WO2021020408A1 - 制御方法、サーバ、及び、プログラム - Google Patents
制御方法、サーバ、及び、プログラム Download PDFInfo
- Publication number
- WO2021020408A1 WO2021020408A1 PCT/JP2020/028947 JP2020028947W WO2021020408A1 WO 2021020408 A1 WO2021020408 A1 WO 2021020408A1 JP 2020028947 W JP2020028947 W JP 2020028947W WO 2021020408 A1 WO2021020408 A1 WO 2021020408A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- transaction data
- user
- contract
- information
- terminal
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 81
- 238000012790 confirmation Methods 0.000 claims description 113
- 238000004891 communication Methods 0.000 description 110
- 238000007726 management method Methods 0.000 description 72
- 239000003795 chemical substances by application Substances 0.000 description 69
- 238000010586 diagram Methods 0.000 description 54
- 238000012550 audit Methods 0.000 description 51
- 238000013524 data verification Methods 0.000 description 46
- 238000012986 modification Methods 0.000 description 38
- 230000004048 modification Effects 0.000 description 38
- 238000005259 measurement Methods 0.000 description 21
- 238000012545 processing Methods 0.000 description 15
- 238000004590 computer program Methods 0.000 description 13
- 238000005516 engineering process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000003860 storage Methods 0.000 description 4
- 238000010200 validation analysis Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000013473 artificial intelligence Methods 0.000 description 3
- 230000001186 cumulative effect Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 239000000446 fuel Substances 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 3
- 230000010354 integration Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 239000000470 constituent Substances 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/10—Services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/389—Keeping log of transactions for guaranteeing non-repudiation of a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/405—Establishing or using transaction specific rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Definitions
- This disclosure relates to control methods, servers, and programs.
- Patent Document 1 discloses a method of grasping the maximum current capacity required for each user and determining the contract current according to the grasped maximum current capacity.
- Patent Document 1 since a business operator such as an electric power company and each user make an individual contract, the business operator and one user collude, and the contract content is not fair as compared with other users. There is a problem that it is not possible to suppress the case of contracting with.
- the user of each unit and the electric power company make an individual contract.
- the electric power company and one user collude with each other, and the contract is given preferential treatment compared to other users, such as having the user's house increase the distribution of electric energy or reduce the charge per kW.
- the contract contents of each unit of the apartment house are managed so that they can be viewed in the entire apartment house, the user of each house actively goes to see the contract contents of other users and checks whether the contract is fair. Confirmation cannot be guaranteed. That is, when the business operator and each user make an individual contract, it is not possible to prevent the electric power company and one user from colluding and contracting with preferential contract contents.
- each user who is a user and a service provider individually make a contract.
- the service provider and one user collude, and the contract is made with preferential treatment compared to other users, such as having only the user increase the sharing time at the same rate as other users.
- the contract contents of each user who is a user are managed so that they can be viewed by the entire user, each user actively goes to see the contract contents of other users in the same manner as above. It is not possible to guarantee that the contract is fair. That is, when the service provider and each user make an individual contract, it is not possible to prevent the service provider and one user from colluding and contracting with preferential contract contents.
- the present disclosure has been made in view of the above circumstances, and an object of the present disclosure is to provide a control method, a server, and a program capable of more reliably auditing a newly concluded contract.
- the control method includes a generation device that generates performance information regarding usage results for each user belonging to one group when the service provided by the business operator is used in group units, and a plurality of servers.
- This is a control method executed by the first server among the plurality of servers in the system including the above, and acquires the first actual result information regarding the first usage record by the first user belonging to the one group from the generator. Then, it is determined whether or not the acquired first performance information is permitted by the rules based on the contract contents of the contract concluded between the first user and the business operator stored in the first server. Then, the first transaction data including the determination result by the determination is transferred to a plurality of second servers different from the first server among the plurality of servers, and the first block including the first transaction data. Is stored in the distributed ledger managed by the first server.
- FIG. 1 is a diagram showing an example of the configuration of the management system according to the first embodiment.
- FIG. 2 is a diagram showing an example of the configuration of the business terminal according to the first embodiment.
- FIG. 3 is a diagram showing an example of the configuration of the generator according to the first embodiment.
- FIG. 4 is a diagram showing an example of the configuration of the terminal according to the first embodiment.
- FIG. 5 is a diagram showing an example of the configuration of the authentication server according to the first embodiment.
- FIG. 6 is a sequence diagram showing an audit process of the management system according to the first embodiment.
- FIG. 7 is a sequence diagram showing an audit process of the management system according to the first embodiment.
- FIG. 8 is a sequence diagram showing an audit process of the management system according to the first modification of the first embodiment.
- FIG. 1 is a diagram showing an example of the configuration of the management system according to the first embodiment.
- FIG. 2 is a diagram showing an example of the configuration of the business terminal according to the first embodiment.
- FIG. 3 is
- FIG. 9 is a sequence diagram showing an audit process of the management system according to the second modification of the first embodiment.
- FIG. 10 is a diagram showing an example of the configuration of the management system according to the second embodiment.
- FIG. 11 is a diagram for explaining a contract between a business operator of a sharing service providing business and a user.
- FIG. 12 is a diagram showing an example of the configuration of the generator according to the second embodiment.
- FIG. 13 is a diagram showing an example of the configuration of the terminal according to the second embodiment.
- FIG. 14 is a sequence diagram showing an audit process of the management system according to the second embodiment.
- FIG. 15 is a sequence diagram showing an audit process of the management system according to the second embodiment.
- FIG. 16 is a sequence diagram showing an audit process of the management system according to the first modification of the second embodiment.
- FIG. 17 is a sequence diagram showing an audit process of the management system according to the second modification of the second embodiment.
- FIG. 18 is a diagram showing an example of the configuration of the management system according to the third embodiment.
- FIG. 19 is a diagram showing an example of the configuration of the business terminal according to the third embodiment.
- FIG. 20 is a diagram showing an example of the configuration of the terminal according to the third embodiment.
- FIG. 21 is a sequence diagram showing an audit process of the management system according to the third embodiment.
- FIG. 22 is a sequence diagram showing an audit process of the management system according to the third embodiment.
- FIG. 23 is a diagram showing an example of the configuration of the management system according to the first modification of the third embodiment.
- FIG. 24 is a diagram showing an example of the configuration of the agent server according to the first modification of the third embodiment.
- FIG. 24 is a diagram showing an example of the configuration of the agent server according to the first modification of the third embodiment.
- FIG. 25 is a sequence diagram showing an audit process of the management system according to the first modification of the third embodiment.
- FIG. 26 is a sequence diagram showing an audit process of the management system according to the first modification of the third embodiment.
- FIG. 27 is a diagram showing an example of the configuration of the management system according to the second modification of the third embodiment.
- FIG. 28 is a diagram showing an example of the configuration of the authentication server according to the second modification of the third embodiment.
- FIG. 29 is a sequence diagram showing an audit process of the management system according to the second modification of the third embodiment.
- FIG. 30 is a sequence diagram showing an audit process of the management system according to the second modification of the third embodiment.
- the control method includes a generation device that generates performance information regarding usage results for each user belonging to one group when the service provided by the business operator is used in group units, and a plurality of servers.
- This is a control method executed by the first server among the plurality of servers in the system including the above, and acquires the first actual result information regarding the first usage record by the first user belonging to the one group from the generator. Then, it is determined whether or not the acquired first performance information is permitted by the rules based on the contract contents of the contract concluded between the first user and the business operator stored in the first server. Then, the first transaction data including the determination result by the determination is transferred to a plurality of second servers different from the first server among the plurality of servers, and the first block including the first transaction data. Is stored in the distributed ledger managed by the first server.
- the terminal of the second user who is different from the first user and belongs to the one group The contract content and the first actual result information are transmitted, the confirmation result by the second user regarding the contract content and the first actual result information is acquired from the terminal, and the acquired confirmation result is obtained by the plurality of second.
