233). The server 40 decrypts the received unlock/lock instruction request ciphertext with the private key AN and confirms that the unlock/lock instruction request is from a registered delivery box number and a known provider ID, then generates an unlock/lock instruction ciphertext in which the unlock/lock instruction is encrypted with the public key BN together with the delivery box number, and sends it back to the provider terminal 30 (S234).

The company terminal 30 transfers this unlock/lock command ciphertext to the delivery box 10 (S226). The delivery box 10 decrypts this unlock/lock command ciphertext with the private key BN, confirms that it is a command from the server 40 to itself, and executes the unlock/lock command.

During this time, the provider terminal 30 is not involved in the encryption/decryption at all, and external terminals that have not been initially registered cannot be involved in the unauthorized operation of the delivery box 10.

In this embodiment, the authentication request ciphertext S213 and the authentication request ciphertext S221 have the same content and are indistinguishable, and at this stage the delivery box 10 does not know whether the other terminal is the user terminal 20, the service provider terminal 30, or even the server 40. Based on the content of the response from the other terminal, it recognizes whether the other terminal is the user terminal 20 or the service provider terminal 30. In other words, if the other terminal is the user terminal 20, the user terminal 20 generates and encrypts the authentication response and the unlock/lock request. On the other hand, if the other terminal is the service provider terminal 30, the service provider terminal 30 transfers the authentication request to the server 40, and the server 40 to which the service provider terminal 30 is connected generates and encrypts the authentication response and the unlock/lock request, and the service provider terminal 30 returns the ciphertext of the authentication response and the unlock/lock request to the delivery box 10.

Messages between components in this delivery system may include, for example, the following items. Messages may include both encrypted and unencrypted parts.

a. Message type (request, response, authentication, etc.)
b. Message length (size of subsequent messages)
c. Destination address (server IP address)
d. Sender address (delivery box number)
e. Contents of the ciphertext f. Delivery box number g. Sender address h. Error correction code such as CRC32 (overall CRC including the ciphertext)

The message output by the vendor terminal 30 may have a vendor message type and may include additional information such as the vendor ID and delivery information.

Figure 9 shows an example of a screen of the user terminal 20 in this embodiment.

Figure 9 (a) shows an example of a screen on the user terminal 20 that displays an email or message sent to the user terminal 20 from the server 40 or from a delivery company. In this example, a parcel addressed to the user has been placed in the user's delivery box 10, and an operation instruction 71 is displayed as text informing the user that the delivery has been completed, stating, "Place the user-registered terminal near the delivery box and press the 'Delivery button'." When using a dedicated app, the user can be directed to this screen in response to a push notification from the server 40.

Figure 9 (b) is an example of a screen of a dedicated app used together with the notification of Figure 9 (a). This screen displays a notification section 72 in which notifications from the server 40 and the delivery box 10 are displayed, a collection request button 74, an initial setting button 75, and an internal temperature measurement button 76.

The notification content is displayed in the notification field 72. When a delivery has been made by the carrier, a notification to that effect is given, and the user is directed to the screen of FIG. 9(a). However, even if the screen of FIG. 9(a) is not displayed, when the user terminal 20 approaches the delivery box 10, the delivery box 10 can be unlocked by pressing the delivery button on the delivery box 10. The notification in the notification field 72 that delivery has been completed inside the delivery box 10 is erased when the user subsequently unlocks the box. The most recent notification is displayed in the notification field 72, and older notifications are kept in the history along with their date and time information. The user can check this history using an operation not shown.

The collection request button 74 is a button that the user operates to request a delivery company to collect an item that has been delivered using the delivery box 10 at the user's home. By pressing (touching) this button, a collection request screen (not shown) opens, and the user can select the desired delivery company from among multiple delivery companies on this screen and make a collection request. This request instruction is notified to the delivery company via the server 40.

The initial setting button 75 is a button that the user operates to perform the initial settings of the delivery box 10, and pressing this button allows the initial setting operations described above to be performed.

The internal temperature measurement button 76 is an operation button that, when pressed, causes the internal temperature measurement unit 125 of the delivery box 10 to measure the internal temperature and display the measured value on the screen of the user terminal 20. Naturally, this internal temperature measurement is only valid while the power of the delivery box 10 is on. If the delivery box 10 is refrigerated, and the delivery item to be received is a refrigerated item and cannot be taken out immediately after delivery is completed, the user can place an ice pack in the delivery box prior to the delivery. In such a case, the internal temperature can be checked after the ice pack is placed or when the delivery item is taken out. Also, if the delivery person places an ice pack with the delivery item, the user can check the internal temperature when taking out the delivery item and measure the storage temperature inside the delivery box.

Figure 9(c) is an example of a screen that replaces Figure 9(b). In this example of a screen, an unlock/lock button 73 is provided. The unlock/lock button 73 is an operation button that allows the user to issue a toggle command to alternate between the unlocked and locked states of the delivery box 10. The other buttons are the same as in Figure 9(b), and so a description thereof will be omitted.

Figure 9(d) shows yet another example screen. This example screen differs from the screen in Figure 9(c) in that instead of the unlock/lock button 73, separate unlock button 73a and lock button 73b are provided. The other buttons are the same as in Figure 9(c), and so a description of them will be omitted.