- the second block including the confirmation result may be stored in the distributed ledger while being transferred to the server.
- the contract content and the actual information to be confirmed by the second user can be narrowed down to the contract content and the first actual information of the first user whose first actual information may not be allowed by the rules. Therefore, it is possible to suppress the amount of information of the contract content and the actual information notified to the second user, and it is possible to reduce the amount of communication.
- the acquired first actual result information may be transferred to the plurality of second servers, and the third block including the first actual result information may be stored in the distributed ledger.
- the judgment result is stored in the distributed ledger, so that it is possible to prevent the judgment result from being tampered with at a later date.
- the block containing the transaction data may be stored in the distributed ledger.
- the system further includes a plurality of terminals used for each user, each of the plurality of terminals has the distributed ledger, and a block containing the first transaction data is stored in the distributed ledger.
- the consensus algorithm for agreeing the validity of the transaction data including the first transaction data is executed together with the plurality of terminals, and when the validity of the transaction data is agreed by the consensus algorithm, the said A block containing transaction data may be stored in the distributed ledger.
- the transaction data may be stored in the distributed ledger as transaction data of the blockchain.
- the first actual information includes an actual value that increases as the usage amount of the service by the first user or the usage time increases, and in the rule, the first actual information is the contract. It does not have to be allowed to exceed the threshold included in the content.
- the server includes a generation device that generates performance information regarding usage results for each user belonging to one group when the service provided by the business operator is used in group units, and a plurality of servers. It is one of the plurality of servers in the system, and includes a processor and a memory, and the processor provides first performance information regarding a first usage performance by a first user belonging to one group. It is determined whether or not the first performance information acquired from the generator is permitted by the rules based on the contract concluded between the first user and the business operator stored in the server. Then, the first transaction data including the determination result by the determination is transferred to a plurality of other servers different from the one server among the plurality of servers, and the first block including the first transaction data. Is stored in the distributed ledger managed by the server.
- the program according to one aspect of the present disclosure includes a generation device that generates performance information regarding usage performance for each user belonging to one group when the service provided by the business operator is used in group units, and a plurality of servers.
- the first transaction data including the determination result by the determination is transferred to a plurality of second servers different from the first server among the plurality of servers, and the first transaction data is included.
- the management system according to the present disclosure is equipped with three or more terminals used by each user and one or more authentication servers, audits the contract of the newly concluded contract, that is, the contract contents, and receives the audit result. Store the activated contract in the ledger.
- FIG. 1 is a diagram showing an example of the configuration of the management system according to the first embodiment.
- the management system includes, for example, a business operator terminal 10, generators 20a to 20x, terminals 30a to 30x, and authentication servers 50a to 50c. These are connected by network N.
- the network N is, for example, the Internet, a carrier network of a mobile phone, or the like, but may be composed of any communication line or network.
- One of the generators 20a to 20x and one of the terminals 30a to 30x are associated with one of the houses 40a to 40x.
- the generator 20a and the terminal 30a are associated with the user A's house 40a.
- each of the generation device 20a to the generation device 20x is also referred to as a generation device 20, but the generation device 20a to the generation device 20x may be referred to as a generation device A to a generation device X.
- each of the terminals 30a to 30x is also referred to as a terminal 30, the terminals 30a to 30x may be referred to as terminals A to X.
- the business terminal 10 will be described below.
- the business terminal 10 is an example of a terminal used by a business.
- the business operator provides services that can be used on a group basis.
- the group contains multiple users.
- the business operator individually concludes a contract with each of a plurality of users included in one group for the service to be provided, and provides the service according to the concluded contract. For example, a business operator provides an amount of services according to a contract concluded.
- the business operator that provides the service is an example of a user of the management system, and the user who receives the service from the business operator is an example of the user of the management system.
- the business operator terminal 10 is a terminal used by the business operator.
- the business terminal 10 may be, for example, a personal computer or a mobile terminal such as a smartphone or tablet.
- the business operator may be, for example, a person who runs a business such as an electric power business, a telecommunications business, or a sharing service providing business, or may be an employee thereof.
- the contract concluded between the business operator and the user is, for example, one of individual contracts.
- a group common to a plurality of users is, for example, an apartment house including houses 40a to 40x in which a plurality of users live.
- the business provided by the business is an electric power business
- a plurality of users belonging to a common group receive power supply from a common power receiving business.
- the business operator in this case is a management company of an apartment house including a house in which a plurality of users live.
- FIG. 2 is a diagram showing an example of the configuration of the business terminal 10 according to the first embodiment.
- the business terminal 10 includes a communication unit 101, an input unit 102, a display unit 103, an information generation unit 104, and a transaction data generation unit 105.
- the communication unit 101 transmits the contract transaction data including the contract information of the contract between the business operator and the user and the electronic signature of the user to the authentication server 50.
- the communication unit 101 transmits information to the authentication server 50 via the network N, and receives a notification from the authentication server 50. In addition, the communication unit 101 transmits information to the terminal 30 and receives information from the terminal 30 via the network N.
- the communication unit 101 communicates with the terminals 30a to 30x or the authentication server 50 via the network N.
- this communication may be performed by TLS (Transport Layer Security), and the encryption key for TLS communication may be held by the communication unit 101.
- TLS Transport Layer Security
- the input unit 102 accepts information input by the operation of the business operator.
- the input unit 102 displays the received information input on the display unit 103, transmits it to the information generation unit 104, or transmits it to the communication unit 101.
- the input unit 102 receives the matters related to the contract agreed with the user A and the electronic signature of the business operator, which are input by the operation of the business operator.
- This contract is an example of a contract concluded between a business operator and a user, and is data including the contract contents of the contract.
- the input unit 102 transmits the received item and the electronic signature of the business operator to the information generation unit 104.
- the input unit 102 accepts that the notification displayed on the display unit 103 has been confirmed by the operation of the business operator.
- the display unit 103 displays the information input received by the input unit 102.
- the display unit 103 displays the information notified from the authentication server 50.
- the information generation unit 104 generates the first information regarding the contract.
- the information generation unit 104 generates contract information related to this contract based on the matters related to the contract agreed with the user A received by the input unit 102 and the electronic signature of the business operator.
- This user A is an example of a user who receives a service from a business operator, that is, a user.
- the contract information includes contract data, time information, a contract contractor ID, and an electronic signature of the creator of the contract information. Further, the contract information may include a serial number for grasping the order in which the contracts are concluded.
- the contract data is data indicating the contract contents of the contract, and the contract contents of the contract may be encrypted data or a hash value for specifying the contract contents of the contract. Good.
- the time information may indicate the time when the contract information was generated, or may indicate the time when the contract was concluded. Further, the time information may indicate the time when the contract information is transmitted to the authentication server 50 by the communication unit 301.
- the contract information generator here is a business operator.
- the contract contractor ID is the ID of the user who has agreed to the contract with the business operator, that is, the user A.
- Transaction data generator 105 The transaction data generation unit 105 generates contract transaction data.
- the transaction data generation unit 105 generates contract transaction data including contract information received from the terminal 30.
- the contract transaction data including the contract information includes the contract data, the time information, the contract contractor ID, and the electronic signature of the creator of the contract information. Further, the contract transaction data including the contract information may include a serial number for grasping the order in which the contracts are concluded.
- the transaction data generation unit 105 transmits the generated contract transaction data to the authentication server 50 via the communication unit 101.
- the business terminal 10 does not have to include the transaction data generation unit 105.
- the information generation unit 104 transmits the generated contract information to the authentication server 50 via the communication unit 101.
- the authentication server 50 acquires the contract information from the business terminal 10.
- the generator 20a to the generator 20x will be described. Since the configurations of the generators 20a to 20x are common, they will be referred to as the generators 20.