The user can unlock and lock the delivery box 10 even without the above-mentioned notification, and even if the delivery box 10 is empty and has no parcels inside.

<Operation Example of the Embodiment>
Below, examples of the operation of the delivery box 10 and the delivery system in specific operation modes will be described. The individual operation modes include an unlock mode at delivery, a lock mode at delivery, a user unlock/lock mode, an unlock mode at collection, and a lock mode at collection, and specific processing steps for each process will be described. The processes of all operation modes in this embodiment are started by pressing the delivery button 14.

Figure 10 is a sequence diagram showing the specific processing steps of the process of unlocking at the time of delivery. This is a process in which the courier unlocks the delivery box 10 if the delivery box 10 is locked when the carrier makes the delivery. If the delivery box 10 is unlocked at the time of delivery, this process can be omitted.

In the process of unlocking the parcel upon delivery, when the parcel driver presses the delivery button 14 (S11), the power of the parcel box 10 is turned on and operation is started (S12). At this time, BLE pairing is performed between the business terminal 30 and the parcel box 10, and a connection is established via short-range wireless communication.

The delivery box 10 first issues the authentication request ciphertext described above (S13). The provider terminal 30 receives this and adds a provider terminal message (including the provider ID) to the authentication request ciphertext and transmits it to the server 40 via the communication network 27 (S14). The server 40 receives this, decrypts (decodes) the authentication request ciphertext with the private key AN, confirms that the delivery box number N has been registered and that the provider terminal message is valid, creates a predetermined authentication response, encrypts this with the public key BN to generate an authentication response ciphertext (S15), and returns it to the provider terminal 30 (S16). The authentication response here may include information such as the server 40's identification information (e.g., IP address), the delivery box number, and the provider ID. The provider terminal 30 transfers this authentication response ciphertext directly to the delivery box 10 via short-range wireless communication (S17).

The delivery box 10 decrypts (decodes) the received authentication response ciphertext with the private key BN (S18), and when the obtained authentication response information matches a predetermined condition, it allows the unlocking/locking request from the terminal. When the predetermined condition is met, for example, when it is confirmed that the identification information of the server 40 (e.g., IP address), the delivery box number, the company ID, and other information based on the information from the server 40 match the information stored in the delivery box 10. To do this, a company unlocking/locking information request is first issued. Since the delivery box 10 is currently in a locked state, the company unlocking/locking information request here is a company unlocking information request (S19). At this time, the delivery box 10 can recognize that it is in a locked state by the electronic lock unit 17. If the electronic lock unit 17 does not have such a function, the current state is stored in the memory unit 121 as a flag. The company terminal 30 returns a company information response in response to the company unlocking information request (S20). As mentioned above, this contractor information response may include an unlock/lock request (here, an unlock request), contractor ID, delivery identification information (such as a slip number or waybill number), and delivery information such as the item and delivery address.

The delivery box 10 that has received the company information response generates an unlocking instruction request and issues an unlocking instruction request ciphertext by encrypting it with the public key AN (S21). This unlocking instruction request includes the delivery box number, the company ID, delivery information, etc. The company terminal 30 that has received the unlocking instruction request adds a company terminal message (including the company ID) to this unlocking instruction request ciphertext and sends it to the server 40 (S22). The server 40 receives this, decrypts (decodes) the unlocking instruction request ciphertext with the private key AN (S23), checks the contents, temporarily stores them, and then returns the unlocking instruction ciphertext, which is an unlocking instruction encrypted with the public key BN, to the delivery terminal 30 (S24). This unlocking instruction ciphertext may include at least the delivery box number. The company terminal 30 transfers this unlocking instruction ciphertext as is to the delivery box 10 (S25).

The delivery box 10 decrypts this unlock command ciphertext with private key BN, confirms that it is a command intended for itself, and executes the unlock command (S26). The delivery box 10 then issues an unlock completion response including its own delivery box number (S27), which the provider terminal 30 transfers to the server 40 (S28). The server 40, upon receiving this, recognizes that unlocking of the delivery box 10 has been completed, and records the unlock completion including the temporarily stored information about the delivery box 10 (S29). The server 40 then sends an unlock completion ACK to the provider terminal 30 (S30), which the provider terminal 30 transfers to the delivery box 10 (S31). In response to this, the delivery box 10 turns off its power (S32).

The delivery person can recognize that the delivery box 10 has changed to an unlocked state by the sound output from the sound output unit 129, and can immediately visually confirm that the delivery box 10 has become unlocked by the locking status display unit 15.

As described above, during this process, the provider terminal 30 is not involved in the encryption/decryption at all, and external terminals that have not been initially registered cannot be involved in the unauthorized operation of the delivery box 10. The same applies to the processes of the other operating modes described below.

If another delivery item has already been placed in the delivery box 10 and has not yet been removed by the user, the delivery box 10 may be configured to refuse to be unlocked by the delivery person. For example, to do so, the delivery box 10 may confirm that the user has performed the unlocking process after the previous locking process at delivery (described below) as a prerequisite for issuing a request for vendor unlocking information in step S19.