- the generation device 20 is an example of a device that generates performance information regarding the service usage record for each user. Any one of the generation devices 20 is a device used by the first user among a plurality of users who have agreed a contract with the business operator. Further, any one of the generation devices 20 is a device used by a second user different from the first user among the plurality of users who have agreed to a contract with the business operator.
- the generator 20 is, for example, a smart meter when a business operator operates an electric power business.
- the generator 20 is, for example, a mobile body when the business operator operates a mobile body sharing business.
- the moving body in this case may be, for example, a vehicle such as an automobile or a bicycle, a ship, or an aircraft.
- the generation device 20 may be a mobile terminal such as a smartphone or a tablet when the business operator operates a mobile communication business, and in this case, the generation device 20 may be a terminal 30.
- the generation device 20a that is, the generation device A will be described as the device used by the first user.
- the generation device 20b that is, the generation device B will be described as a device used by the second user.
- the second user is, for example, a user who belongs to the same group as the first user and receives a service provided in common with the first user from the business operator.
- the second user has agreed to a contract with the business operator separately from the first user. That is, the contract concluded between the business operator and the first user is different from the contract concluded between the business operator and the second user.
- FIG. 3 is a diagram showing an example of the configuration of the generator 20 according to the first embodiment.
- the generation device 20 includes a communication unit 201, a measurement unit 202, a determination unit 203, an information generation unit 204, and a transaction data generation unit 205.
- the communication unit 201 transmits information to the authentication server 50 via the network N. In addition, the communication unit 201 may receive or be notified of information from the authentication server 50. Further, the communication unit 201 may transmit information to the business terminal 10 via the network N, or may receive information from the business terminal 10.
- the communication unit 201 communicates with the business terminal 10 or the authentication server 50 via the network N.
- this communication may be performed by TLS (Transport Layer Security), and the encryption key for TLS communication may be held by the communication unit 201.
- TLS Transport Layer Security
- the communication unit 201 receives the first information from the authentication server 50.
- the communication unit 201 transmits to the business terminal 10 the second information in which the confirmation result indicating the consent or disagreement of the first contract by the second user and the electronic signature of the second user are added to the first information.
- the measurement unit 202 measures the usage record of the service provided by the business operator by the user. For example, when the service provided by the business operator is electric power, the measuring unit 202 measures the amount of electric power used by the user. The amount of electric power used is, for example, the amount of electric power consumed by the user's house 40. The measurement unit 202 measures the amount of communication used by the user when the service provided by the operator is mobile communication. The amount of communication used is, for example, the amount of communication data used for communication by the user's terminal 30. The measurement unit 202 measures the usage amount of the mobile body by the user when the service provided by the business operator is a mobile body sharing service.
- the utilization amount of the moving body is, for example, at least one of the mileage, traveling time, fuel consumption, and power consumption of the moving body.
- the measurement unit 202 transmits the measurement result, that is, the measurement usage record by the user to the information generation unit 204 or the communication unit 201.
- the determination unit 203 determines whether or not a predetermined timing has arrived. For example, the determination unit 203 may determine that the predetermined timing has arrived because the first period has elapsed since the measurement was started by the measurement unit 202, or determine that the predetermined timing has arrived last time. It may be determined that a predetermined timing has arrived because the first period has elapsed. The first period may be, for example, 12 hours, 1 day, 1 week, 1 month, or the like. The determination unit 203 notifies the communication unit 201 or the information generation unit 204 that a predetermined timing has arrived.
- the information generation unit 204 obtains the first performance information including the first usage record by the first user in the first period and the electronic signature of the first user obtained by measuring by the measurement unit 202 in the first period. Generate.
- the information generation unit 204 generates the first actual result information based on the service usage amount measured by the measurement unit 202.
- the measurement unit 202 measures the cumulative usage amount from the start of use of the service by the first user
- the information generation unit 204 is the cumulative usage amount that is the basis for generating the first actual information at the previous timing.
- the information generation unit 204 uses the usage amount measured at the current timing by the measurement unit 202 at the previous timing. It is acquired as the first usage record by the first user in the first period from to this timing.
- the first performance information may include the time when the first usage performance was measured.
- the first actual information is also simply referred to as actual information.
- Transaction data generator 205 The transaction data generation unit 205 generates actual transaction data.
- the transaction data generation unit 205 generates the actual transaction data including the first actual information generated by the information generation unit 204.
- the actual transaction data including the first actual information includes the first actual information, the time information, and the electronic signature of the first user.
- the time information is information indicating the time when the first actual result information is generated.
- the transaction data generation unit 205 transmits the generated actual transaction data to the authentication server 50 via the communication unit 201.
- the generation device 20 does not have to include the transaction data generation unit 205.
- the information generation unit 204 transmits the generated first actual information to the authentication server 50 via the communication unit 201.
- the authentication server 50 acquires the first actual information from the generation device 20.
- the generation device 20 may be configured to include at least the measuring unit 202, or may be configured not to include a processing unit other than the measuring unit 202.
- a device separate from the generation device 20 may include a communication unit 201, a determination unit 203, an information generation unit 204, and a transaction data generation unit 205.
- the other device and the generation device 20 are communicably connected to each other.
- the communication unit 201 acquires the measurement result by the measurement unit 202 from the generation device 20.
- the information generation unit 204 uses the acquired measurement result to generate the first actual result information regarding the first usage record in the first period until the timing determined by the determination unit 203.
- the transaction data generation unit 205 generates the actual transaction data including the first actual information, and transmits the actual transaction data to the authentication server 50 via the communication unit 201.
- the generation device 20 and another device have, for example, a one-to-one pair relationship. Each processing unit included in another device may be included in the terminal 30 described later.
- terminals 30a to 30x Since the configurations of the terminals 30a to 30x are common, they will be referred to as terminals 30.
- the terminal 30 is an example of a terminal used by the user.
- the terminal 30 may be, for example, a personal computer or a mobile terminal such as a smartphone or tablet.
- Any of the terminals 30 is a terminal used by the first user among a plurality of users who have agreed a contract with the business operator. Further, any of the terminals 30 is a terminal used by a second user different from the first user among the plurality of users who have agreed to a contract with the business operator.
- the terminal 30a that is, the terminal A will be described as a terminal used by the first user.
- the terminal 30b that is, the terminal B will be described as being a terminal used by the second user.
- FIG. 4 is a diagram showing an example of the configuration of the terminal 30 according to the first embodiment.
- the terminal 30 includes a communication unit 301, an input unit 302, a display unit 303, an information generation unit 304, and a transaction data generation unit 305.
- the communication unit 301 transmits information to the authentication server 50 via the network N, receives information from the authentication server 50, or is notified. In addition, the communication unit 301 transmits information to the business terminal 10 and receives information from the business terminal 10 via the network N.
- the communication unit 301 communicates with the business terminal 10 or the authentication server 50 via the network N.
- this communication may be performed by TLS (Transport Layer Security), and the encryption key for TLS communication may be held by the communication unit 301.
- TLS Transport Layer Security
- the communication unit 301 receives the confirmation result described later from the authentication server 50. Further, for example, when the terminal 30 is the terminal B, the communication unit 301 receives the contract contents of the contract concluded between the business operator and the first user from the authentication server 50 and the first use by the first user in the first period. Receives the first performance information about the performance.
- the input unit 302 accepts information input by the user's operation.
- the input unit 302 displays the received information input on the display unit 303, transmits it to the information generation unit 304, and transmits it to the communication unit 301.
- the input unit 302 confirms with the second user whether or not the first actual information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user.
- the input to the display (UI: User Interface) is accepted as the confirmation result of the second user.
- This display (UI) is displayed on the display unit 303.
- the input unit 302 may accept the electronic signature of the second user.
- the input unit 302 transmits the received confirmation result and the electronic signature to the information generation unit 304.
- the display unit 303 displays the information input received by the input unit 302.
- the display unit 303 displays the information transmitted from the authentication server 50.