Figure 11 is a sequence diagram showing the specific processing steps of the locking process at delivery. This is the process of locking the delivery box after the delivery person places the delivery item in the delivery box 10 when the carrier makes a delivery.

In the locking process at the time of delivery, when the delivery person presses the delivery button 14 (S41), the power of the delivery box 10 is turned on and operation is started (S42). At this time, the pairing for short-range wireless communication between the service provider terminal 30 and the delivery box 10 is saved and a connection is made immediately. However, if the delivery box 10 is unlocked at the time of delivery, when the service provider terminal 30 connects to the delivery box 10 for the first time, the short-range wireless communication between the two starts with BLE pairing.

First, the delivery box 10 issues the authentication request ciphertext described above (S43). The provider terminal 30, which receives this, adds a provider terminal message (including the provider ID) to this authentication request ciphertext and transmits it to the server 40 via the communication network 27 (S44). The server 40 receives this, decrypts (decodes) the authentication request ciphertext with the private key AN, confirms that the delivery box number N has been registered and that the provider terminal message is valid, creates a predetermined authentication response, generates an authentication response ciphertext by encrypting this with the public key BN (S45), and returns it to the provider terminal 30 (S46). The authentication response here may include information such as the server 40's identification information (e.g., IP address), the delivery box number, and the provider ID. The provider terminal 30 transfers this directly to the delivery box 10 via short-range wireless communication (S47).

The delivery box 10 decrypts (decodes) the received authentication response ciphertext with the private key BN (S48), and when the obtained authentication response information matches a predetermined condition, it allows the unlock/lock request from the terminal. When the predetermined condition is met, for example, when it is confirmed that the identification information of the server 40 (e.g., IP address), the delivery box number, the company ID, and other information based on the information from the server 40 match the information stored in the delivery box 10. To do this, a company unlock/lock information request is first issued. The company lock/lock information request here is a company lock information request because the delivery box 10 is currently in an unlocked state (S49). At this time, the delivery box 10 can recognize that it is in a locked state by the electronic lock unit 17. If the electronic lock unit 17 does not have such a function, the current state is stored in the memory unit 121 as a flag. The company terminal 30 returns a company information response in response to the company lock information request (S50). As mentioned above, this company information response may include an unlock/lock request (here, a lock request), company ID, delivery identification information (such as a slip number or waybill number), and delivery information such as the item and delivery address.

The delivery box 10 that receives the company information response generates a locking instruction request and issues a locking instruction request ciphertext by encrypting it with the public key AN (S51). This locking instruction request includes the delivery box number, the company ID, delivery information, etc. The company terminal 30 that receives the locking instruction request adds a company terminal message (including the company ID) to this locking instruction request ciphertext and sends it to the server 40 (S52). The server 40 receives it, decrypts (decodes) the locking instruction request ciphertext with the private key AN (S53), checks the contents, temporarily stores them, and then returns a locking instruction ciphertext in which the locking instruction is encrypted with the public key BN to the delivery terminal 30 (S54). This locking instruction ciphertext may include at least the delivery box number. The company terminal 30 transfers this locking instruction ciphertext as is to the delivery box 10 (S55).

The delivery box 10 decrypts this lock instruction encrypted text with the private key BN, confirms that it is an instruction intended for itself, and executes the lock instruction (S56). At this time, as a prerequisite for locking, the box open/close detection unit 111 may confirm that the delivery box 10 is in a closed state. The delivery person can recognize that the delivery box 10 has changed to a locked state by the sound output from the sound output unit 129, and can immediately visually confirm that the delivery box 10 has become locked by the lock status display unit 15.

Then, the delivery box 10 issues a video capture request (S57), and the service provider terminal 30 instructs the delivery person to take a picture of the delivery item. At this time, the delivery box 10 turns on the interior lighting unit 115. If the opening and closing of the peep hole 16 is controlled by the control unit 100, the control unit 100 opens the peep hole 16. If the opening and closing of the peep hole 16 is manual, the delivery person manually unlocks the peep hole 16 and opens it. When the delivery item inside the delivery box 10 is photographed through the peep hole 16, the service provider terminal 30 transmits this video (photographed image) to the server 40 (S58). Other information such as delivery identification information, the delivery box number, and the date and time of the photo may be added to this video.

The server 40, having received this image, recognizes that the locking has been completed, and stores this image, including the temporarily stored information, in association with the delivery identification information and the delivery box 10 (S59). This serves as evidence that the delivery service has been completed successfully. The server 40 then sends a window lock instruction to the service terminal 30 (S60), which then transfers this to the delivery box 10 (S61). In response to this, the delivery box 10 closes and locks (or locks) the peep hole 16, and then turns off the power (S62). At that time, if the opening of the peep hole 16 is under the control of the control unit 100, the peep hole driving unit 108 closes it in response to an instruction from the control unit 100. If it is done manually, the delivery person closes the peep hole 16, and after the peep hole opening/closing detection unit 113 detects that it has been closed, the peep hole driving unit 108 locks the peep hole 16.

Figure 12 is a sequence diagram showing the specific processing steps of the user unlocking/locking process. This is the process by which a user unlocks/locks their own delivery box 10.