- the display unit 303 rules the contract contents of the contract concluded between the business operator and the first user based on the contract contents and the first actual information transmitted from the authentication server 50. Displays a display (UI: User Interface) for confirming with the second user whether or not the first actual result information is allowed.
- UI User Interface
- the information generation unit 304 includes a confirmation result by the second user as to whether or not the first performance information is permitted according to the contract content rules of the contract concluded between the business operator and the first user, and an electronic signature of the second user. Generate confirmation information including.
- Transaction data generator 305 The transaction data generation unit 305 generates confirmation transaction data.
- the transaction data generation unit 305 generates confirmation transaction data including confirmation information generated by the information generation unit 304.
- the confirmation transaction data including the confirmation information includes the confirmation information, the time information, and the electronic signature of the second user.
- the time information is information indicating the time when the confirmation information was generated.
- the confirmation transaction data may include information for specifying the first usage record that is the target of confirmation by the confirmation information instead of the time information.
- the information for specifying the first usage record is the time when the first performance information of the first usage record was generated, the ID for specifying the first performance information of the first usage record, the serial number, and the like. May be good.
- the transaction data generation unit 305 transmits the generated confirmation transaction data to the authentication server 50 via the communication unit 301.
- the authentication server 50 is an example of the first server.
- FIG. 5 is a diagram showing an example of the configuration of the authentication server 50 according to the first embodiment.
- the authentication server 50 includes a communication unit 501, a determination unit 502, a transaction data verification unit 503, a recording unit 504, and a distributed ledger 505.
- the authentication server 50 can be realized by the processor executing a predetermined program using the memory.
- each component will be described.
- the communication unit 501 receives contract transaction data including contract information from the business terminal 10.
- the communication unit 501 acquires the contract information by receiving the contract transaction data from the business terminal 10.
- the communication unit 501 may receive the contract information directly from the business terminal 10.
- the communication unit 501 receives the actual transaction data including the first actual information from the generation device 20.
- the communication unit 501 acquires the first actual information by receiving the actual transaction data from the generation device 20.
- the communication unit 501 may directly receive the first actual information from the generation device 20.
- the communication unit 501 may transmit the contract information and the actual result information of the first user to the terminal 30b of the second user.
- the communication unit 501 receives confirmation transaction data including confirmation information of the confirmation result from the terminal 30b of the second user.
- the communication unit 501 acquires confirmation information by receiving confirmation transaction data from the terminal 30b.
- the communication unit 501 may receive the confirmation information directly from the terminal 30b.
- the communication unit 501 sets the result (audit result) of whether or not the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user by the business operator terminal 10 or the first user. It is transmitted to the terminal 30a of.
- the audit result is information indicating that the first performance information is permitted under the rules of the contract contents of the contract concluded by the business operator and the first user, or the contract contents of the contract concluded by the business operator and the first user. Includes information indicating that the first performance information is not allowed by the rules of.
- the communication unit 501 exchanges each transaction data with another authentication server 50. Specifically, the communication unit 501 transfers each transaction data to another authentication server 50, and receives each transaction data transferred from the other authentication server 50.
- Each transaction data includes one of contract transaction data, actual transaction data, judgment transaction data, and confirmation transaction data.
- the communication unit 501 communicates with the business terminal 10, the generator 20, or the terminal 30 via the network N.
- this communication may be performed by TLS (Transport Layer Security), and the encryption key for TLS communication may be held by the communication unit 501.
- TLS Transport Layer Security
- the determination unit 502 determines whether or not the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user.
- the contract content rules do not allow the first performance information to exceed the threshold included in the contract content. That is, in this rule, for example, the upper limit of the usage amount of the service used by the user in the first period is set.
- the first actual information includes the amount of service used by the user or the actual value that increases as the service usage time increases. This actual value is, for example, the amount of electric power used by the user when the service provided by the business operator is electric power.
- the amount of electric power used is, for example, the amount of electric power consumed by the user's house 40.
- the actual value is the amount of communication used by the user when the service provided by the operator is mobile communication.
- the amount of communication used is, for example, the amount of communication data used for communication by the user's terminal 30.
- the actual value is the amount of use of the mobile body by the user when the service provided by the business operator is a mobile body sharing service.
- the utilization amount of the moving body is, for example, at least one of the mileage, traveling time, fuel consumption, and power consumption of the moving body.
- the judgment unit 502 determines the contract content of the contract concluded between the business operator and the first user.
- the rule determines that the first performance information is not allowed.
- the judgment unit 502 is based on the contract content rule of the contract concluded between the business operator and the first user. It is determined that the first performance information is acceptable.
- the determination unit 502 may determine whether or not the confirmation timing has arrived, and if it determines that the confirmation timing has arrived, may determine whether or not the first performance information is allowed.
- the confirmation timing may be a predetermined timing such as a timing for billing the user for the service usage fee or a timing described in the contract. Further, the confirmation timing may be a timing when the usage amount of the service used after determining that the previous confirmation timing has arrived exceeds a predetermined usage amount. The predetermined usage amount may be larger than the usage amount of the service by the first user in the first period. Further, the confirmation timing may be determined that the confirmation timing has arrived because the second period has elapsed since the determination that the previous confirmation timing has arrived.
- the second period may be longer than the first period or may be the same period as the first period.
- the determination unit 502 may determine that the confirmation timing has arrived when the first actual result information is acquired from the generation device 20.
- the second period may be, for example, 12 hours, 1 day, 1 week, 1 month, or the like.
- the determination unit 502 notifies the communication unit 501 that the confirmation timing has arrived.
- the confirmation timing is an example of the first timing.
- the judgment unit 502 determines that the first performance information is not allowed in the contract content rule of the contract concluded between the business operator and the first user, that is, the result of this judgment is that the first performance information is based on this rule.
- the contract content and the first actual result information may be transmitted to the terminal 30 of the second user who is different from the first user and belongs to the same group as the first user.
- the determination unit 502 determines that the first performance information is not allowed according to the rules of the contract contents of the contract concluded between the business operator and the first user
- the first user's terminal 30b is sent to the user B's terminal 30b.
- the contract details and the usage amount of the service by the first user in the first period are transmitted.
- the user B can use the terminal 30b to perform an audit based on the contract contents of the user A and the first performance information.
- the judgment unit 502 generates judgment transaction data including a judgment result as to whether or not the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user.
- the determination unit 502 transfers the generated determination transaction data to the communication unit 501.
- Transaction data verification unit 503 When the communication unit 501 receives the transaction data, the transaction data verification unit 503 verifies the validity of the transaction data. For example, the transaction data verification unit 503 verifies whether the transaction data received by the communication unit 501 is given an electronic signature generated by a correct method. Note that this verification may be skipped.
- the transaction data received by the communication unit 501 is any one of contract transaction data, actual transaction data, determination transaction data, and confirmation transaction data.
- the transaction data verification unit 503 executes a consensus algorithm for agreeing on the validity of the transaction data together with the other authentication server 50.
- PBFT Practice Byzantine Fault Tolerance
- Known consensus algorithms include, for example, PoW (Proof of Work) or PoS (Proof of Stake).
- PoW Proof of Work
- PoS Proof of Stake
- the transaction data verification unit 503 receives reports from each of the other authentication servers 50 indicating whether or not the transaction data has been successfully verified, and the number of such reports exceeds a predetermined number. Determine if it is. Then, when the number of the reports exceeds a predetermined number, the transaction data verification unit 503 may determine that the validity of the transaction data has been verified by the consensus algorithm.
- the transaction data verification unit 503 When the transaction data verification unit 503 confirms the validity of the transaction data, the transaction data verification unit 503 causes the recording unit 504 to record the transaction data.
- the transaction data verification unit 503 verifies the validity of the contract transaction data, the actual transaction data, the judgment transaction data, and the confirmation transaction data received by the communication unit 501.
- the recording unit 504 records the transaction data by including the transaction data whose validation has been verified by the transaction data verification unit 503 in the block and storing it in the distributed ledger 505.
- the recording unit 504 may have a distributed ledger 505 internally configured.
- the distributed ledger 505 stores contract transaction data including contract information, actual transaction data including actual information, determination transaction data including determination results, and confirmation transaction data including confirmation information.
- FIG. 6 and 7 are sequence diagrams showing the audit process of the management system according to the first embodiment.
- FIG. 7 shows a process following the process shown in FIG.
- the business terminal 10 transmits contract transaction data including contract information indicating this contract to the authentication server 50 (S101).
- the business operator individually concludes a contract with other user B and user C in the same manner as described above, and transmits contract transaction data including contract information indicating the concluded contract to the authentication server 50.
- the business terminal 10 may broadcast the contract transaction data including the contract information to the authentication servers A to C.
- the authentication server A receives the contract transaction data and transfers the received contract transaction data to the other authentication server B and the authentication server C (S102).
- the authentication server A, the authentication server B, and the authentication server C execute the consensus algorithm, generate a block containing the contract transaction data, and store it in the distributed ledger 505 (S103).
- the business operator When a contract is individually concluded between the business operator and user A, the business operator provides the service to user A. Then, in the house A of the user A, the generation device 20 of the house A (that is, the generation device A) measures the measured value of the usage amount of the service provided by the business operator by the user A (S104). Similarly to the above, when a contract is individually concluded with another user B and user C, the business operator provides a service to user B and user C by the business operator. Then, in the house B of the user B, the generator B measures the measured value of the usage amount by the user B of the service provided by the business operator, and in the house C of the user C, the generator C is provided by the business operator. The measured value of the usage amount by the user C of the service is measured.
- the generator 20 of the house A determines whether or not a predetermined timing has arrived (S105).
- the generation device 20 of the house A generates the first actual result information based on the measured usage amount of the service when it is determined that the predetermined timing has arrived, and includes the generated first actual result information.
- Actual transaction data is generated (S106).
- the generation device 20 of the house A transmits the generated actual transaction data to the authentication servers A to C (S107).
- the generation device 20 may broadcast the actual transaction data including the actual information to the authentication servers A to C.
- the generation device 20 of the house B and the generation device 20 of the house C also perform the processes of steps S105 to S107 in the same manner as the generation device 20 of the house A. Therefore, the actual transaction data including the actual information regarding the usage amount of the service used by the users A to C is transmitted to the authentication servers A to C.
- the authentication server A receives the actual transaction data and transfers the received actual transaction data to the other authentication server B and the authentication server C (S108).
- the authentication server A, the authentication server B, and the authentication server C execute the consensus algorithm, generate a block containing the actual transaction data, and store it in the distributed ledger 505 (S109).
- the authentication server A determines whether or not the confirmation timing has arrived (S110).
- the authentication server A determines whether or not the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user. Judgment (S111). If the authentication server A determines that the confirmation timing has not arrived (No in S110), the authentication server A returns to step S110.
- the authentication server A generates determination transaction data including a determination result of whether or not the first actual information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user (S112). ..
- the authentication server A transfers the generated determination transaction data to the other authentication server B and the authentication server C (S113).
- the authentication server A, the authentication server B, and the authentication server C execute the consensus algorithm, generate a block containing the determination transaction data, and store it in the distributed ledger 505 (S114).
- the authentication server A determines whether or not the result of the determination as to whether or not the first performance information is permitted in the contract content rules of the contract concluded between the business operator and the first user is negative. (S115).
- the authentication server A determines that the determination result is negative (Yes in S115)
- the authentication server A notifies the operator terminal 10 or the user A terminal A (that is, the terminal 30a) of the negative determination result (S116). ).
- the authentication server A ends the audit process when step S116 ends or when the determination result is determined to be positive (No in S115).
- FIG. 8 is a sequence diagram showing an audit process of the management system according to the first modification of the first embodiment.
- the processing before step S110 is the same as the audit processing described in the first embodiment.
- the authentication server A determines whether or not the confirmation timing has arrived (S110).
- the authentication server A When it is determined that the confirmation timing has arrived (Yes in S110), the authentication server A is a user other than the user A, and among a plurality of users including the user B and the user C who belong to the same group as the user A.
- the auditor is determined from (S121).
- the authentication server A When the authentication server A is a user other than the user A and the auditor is determined from a plurality of users B and C who belong to the same group as the user A, the authentication server A may be randomly determined or illustrated. It may be decided based on a resident register that does not, or it may be decided based on a predetermined table including the plurality of users. If the authentication server A determines that the confirmation timing has not arrived (No in S110), the authentication server A returns to step S110.
- the authentication server A determines an auditor, it transmits contract information and performance information to the terminal 30 used by the user of the determined auditor (S122). For example, when the authentication server A determines the user B as an auditor, the authentication server A transmits the contract information and the actual result information of the user A to the terminal 30b used by the user B.
- the performance information transmitted at this time may be the latest performance information among the performance information stored in the distributed ledger, may be the performance information including the latest performance information, or may be the latest performance information. It may be past performance information excluding information.
- the terminal 30b When the terminal 30b receives the contract information and the actual information, the terminal 30b confirms with the user B whether or not the first actual information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user (S123). ). Specifically, when the terminal 30b receives the contract information and the actual information, the terminal 30b describes the contract contents of the contract concluded between the business operator and the first user based on the contract information and the actual information transmitted from the authentication server A. A display (UI: Contract Interface) for confirming with the second user whether or not the first achievement information is allowed by the rule is displayed on the display unit 303. As a result, the terminal 30b uses the input unit 302 to input to the user B whether or not the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user. Prompt.
- UI Contract Interface
- the terminal 30b confirms the input.
- the confirmation transaction data including the result is generated (S124).
- the terminal 30b transmits the confirmation transaction data including the generated confirmation result to the authentication server A (S125).
- the authentication server A receives the confirmation transaction data and transfers the received confirmation transaction data to the other authentication server B and the authentication server C (S126).
- the authentication server A, the authentication server B, and the authentication server C execute the consensus algorithm, generate a block containing the confirmation transaction data, and store it in the distributed ledger 505 (S127).
- FIG. 9 is a sequence diagram showing an audit process of the management system according to the second modification of the first embodiment.
- the processing before step S110 is the same as the audit processing described in the first embodiment.
- the authentication server A determines whether or not the confirmation timing has arrived (S110).
- Step S131 is the same as step S111. If the authentication server A determines that the confirmation timing has not arrived (No in S110), the authentication server A returns to step S110.
- the authentication server A ends the audit process when it is determined that the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user (Yes in S132).
- the authentication server A proceeds to steps S121 to S127 when it is determined that the first performance information is not allowed according to the rules of the contract contents of the contract concluded between the business operator and the first user (No in S132).
- steps S121 to S127 are the same as steps S121 to S127 described in the first modification of the first embodiment, the description thereof will be omitted.
- step S115 and step S116 are performed. Since steps S115 and S116 are as described in the first embodiment, the description thereof will be omitted.
- FIG. 10 is a diagram showing an example of the configuration of the management system according to the second embodiment.
- the management system according to the second embodiment has a different configuration of the generation device 21 and the terminals 31a to 31x than the management system according to the first embodiment. Specifically, the management system according to the second embodiment is different from the management system according to the first embodiment in that the generation device 21 does not have a one-to-one relationship with the terminals 31a to 31x.
- the usage amount of the service used by each user is measured by the generation device 20 individually corresponding to each user, but in the second embodiment, the usage amount of the service used by each user is measured. The usage amount may be measured by a generation device 21 common to a plurality of users.
- each of the terminals 31a to 31x is also referred to as a terminal 31, but the terminals 31a to 31x may be referred to as terminals A to X.