In this user unlocking/locking process, when the user presses the delivery button 14 (S71), the power to the delivery box 10 is turned on and operation is started (S72). At this time, BLE pairing between the user terminal 20 and the delivery box 10 has already been performed during initial setup, and a connection for short-range wireless communication is immediately established.

First, the delivery box 10 issues the authentication request ciphertext described above (S73). The user terminal 20 receives this and decrypts (decodes) this authentication request ciphertext with the private key AN, verifies that the received delivery box number matches its own, then generates an authentication response and encrypts this with the public key BN to generate an authentication response ciphertext (S74), and sends this back to the delivery box 10 (S75).

The delivery box 10 decrypts the received authentication response ciphertext with the private key BN (S76), and when the obtained authentication response information matches a predetermined condition, it permits the unlock/lock request from the terminal. When the predetermined condition is met, for example, when it is confirmed based on information from the user terminal 20 that the received delivery box number matches the delivery box number of the user terminal 20, that the user terminal 20 is a registered user terminal, etc. Next, a user unlock/lock request ciphertext is issued in which the user unlock/lock request is encrypted with the public key AN (S77). The user unlock/lock request here is a request for a toggle instruction to reverse the current unlock/lock state of the delivery box 10. In response to this, the user terminal 20 generates an unlock/lock instruction ciphertext in which the toggle instruction is encrypted with the public key BN as an unlock/lock instruction (S78), and returns this to the delivery box 10 (S79). This unlock/lock instruction may include the delivery box number.

The delivery box 10 decrypts this unlock/lock command ciphertext with the private key BN, confirms that it is a command for itself, and executes the unlock/lock command (S80). When locking, the box open/close section open/close detection section 111 may confirm that the delivery box 10 is in a closed state as a prerequisite. The delivery box 10 then issues an unlock/lock completion response including its own delivery box number (S81). The user terminal 20, upon receiving this, recognizes that the unlock/lock operation has been completed, and displays the unlock/lock completion (S82). Next, a completion ACK is returned to the delivery box 10 (S83). In response, the delivery box 10 turns off the power (S84). The user can recognize that the unlock/lock state of the delivery box 10 has changed by the sound output from the sound output section 129, and can immediately visually confirm whether the delivery box 10 is in a locked state or an unlocked state by the lock state display section 15.

In addition, instead of a toggle command, the user terminal 20 may individually specify an unlock command or a lock command, as in the case of the business terminal 30.

Figure 13 is a sequence diagram showing the specific processing steps of the process of unlocking the parcel when it is collected. This is the process of unlocking the locked parcel box 10 in which the parcel to be collected is stored when the parcel is collected by the carrier.

In the process of unlocking the parcel when it is collected, when the parcel driver presses the delivery button 14 (S91), the power of the parcel box 10 is turned on and operation is started (S92). At this time, BLE pairing is performed between the business terminal 30 and the parcel box 10, and a connection is established for short-range wireless communication.

First, the delivery box 10 issues the authentication request ciphertext described above (S93). The provider terminal 30, which receives this, adds a provider terminal message (including the provider ID) to this authentication request ciphertext and transmits it to the server 40 via the communication network 27 (S94). The server 40 receives this, decrypts (decodes) the authentication request ciphertext with the private key AN, confirms that the delivery box number N has been registered and that the provider terminal message is valid, creates a predetermined authentication response, encrypts this with the public key BN to generate an authentication response ciphertext (S95), and returns it to the provider terminal 30 (S96). The authentication response here may include information such as the server 40's identification information (e.g., IP address), the delivery box number, and the provider ID. The provider terminal 30 transfers this directly to the delivery box 10 via short-range wireless communication (S97).

The delivery box 10 decrypts (decodes) the received authentication response ciphertext with the private key BN (S98), and when the obtained authentication response information matches a predetermined condition, it allows the unlocking/locking request from the terminal. When the predetermined condition is met, for example, when it is confirmed that the identification information of the server 40 (e.g., IP address), the delivery box number, the company ID, and other information based on the information from the server 40 match the information stored in the delivery box 10. To do this, a company unlocking/locking information request is first issued. Since the delivery box 10 is currently in a locked state, the company unlocking/locking information request here is a company unlocking information request (S99). At this time, the delivery box 10 can recognize that it is in a locked state by the electronic lock unit 17. If the electronic lock unit 17 does not have such a function, the current state is stored in the memory unit 121 as a flag. The company terminal 30 returns a company information response in response to the company unlocking information request (S100). As mentioned above, this company information response includes an unlock/lock request (here, an unlock request), company ID, delivery identification information (such as a slip number or waybill number), and delivery information (collection information) such as the item and delivery address.

The delivery box 10 that has received the vendor information response generates an unlock instruction request and issues an unlock instruction request ciphertext by encrypting it with the public key AN (S101). This unlock instruction request includes the delivery box number, the vendor ID, delivery information (collection information), etc. The vendor terminal 30 that has received the unlock instruction request adds a vendor terminal message (including the vendor ID) to this unlock instruction request ciphertext and transmits it to the server 40 (S102). The server 40 receives this, decrypts (decodes) the unlock instruction request ciphertext with the private key AN (S103), checks the contents, temporarily stores them, and then returns the unlock instruction ciphertext, which is an unlock instruction encrypted with the public key BN, to the delivery terminal 30 (S104). This unlock instruction ciphertext may include at least the delivery box number. The vendor terminal 30 transfers this unlock instruction ciphertext as is to the delivery box 10 (S105).