- the business operator may be a person who runs a business such as a sharing service providing business, or may be an employee thereof.
- the sharing service providing business is, for example, a business of providing one mobile use service to a group consisting of a plurality of users.
- the moving body in this case may be, for example, a vehicle such as an automobile or a bicycle, a ship, or an aircraft.
- the generator 21 is, for example, a mobile body.
- a group composed of a plurality of users is a group that uses one or more mobile objects common to the plurality of users.
- FIG. 12 is a diagram showing an example of the configuration of the generator 21 according to the second embodiment.
- the same elements as those in FIG. 3 are designated by the same reference numerals, and detailed description thereof will be omitted.
- the generator 21 shown in FIG. 12 has a different configuration from the generator 20 according to the first embodiment in that it further includes an authentication unit 216.
- the authentication unit 216 receives the authentication information from the terminal 31 and determines whether or not the user who uses the terminal 31 based on the received authentication information is a user who is permitted to use the mobile body including the generator 21. Certify. Specifically, the authentication unit 216 determines whether or not the received authentication information is included in the information stored in advance. When the authentication information received from the terminal 31 is included in the information, the authentication unit 216 determines that the user who uses the terminal 31 is a user who is permitted to use the mobile body including the generation device 21, and authenticates the user. When the information is not included in the information, it is determined that the user who uses the terminal 31 is a user who is not permitted to use the mobile body.
- the generation device 21 In the period from the timing when the measurement unit 202 is authenticated by the authentication unit 216 to the timing when the generation device 21 receives the end information indicating that the user who uses the terminal 31 ends the use of the mobile body. , The amount of use of the mobile body by the user authenticated by the authentication unit 216 is measured. Therefore, when the generation device 21 authenticates the use of the mobile body of the other user by receiving the authentication information from the terminal 31 used by the other user next time, the generation device 21 is next from the timing of the authentication. , The amount of use of the mobile body by another user is measured in the period until the timing at which the generation device 21 receives the end information indicating that the user using the terminal 31 ends the use of the mobile body. Since the amount of the moving body used is as described in the first embodiment, the description thereof will be omitted.
- FIG. 13 is a diagram showing an example of the configuration of the terminal 31 according to the second embodiment.
- the same elements as those in FIG. 4 are designated by the same reference numerals, and detailed description thereof will be omitted.
- the terminal 31 shown in FIG. 13 has a different configuration from the terminal 30 according to the first embodiment in that it further includes a storage unit 316.
- the storage unit 316 stores authentication information for authenticating the use of the mobile body including the generation device 21.
- the authentication information stored in the storage unit 316 is transmitted to the generation device 21 by the communication unit 301, for example, when the input unit 302 receives an input for authentication by the user of the terminal 31.
- the authentication information may be information received by the terminal 31 from the external server by operating the terminal 31 and registering the mobile body for use with the external server.
- FIG. 14 and 15 are sequence diagrams showing audit processing of the management system according to the second embodiment.
- FIG. 15 shows a process following the process shown in FIG.
- the business terminal 10 transmits contract transaction data including contract information indicating this contract to the authentication server 50 (S201).
- the business operator individually concludes a contract with other user B and user C in the same manner as described above, and transmits contract transaction data including contract information indicating the concluded contract to the authentication server 50.
- the business terminal 10 may broadcast the contract transaction data including the contract information to the authentication servers A to C.
- the authentication server A receives the contract transaction data and transfers the received contract transaction data to the other authentication server B and the authentication server C (S202).
- the authentication server A, the authentication server B, and the authentication server C execute the consensus algorithm, generate a block containing the contract transaction data, and store it in the distributed ledger 505 (S203).
- the terminal A transmits the authentication information to the mobile body generation device 21 (S204).
- the generation device 21 receives the authentication information from the terminal A, and whether or not the user A who uses the terminal A based on the received authentication information is a user who is permitted to use the mobile body including the generation device 21. Is performed (S205).
- the generation device 21 is authenticated successfully (Yes in S206), that is, the user A who uses the terminal A based on the received authentication information is permitted to use the mobile body including the generation device 21. If it is determined that the user is a user, the moving body is transitioned to an available state (S207). If the authentication fails (No in S206), the generator 21 leaves the moving body in an unusable state and returns to step S206.
- the generator 21 may shift the moving body to an available state by unlocking the door for entering the moving body, or by turning on the switch for driving the moving body. The moving body may be transitioned to an available state. Conversely, the generator 21 may lock the door for entering the room of the moving body to make the moving body unusable, or leave the switch for driving the moving body OFF.
- the moving object may be made unusable.
- the generation device 21 determines whether or not a predetermined timing has arrived (S208).
- the generation device 21 when it is determined that a predetermined timing has arrived, the generation device 21 generates the first actual result information based on the measured usage amount of the service, and the actual transaction data including the generated first actual result information. Is generated (S209).
- the first performance information may include user information for identifying the user authenticated in step S205.
- the generation device 21 may determine that a predetermined timing has arrived when the generation device 21 receives the end information indicating that the user A who uses the terminal A ends the use of the mobile body.
- the generation device 21 transmits the generated actual transaction data to the authentication servers A to C (S210).
- the generation device 21 may broadcast the actual transaction data including the actual information to the authentication servers A to C.
- the generation device 21 receives the authentication information from a terminal other than the terminal A (for example, the terminal B), and similarly to the case where the authentication information is received from the terminal A.
- the processes of steps S205 to S210 are performed. Therefore, the actual transaction data including the actual information regarding the usage amount of the service used by the users A to C is transmitted to the authentication servers A to C.
- the authentication server A receives the actual transaction data, and calculates the usage fee of the service of the usage amount indicated by the actual information based on the actual transaction data included in the received actual transaction data (S211).
- the authentication server A generates charge transaction data including the calculated usage charge (S212).
- the authentication server A transfers the generated charge transaction data to the other authentication server B and the authentication server C (S213).
- the authentication server A, the authentication server B, and the authentication server C execute the consensus algorithm to generate a block including the actual transaction data and a block including the charge transaction data, and store the block in the distributed ledger 505 (S214). ).
- any of the authentication servers A to C transmits the payment request for the usage fee calculated in step S211 to the terminal A (S215).
- the terminal A makes a payment by displaying a display (UI) prompting the user A to request payment of the usage fee and accepting an input for payment from the user A (S216).
- UI display
- the authentication server A determines whether or not the confirmation timing has arrived (S217).
- the authentication server A determines whether or not the first performance information is permitted by the rules of the contract contents of the contract concluded between the business operator and the first user. Judgment (S218). If the authentication server A determines that the confirmation timing has not arrived (No in S217), the authentication server A returns to step S217.
- the authentication server A generates judgment transaction data including a judgment result as to whether or not the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user (S219). ..
- the authentication server A transfers the generated determination transaction data to the other authentication server B and the authentication server C (S220).
- the authentication server A, the authentication server B, and the authentication server C execute the consensus algorithm, generate a block containing the determination transaction data, and store it in the distributed ledger 505 (S221).
- the authentication server A determines whether or not the result of the determination as to whether or not the first performance information is permitted in the contract content rules of the contract concluded between the business operator and the first user is negative. (S222).
- the authentication server A determines that the determination result is negative (Yes in S222)
- the authentication server A notifies the operator terminal 10 or the terminal A of the user A (that is, the terminal 30a) (S223). ).
- the authentication server A ends the audit process when step S223 ends or when the determination result is determined to be positive (No in S222).
- FIG. 16 is a sequence diagram showing an audit process of the management system according to the first modification of the second embodiment.
- the processing before step S217 is the same as the audit processing described in the second embodiment.
- the authentication server A determines whether or not the confirmation timing has arrived (S217).
- the authentication server A determines that the confirmation timing has arrived (Yes in S217), the authentication server A is a user other than the user A, and among a plurality of users including the user B and the user C who belong to the same group as the user A.