The delivery box 10 decrypts this unlock command ciphertext with private key BN, confirms that it is a command intended for itself, and executes the unlock command (S106). The delivery box 10 then issues an unlock completion response including its own delivery box number (S107), which the provider terminal 30 transfers to the server 40 (S108). The server 40, upon receiving this, recognizes that the unlocking has been completed, and records the unlocking completion for that delivery box 10, including the temporarily stored information (S109). The server 40 then sends an unlock completion ACK to the provider terminal 30 (S110), which the provider terminal 30 transfers to the delivery box 10 (S111). In response, the delivery box 10 turns off the power (S112).

The delivery person can recognize that the delivery box 10 has changed to an unlocked state by the sound output from the sound output unit 129, and can immediately visually confirm that the delivery box 10 has become unlocked by the locking status display unit 15.

Figure 14 is a sequence diagram showing the specific processing steps of the locking process at the time of collection. This is a process for locking the delivery box 10 after the delivery item to be collected is removed when the delivery company collects the item. If locking is not required after the delivery item to be collected is removed from the delivery box 10, this locking process at the time of collection is not required.

In this locking process at collection time, when the delivery person (collector) presses the delivery button 14 (S121), the power of the delivery box 10 is turned on and operation is started (S122). At this time, pairing and connection of short-range wireless communication is performed between the business terminal 30 and the delivery box 10.

After that, the delivery box 10 first issues the above-mentioned authentication request ciphertext (S123). The provider terminal 30, which receives this, adds a provider terminal message (including the provider ID) to this authentication request ciphertext and transmits it to the server 40 via the communication network 27 (S124). The server 40 receives this, decrypts (decodes) the authentication request ciphertext with the private key AN, confirms that the delivery box number N has been registered and that the provider terminal message is valid, creates a predetermined authentication response, generates an authentication response ciphertext by encrypting this with the public key BN (S125), and returns it to the provider terminal 30 (S126). The authentication response here may include information such as the server 40's identification information (e.g., IP address), the delivery box number, and the provider ID. The provider terminal 30 transfers this directly to the delivery box 10 by short-range wireless communication (S127).

The delivery box 10 decrypts (decodes) the received authentication response ciphertext with the private key BN (S128), and when the obtained authentication response information matches a predetermined condition, it allows the unlocking/locking request from the terminal. When the predetermined condition is met, for example, when it is confirmed that the identification information of the server 40 (e.g., IP address), the delivery box number, the company ID, and other information based on the information from the server 40 match the information stored in the delivery box 10. To do this, a company unlocking/locking information request is first issued. Since the delivery box 10 is currently in an unlocked state, the company unlocking/locking information request here is a company locking information request (S129). At this time, the delivery box 10 can recognize that it is in a locked state by the electronic lock unit 17. If the electronic lock unit 17 does not have such a function, the current state is stored in the memory unit 121 as a flag. The company terminal 30 returns a company information response in response to the company locking information request (S130). As mentioned above, this company information response includes an unlock/lock request (here, a lock request), company ID, delivery identification information (such as a slip number or waybill number), and delivery information (collection information) such as the item and delivery address.

The delivery box 10 that has received the vendor information response generates a locking instruction request and issues a locking instruction request ciphertext by encrypting it with the public key AN (S131). This locking instruction request includes the delivery box number, the vendor ID, delivery information (collection information), etc. The vendor terminal 30 that has received the locking instruction request adds a vendor terminal message (including the vendor ID) to this locking instruction request ciphertext and sends it to the server 40 (S132). The server 40 receives this, decrypts (decodes) the locking instruction request ciphertext with the private key AN (S133), checks the contents, temporarily stores them, and then returns the locking instruction ciphertext, in which the locking instruction is encrypted with the public key BN, to the vendor terminal 30 (S134). This locking instruction ciphertext may include at least the delivery box number. The vendor terminal 30 transfers this locking instruction ciphertext as is to the delivery box 10 (S135).

The delivery box 10 decrypts this locking instruction ciphertext with the private key BN, confirms that it is an instruction for itself, and executes the locking instruction (S136). At this time, as a prerequisite for locking, the box open/close unit open/close detection unit 111 may confirm that the delivery box 10 is in a closed state. The delivery box 10 then issues a locking completion response including its own delivery box number (S137), and the service provider terminal 30 transfers this to the server 40 (S138). The server 40, upon receiving this, recognizes that the locking of the delivery box 10 has been completed, and records the locking completion of the delivery box 10 including the temporarily stored information (S139). The server 40 then sends a locking completion ACK to the service provider terminal 30 (S140), and the service provider terminal 30 transfers this to the delivery box 10 (S141). In response to this, the delivery box 10 turns off the power (S142).

The delivery person can recognize that the delivery box 10 has changed to an unlocked state by the sound output from the sound output unit 129, and can immediately visually confirm that the delivery box 10 has become locked by the locking status display unit 15.