- the auditor is determined from (S231).
- the authentication server A may be randomly determined or illustrated. It may be decided based on a resident register that does not, or it may be decided based on a predetermined table including the plurality of users. If the authentication server A determines that the confirmation timing has not arrived (No in S217), the authentication server A returns to step S217.
- the authentication server A determines the auditor, it transmits the contract information and the actual result information to the terminal 30 used by the user of the determined auditor (S232). For example, when the authentication server A determines the user B as an auditor, the authentication server A transmits the contract information and the actual result information of the user A to the terminal 30b used by the user B.
- the performance information transmitted at this time may be the latest performance information among the performance information stored in the distributed ledger, may be the performance information including the latest performance information, or may be the latest performance information. It may be past performance information excluding information.
- the terminal 30b When the terminal 30b receives the contract information and the actual information, the terminal 30b confirms with the user B whether or not the first actual information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user (S233). ). Specifically, when the terminal 30b receives the contract information and the actual information, the terminal 30b describes the contract contents of the contract concluded between the business operator and the first user based on the contract information and the actual information transmitted from the authentication server A. A display (UI: Contract Interface) for confirming with the second user whether or not the first achievement information is allowed by the rule is displayed on the display unit 303. As a result, the terminal 30b uses the input unit 302 to input to the user B whether or not the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user. Prompt.
- UI Contract Interface
- the terminal 30b confirms the input. Generate confirmation transaction data including the result (S234).
- the terminal 30b transmits the confirmation transaction data including the generated confirmation result to the authentication server A (S235).
- the authentication server A receives the confirmation transaction data and transfers the received confirmation transaction data to the other authentication server B and the authentication server C (S236).
- the authentication server A, the authentication server B, and the authentication server C execute the consensus algorithm, generate a block containing the confirmation transaction data, and store it in the distributed ledger 505 (S237).
- FIG. 17 is a sequence diagram showing an audit process of the management system according to the second modification of the second embodiment.
- the processing before step S217 is the same as the audit processing described in the second embodiment.
- the authentication server A determines whether or not the confirmation timing has arrived (S217).
- Step S241 is the same as step S218. If the authentication server A determines that the confirmation timing has not arrived (No in S217), the authentication server A returns to step S217.
- the authentication server A ends the audit process when it is determined that the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user (Yes in S242).
- the authentication server A proceeds to steps S231 to S237 when it is determined that the first performance information is not allowed according to the rules of the contract contents of the contract concluded between the business operator and the first user (No in S242).
- steps S231 to S237 are the same as steps S231 to S237 described in the first modification of the second embodiment, the description thereof will be omitted.
- step S222 and step S223 are performed. Since steps S222 and S223 are as described in the second embodiment, the description thereof will be omitted.
- the management system may not include an authentication server, but may include a business terminal and a plurality of terminals, each of which has a distributed ledger. Then, in such a case, the contract may be stored in the contract activated by receiving the audit result in the business terminal and the distributed ledger of the plurality of terminals.
- the differences from the first embodiment and the second embodiment will be mainly described.
- FIG. 18 is a diagram showing an example of the configuration of the management system according to the third embodiment.
- the same elements as those in FIGS. 1 and 10 are designated by the same reference numerals, and detailed description thereof will be omitted.
- the management system shown in FIG. 18 is different from the management system according to the second embodiment in that it does not include a plurality of authentication servers 50, and the configuration of the business terminal 11 and the configurations of the terminals 32a to 32x.
- each of the terminals 32a to 32x is also referred to as a terminal 32, but the terminals 32a to 32x may be referred to as terminals A to X.
- the business terminal 11 is an example of a terminal used by a business, like the business terminal 10.
- the business terminal 11 may be, for example, a personal computer or a mobile terminal such as a smartphone or tablet.
- FIG. 19 is a diagram showing an example of the configuration of the business terminal 11 according to the third embodiment.
- the same elements as those in FIG. 2 are designated by the same reference numerals, and detailed description thereof will be omitted.
- the business terminal 11 shown in FIG. 19 is different from the business terminal 10 according to the second embodiment in that it further includes a transaction data verification unit 116, a recording unit 117, and a distributed ledger 118.
- Transaction data verification unit 116 When the communication unit 101 receives the transaction data, the transaction data verification unit 116 verifies the validity of the transaction data. Note that this verification may be skipped.
- the transaction data verification unit 116 executes a consensus algorithm for agreeing on the validity of transaction data together with a plurality of terminals 32.
- the transaction data verification unit 116 confirms the validity of the transaction data
- the transaction data verification unit 116 causes the recording unit 117 to record the transaction data.
- the transaction data verification unit 116 verifies the validity of the contract transaction data generated by the transaction data generation unit 105 or the actual transaction data, the determination transaction data, and the confirmation transaction data received by the communication unit 101.
- the transaction data verification unit 116 executes a consensus algorithm for agreeing on the validity of each transaction data. Then, when the transaction data verification unit 116 confirms the validity of each transaction data, the transaction data verification unit 116 causes the recording unit 117 to record each transaction data.
- the recording unit 117 records the transaction data by including the transaction data whose validation has been verified by the transaction data verification unit 116 in a block and storing the transaction data in the distributed ledger 118.
- the recording unit 117 may have a distributed ledger 118 internally configured.
- the distributed ledger 118 stores contract transaction data including contract information, actual transaction data including actual information, determination transaction data including determination results, and confirmation transaction data including confirmation information.
- terminals 32a to 32x will be described. Since the configurations of the terminals 32a to 32x are common, they will be referred to as terminals 32.
- the terminal 32 is an example of a terminal used by the user, like the terminal 30.
- the terminal 32 may be, for example, a personal computer or a mobile terminal such as a smartphone or tablet.
- Any of the terminals 32 is a terminal used by the first user among a plurality of users who have agreed to a contract with the business operator. Further, any of the terminals 32 is a terminal used by a second user different from the first user among the plurality of users who have agreed to a contract with the business operator.
- the terminal 32a that is, the terminal A will be described as a terminal used by the first user.
- the terminal 32b that is, the terminal B will be described as being a terminal used by the second user.
- FIG. 20 is a diagram showing an example of the configuration of the terminal 32 according to the third embodiment.
- the same elements as those in FIG. 4 are designated by the same reference numerals, and detailed description thereof will be omitted.
- the terminal 32 shown in FIG. 20 is different from the terminal 30 according to the first embodiment in that it further includes a transaction data verification unit 325, a recording unit 326, and a distributed ledger 327.
- Transaction data verification unit 325 When the communication unit 301 receives the transaction data, the transaction data verification unit 325 verifies the validity of the transaction data. Note that this verification may be skipped.
- the transaction data verification unit 325 executes a consensus algorithm for agreeing on the validity of the transaction data together with the other terminal 32 and the business terminal 11.
- the transaction data verification unit 325 causes the recording unit 326 to record the transaction data.
- the transaction data verification unit 325 verifies the validity of the contract transaction data, the actual transaction data, the judgment transaction data, and the confirmation transaction data received by the communication unit 301.
- the transaction data verification unit 325 executes a consensus algorithm for agreeing on the validity of each transaction data. Then, when the transaction data verification unit 325 confirms the validity of each transaction data, the transaction data verification unit 325 causes the recording unit 326 to record each transaction data.
- the recording unit 326 records the transaction data by including the transaction data whose validation has been verified by the transaction data verification unit 325 in the block and storing it in the distributed ledger 327.
- the recording unit 326 may have a distributed ledger 327 internally configured.
- the distributed ledger 327 stores contract transaction data including contract information, actual transaction data including actual information, determination transaction data including determination results, and confirmation transaction data including confirmation information.
- FIG. 21 and 22 are sequence diagrams showing audit processing of the management system according to the third embodiment.
- FIG. 22 shows a process following the process shown in FIG.
- the business terminal 11 transfers contract transaction data including contract information indicating this contract to a plurality of terminals 32 (S301).