Effects of the embodiment
By using the delivery box of this embodiment, the need for redelivery by the delivery company and the need for face-to-face handover of the delivery item can be significantly reduced.

This delivery box is battery-operated, so there is no need to plug in a power source and it is easy to install.

By using public key cryptography, the delivery box can encrypt messages between the user terminal and the server, making it possible to realize a highly secure delivery box that can prevent unauthorized unlocking/locking by anyone other than the user and prevents impersonation of the delivery person. In this case, by not allowing the delivery person's terminal to be involved in the encryption/decryption at all, it is possible to prevent fraud such as delivery person impersonation.

By communicating between the delivery box and the terminal via short-range wireless communication, it is possible to perform unlocking and locking operations similar to keyless entry for automobiles, without having to install a slip reader or numeric keypad input unit in the delivery box, and without the user having to enter a PIN number (password) or other information.

All operations such as locking and unlocking the delivery box are powered on (activated) by pressing the delivery button on the delivery box, and the power is automatically turned off after the operation is completed, which reduces power consumption in a battery-powered delivery box and extends the battery life. In particular, the combination of the first switch and the second switch means that even standby current does not flow when the power is off, achieving a completely zero power consumption state. Because the power is turned off automatically, it is possible to prevent forgetting to turn the power off. As a result, a delivery box that can withstand long-term operation when battery-powered can be realized.

In addition, when the delivery is completed by the carrier, the contents of the parcel can be photographed from outside the delivery box through the viewing window 16, and the delivered state can be recorded as a photographed image, making it possible to replace confirmation of receipt by the recipient's receipt stamp.

<Modification>
Although the preferred embodiment of the present invention has been described above, various modifications, changes, additions, deletions, etc. can be made to the above-mentioned configuration and operation as long as no particular problems arise.

For example, a delivery service using the delivery box of this embodiment can be provided as a so-called subscription service in which the user is charged a specified amount of usage fee per certain period (e.g., ○ yen per month).

If the user terminal 20 has a GPS (Global Positioning Satellite) function, the user information when using the delivery box 10 may include location information of the user terminal 20.

The first and second switch configurations for extending the battery life are suitable for use in the delivery box of this embodiment, but are not necessarily limited to use as a delivery box. In addition, they are features that can be established in use as a delivery box independently of the other features described above.

REFERENCE SIGNS LIST 10 Delivery box 10 User terminal 11 Encryption/decryption module 12 Box body 12a Opening 13 Box opening/closing section 14 Delivery button (power button)
15 Lock status display unit 15a Window 16 Viewing window 17 Electronic lock unit 19 Light control film 19a Lens 19b Viewing direction 20 User terminal 21 Encryption/decryption module 25 User's home 27 Communication network 30 Contractor terminal 40 Server 41 Encryption/decryption module 51 Motor 53 Reduction gear 57 Movable table 57a Nut portion 57b Rod-shaped portion 58 Movable table 58b Slide portion 59 Bearing portion 60 Shutter mechanism 61 Opaque member 63 Transparent member 71 Operation instruction 72 Notification field 73 Unlock/lock button 73a Unlock button 73b Lock button 74 Collection request button 75 Initial setting button 76 Inside temperature measurement button 100 Control unit 101 Battery 103 First switch (momentary switch)
105 Second switch (semiconductor switch)
107 Emergency external power supply input 109 Power supply circuit section 111 Box opening/closing section opening/closing detection section 113 Viewport opening/closing detection section 115 Interior lighting section 121 Memory section 123 Short-range wireless communication section 125 Interior temperature measurement section 127 Unlocking/locking drive section 127a Shutter lock mechanism 128 Viewport drive section 129 Sound output section

Claims (18)

A delivery box in a delivery system including a delivery box, a user terminal, a delivery company terminal of a delivery company, and a server,
A box body having an opening;
a box opening/closing part attached to the box body and adapted to open and close the opening;
an electronic lock unit capable of unlocking/locking the box opening/closing unit to the box main body;
A short-range wireless communication unit;
A control unit.
The control unit is
The short-distance wireless communication unit issues an authentication request encrypted with the public key A assigned to the home distribution box to a terminal located within a short distance,
When receiving an authentication response encrypted with the public key B assigned to the home distribution box from the terminal, the authentication response is decrypted with the private key B assigned to the home distribution box in advance,
When the decryption result meets a predetermined condition, the terminal is permitted to issue an unlock/lock command.
receiving an unlock/lock instruction encrypted with the public key B from the terminal, and decrypting it with the private key B to unlock/lock the electronic lock unit ;
When the terminal is a user terminal related to a user of the delivery box, the user terminal generates the authentication response and the unlock/lock instruction and encrypts them;
If the terminal is a company terminal of a delivery company, the company terminal transfers the authentication request to the server via a communication network;
The server generates the authentication response and the unlock/lock instruction and encrypts them, and the company terminal returns the encrypted text of the authentication response and the unlock/lock instruction obtained from the server via a communication network to the delivery box.
Delivery box. The delivery box according to claim 1, wherein the authentication request and the authentication response include identification information of the delivery box. When the terminal is a provider terminal, the control unit
The delivery box of claim 1, wherein when the result of decrypting the ciphertext of the authentication response using the private key B matches predetermined conditions, the delivery box requests company information and delivery item information from the company terminal, receives that information from the company terminal, and then sends an unlock/lock instruction request including the information encrypted with the public key A to the server via the company terminal. The box further includes an observation window provided in the opening and closing portion of the box,
The sight glass has a shutter mechanism that can be manually opened and closed, and a locking means that locks the closed state of the shutter mechanism under the control of the control unit, so that when the shutter mechanism is open, the inside of the box can be viewed, and when the shutter mechanism is closed, the inside of the box cannot be viewed,
The delivery box of claim 1, wherein the control unit unlocks the peephole after the electronic lock unit is locked when a delivery item is placed inside the box, and locks the peephole in a closed state in response to instructions from the server which receives an image captured by the delivery terminal. The box further includes an observation window provided in the opening and closing portion of the box,
The observation window has a shutter mechanism that can be opened and closed by the control unit, and when the shutter mechanism is open, the inside of the box can be viewed, and when the shutter mechanism is closed, the inside of the box cannot be viewed,
The delivery box of claim 1, wherein the control unit opens the shutter mechanism after locking the electronic lock unit when a delivery item is placed inside the box, and closes the shutter mechanism in response to instructions from the server which receives an image captured by the delivery terminal. The box further includes an observation window provided in the opening and closing portion of the box,
The observation window has a light control film whose light transmission can be controlled by the control unit,
The delivery box of claim 1, wherein the control unit makes the light-adjusting film transparent after the electronic lock unit is locked when a delivery item is placed inside the box, and makes the light-adjusting film opaque in response to instructions from the server which receives an image captured by the delivery terminal. A battery;
A power supply circuit unit that drives the electronic lock unit;
a first switch of an automatic reset type that is disposed between the battery and the power supply circuit unit and that is operated by a user to establish electrical continuity between the battery and the power supply circuit unit;
a second switch connected in parallel to the first switch and controlled to be turned on and off based on a control signal;
A delivery box as described in any one of claims 1 to 6, wherein the control unit turns on the second switch when the first switch is turned on by the user, and controls the unlocking/locking of the electronic lock unit in accordance with operation of the terminal, and turns off the second switch after processing of the delivery box by operation of the terminal is completed. A delivery box as described in any one of claims 1 to 7 , comprising a movable member that is linked to the unlocking/locking operation of the electronic lock unit, and a status display unit that displays the unlocked/locked status in color according to the operation of the movable member. A delivery box that can be locked with an electronic lock,
The box body,
A box opening/closing part attached to the box body;
an electronic lock unit capable of unlocking/locking the box opening/closing unit to the box main body ;
A battery;
A power supply circuit unit that drives the electronic lock unit;
a first switch of an automatic reset type that is disposed between the battery and the power supply circuit unit and that is operated by a user to establish electrical continuity between the battery and the power supply circuit unit;
a second switch connected in parallel to the first switch and controlled to be turned on and off based on a control signal;
A control unit which, when the first switch is turned on by a user, turns on the second switch and controls the unlocking/locking of the electronic lock unit in accordance with the user's operation, and turns off the second switch after processing of the delivery box by the user's operation is completed. The box further includes an observation window provided in the opening and closing portion of the box,
The sight glass has a shutter mechanism that can be manually opened and closed, and a locking means that locks the closed state of the shutter mechanism under the control of the control unit, so that when the shutter mechanism is open, the inside of the box can be viewed, and when the shutter mechanism is closed, the inside of the box cannot be viewed,
The control unit of the delivery box described in claim 9 is configured to unlock the peephole after the electronic lock is locked when a delivery item is placed inside the box, and to lock the peephole in a closed state in response to instructions from a server that receives an image captured by the delivery terminal. The box further includes an observation window provided in the opening and closing portion of the box,
The observation window has a shutter mechanism that can be opened and closed by the control unit, and when the shutter mechanism is open, the inside of the box can be viewed, and when the shutter mechanism is closed, the inside of the box cannot be viewed,
The delivery box of claim 9, wherein the control unit opens the shutter mechanism after locking the electronic lock unit when a delivery item is placed inside the box, and closes the shutter mechanism in response to instructions from a server that receives an image captured by a delivery terminal. The box further includes an observation window provided in the opening and closing portion of the box,
The observation window has a light control film whose light transmission can be controlled by the control unit,
The delivery box of claim 9, wherein the control unit makes the light-adjusting film transparent after the electronic lock unit is locked when a delivery item is placed inside the box, and makes the light-adjusting film opaque in response to instructions from a server that receives an image captured by a delivery terminal. The delivery box according to any one of claims 10 to 12 , wherein the control unit locks the electronic lock unit and turns off the second switch after the observation window is closed or locked. A delivery box as described in any one of claims 9 to 13 , further comprising a movable member that is linked to the unlocking/locking operation of the electronic lock unit, and a status display unit that displays the unlocked/locked status in color according to the operation of the movable member. A delivery box in a delivery system including a delivery box, a user terminal, a delivery company terminal of a delivery company, and a server,
A box body having an opening;
a box opening/closing part attached to the box body and adapted to open and close the opening;
an electronic lock unit capable of unlocking/locking the box opening/closing unit to the box main body;
A short-range wireless communication unit;
A control unit.
The control unit is
The short-distance wireless communication unit issues an authentication request encrypted with the public key A assigned to the home distribution box to a terminal located within a short distance,
When receiving an authentication response encrypted with the public key B assigned to the home distribution box from the terminal, the authentication response is decrypted with the private key B assigned to the home distribution box in advance,
When the decryption result meets a predetermined condition, the terminal is permitted to issue an unlock/lock command.
receiving an unlock/lock instruction encrypted with the public key B from the terminal, and decrypting it with the private key B to unlock/lock the electronic lock unit;
The box further includes an observation window provided in the opening and closing portion of the box,
The sight glass has a shutter mechanism that can be manually opened and closed, and a locking means that locks the closed state of the shutter mechanism under the control of the control unit, so that when the shutter mechanism is open, the inside of the box can be viewed, and when the shutter mechanism is closed, the inside of the box cannot be viewed,
The control unit unlocks the peephole after the electronic lock unit is locked when the delivery is placed in the box, and locks the peephole in a closed state in response to an instruction from the server that has received an image captured by the carrier terminal.
Delivery box. A delivery box in a delivery system including a delivery box, a user terminal, a delivery company terminal of a delivery company, and a server,
A box body having an opening;
a box opening/closing part attached to the box body and adapted to open and close the opening;
an electronic lock unit capable of unlocking/locking the box opening/closing unit to the box main body;
A short-range wireless communication unit;
A control unit.
The control unit is
The short-distance wireless communication unit issues an authentication request encrypted with the public key A assigned to the home distribution box to a terminal located within a short distance,
When receiving an authentication response encrypted with the public key B assigned to the home distribution box from the terminal, the authentication response is decrypted with the private key B assigned to the home distribution box in advance,
When the decryption result meets a predetermined condition, the terminal is permitted to issue an unlock/lock command.
receiving an unlock/lock instruction encrypted with the public key B from the terminal, and decrypting it with the private key B to unlock/lock the electronic lock unit;
The box further includes an observation window provided in the opening and closing portion of the box,
The observation window has a shutter mechanism that can be opened and closed by the control unit, and when the shutter mechanism is open, the inside of the box can be viewed, and when the shutter mechanism is closed, the inside of the box cannot be viewed,
The control unit opens the shutter mechanism after locking the electronic lock unit when the delivery is placed in the box, and closes the shutter mechanism in response to an instruction from the server that has received the image captured by the carrier terminal.
Delivery box. A delivery box in a delivery system including a delivery box, a user terminal, a delivery company terminal of a delivery company, and a server,
A box body having an opening;
a box opening/closing part attached to the box body and adapted to open and close the opening;
an electronic lock unit capable of unlocking/locking the box opening/closing unit to the box main body;
A short-range wireless communication unit;
A control unit.
The control unit is
The short-distance wireless communication unit issues an authentication request encrypted with a public key A assigned to the home distribution box to a terminal located within a short distance,
When an authentication response encrypted with the public key B assigned to the home distribution box is received from the terminal, the authentication response is decrypted with the private key B assigned to the home distribution box in advance,
When the decryption result meets a predetermined condition, the terminal is permitted to issue an unlock/lock command.
receiving an unlock/lock instruction encrypted with the public key B from the terminal, and decrypting it with the private key B to unlock/lock the electronic lock unit;
The box further includes an observation window provided in the opening and closing portion of the box,
The observation window has a light control film whose light transmission can be controlled by the control unit,
The control unit makes the light-adjusting film transparent after the electronic lock unit is locked in response to the placement of the delivery in the box, and makes the light-adjusting film opaque in response to an instruction from the server that has received the image captured by the carrier terminal.
Delivery box. A delivery box in a delivery system including a delivery box, a user terminal, a delivery company terminal of a delivery company, and a server,
A box body having an opening;
a box opening/closing part attached to the box body and adapted to open and close the opening;
an electronic lock unit capable of unlocking/locking the box opening/closing unit to the box main body;
A short-range wireless communication unit;
A control unit.
The control unit is
The short-distance wireless communication unit issues an authentication request encrypted with the public key A assigned to the home distribution box to a terminal located within a short distance,
When receiving an authentication response encrypted with the public key B assigned to the home distribution box from the terminal, the authentication response is decrypted with the private key B assigned to the home distribution box in advance,
When the decryption result meets a predetermined condition, the terminal is permitted to issue an unlock/lock command.
receiving an unlock/lock instruction encrypted with the public key B from the terminal, and decrypting it with the private key B to unlock/lock the electronic lock unit;
A battery;
A power supply circuit unit that drives the electronic lock unit;
a first switch of an automatic reset type that is disposed between the battery and the power supply circuit unit and that is operated by a user to establish electrical continuity between the battery and the power supply circuit unit;
a second switch connected in parallel to the first switch and controlled to be turned on and off based on a control signal;
When the first switch is turned on by a user, the control unit turns on the second switch and controls the electronic lock unit to unlock/lock in response to an operation of the terminal, and turns off the second switch after processing of the delivery box by the operation of the terminal is completed.
Delivery box.