- the business operator individually concludes a contract with another user B and user C in the same manner as described above, and transmits contract transaction data including contract information indicating the concluded contract to a plurality of terminals 32.
- the business terminal 11 may broadcast contract transaction data including contract information to a plurality of terminals 32.
- the business terminal 11 and the plurality of terminals 32 execute the consensus algorithm, generate a block containing the contract transaction data, and store it in the distributed ledger 118, 327 (S302).
- the terminal A transmits the authentication information to the mobile body generation device 21 (S303).
- the generation device 21 receives the authentication information from the terminal A, and whether or not the user A who uses the terminal A based on the received authentication information is a user who is permitted to use the mobile body including the generation device 21. Is performed (S304).
- the generation device 21 is authenticated successfully (Yes in S305), that is, the user A who uses the terminal A based on the received authentication information is permitted to use the mobile body including the generation device 21. If it is determined that the user is a user, the moving body is transitioned to an available state (S306). If the authentication fails (No in S305), the generator 21 leaves the moving body in an unusable state and returns to step S305.
- the generator 21 may shift the moving body to an available state by unlocking the door for entering the moving body, or by turning on the switch for driving the moving body.
- the moving body may be transitioned to an available state.
- the generator 21 may lock the door for entering the room of the moving body to make the moving body unusable, or leave the switch for driving the moving body OFF.
- the moving object may be made unusable.
- the generation device 21 determines whether or not a predetermined timing has arrived (S307).
- the generation device 21 when it is determined that the predetermined timing has arrived, the generation device 21 generates the first actual information based on the measured usage amount of the service, and the actual transaction data including the generated first actual information. Is generated (S308).
- the first performance information may include user information for identifying the user authenticated in step S304.
- the generation device 21 may determine that a predetermined timing has arrived when the generation device 21 receives the end information indicating that the user A who uses the terminal A ends the use of the mobile body.
- the generation device 21 transmits the generated actual transaction data to the business terminal 11 and the plurality of terminals 32 (S309).
- the generation device 21 may broadcast the actual transaction data including the actual information to the business terminal 11 and the plurality of terminals 32.
- the generation device 21 receives the authentication information from a terminal other than the terminal A (for example, the terminal B), so that the generation device 21 receives the authentication information from the terminal A, as in the case of receiving the authentication information.
- the processes of steps S304 to S309 are performed. Therefore, the actual transaction data including the actual information regarding the usage amount of the service used by the users A to C is transmitted to the business terminal 11 and the plurality of terminals 32.
- the processing will be described as being performed on the business terminal 11, but the same processing as the processing on the business terminal 11 may be performed on the plurality of terminals 32.
- the business operator terminal 11 receives the actual transaction data, and calculates the usage charge of the service of the usage amount indicated by the actual information based on the actual information included in the received actual transaction data (S310).
- the business terminal 11 generates charge transaction data including the calculated usage charge (S311).
- the business terminal 11 transfers the generated charge transaction data to the plurality of terminals 32 (S312).
- the terminal 32 transfers the transaction data
- the transaction data is transferred to the business terminal 11 and another terminal 32.
- the operator terminal 11 and the plurality of terminals 32 execute the consensus algorithm to generate a block containing the actual transaction data and a block including the charge transaction data, and store the blocks in the distributed ledger 118 and 327 (S313). ).
- any one of the business terminal 11 and the plurality of terminals 32 transmits the payment request of the usage fee calculated in step S310 to the terminal A (S314).
- the terminal A makes a payment by receiving an input for payment from the user A by displaying a display (UI) prompting the user A to request payment of the usage fee (S315).
- UI display
- the business terminal 11 determines whether or not the confirmation timing has arrived (S316).
- the business operator terminal 11 generates judgment transaction data including a judgment result of whether or not the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user (S318). ).
- the business terminal 11 transfers the generated determination transaction data to the plurality of terminals 32 (S319).
- the business terminal 11 and the plurality of terminals 32 execute the consensus algorithm, generate a block containing the determination transaction data, and store it in the distributed ledger 118, 327 (S320).
- the business terminal 11 determines whether or not the result of the determination as to whether or not the first performance information is permitted by the rules of the contract contents of the contract concluded between the business operator and the first user is negative. Judgment (S321).
- the business terminal 11 determines that the determination result is negative (Yes in S321), the business terminal 11 notifies the user A's terminal A (that is, terminal 32a) of the negative determination result (S322).
- step S322 When the business terminal 11 ends step S322 or determines that the determination result is positive (No in S321), the business terminal 11 ends the audit process.
- the first performance information is permitted by the rules of the contract contents of the contract concluded between the business operator and the first user by any one of the business terminal 11 and the plurality of terminals 32 such as the terminal A.
- the agent server may determine whether or not the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user.
- FIG. 23 is a diagram showing an example of the configuration of the management system according to the first modification of the third embodiment.
- the same elements as those in FIG. 18 are designated by the same reference numerals, and detailed description thereof will be omitted.
- the management system shown in FIG. 23 is different in configuration from the management system according to the third embodiment in that an agent server 60 is further provided.
- each of the terminals 32a to 32x is also referred to as a terminal 32, but the terminals 32a to 32x may be referred to as terminals A to X.
- the agent server 60 will be described below.
- the agent server 60 is an example of the first server.
- FIG. 24 is a diagram showing an example of the configuration of the agent server 60 according to the first modification of the third embodiment.
- the agent server 60 includes a communication unit 601, a determination unit 602, a transaction data verification unit 603, a recording unit 604, and a distributed ledger 605.
- the agent server 60 can be realized by the processor executing a predetermined program using the memory.
- each component will be described.
- the communication unit 601 receives contract transaction data including contract information from the operator terminal 11.
- the communication unit 601 acquires the contract information by receiving the contract transaction data from the business terminal 11.
- the communication unit 601 may directly receive the contract information from the operator terminal 11.
- the communication unit 601 receives the actual transaction data including the first actual information from the generation device 21.
- the communication unit 601 acquires the first actual information by receiving the actual transaction data from the generation device 21.
- the communication unit 601 may directly receive the first actual information from the generation device 21.
- the communication unit 601 may transmit the contract information and the actual result information of the first user to the terminal 32b of the second user.
- the communication unit 601 receives confirmation transaction data including confirmation information of the confirmation result from the terminal 32b of the second user.
- the communication unit 601 acquires confirmation information by receiving confirmation transaction data from the terminal 32b.
- the communication unit 601 may directly receive the confirmation information from the terminal 32b.
- the communication unit 601 sets the result (audit result) of whether or not the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user by the business operator terminal 11 or the first user. It is transmitted to the terminal 32a of.
- the audit result is information indicating that the first performance information is permitted under the rules of the contract contents of the contract concluded by the business operator and the first user, or the contract contents of the contract concluded by the business operator and the first user. Includes information indicating that the first performance information is not allowed by the rules of.
- the communication unit 601 exchanges each transaction data with the business terminal 11 and the plurality of terminals 32. Specifically, the communication unit 601 transfers each transaction data to the business terminal 11 and the plurality of terminals 32, and receives each transaction data transferred from the business terminal 11 and the plurality of terminals 32.
- Each transaction data includes one of contract transaction data, actual transaction data, judgment transaction data, and confirmation transaction data.
- the communication unit 601 communicates with the business terminal 11, the generator 21, or the plurality of terminals 32 via the network N.
- this communication may be performed by TLS (Transport Layer Security), and the encryption key for TLS communication may be held by the communication unit 601.
- TLS Transport Layer Security
- the determination unit 602 determines whether or not the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user.
- the contract content rules do not allow the first performance information to exceed the threshold included in the contract content. That is, in this rule, for example, the upper limit of the usage amount of the service used by the user in the first period is set.
- the first actual information includes the amount of service used by the user or the actual value that increases as the service usage time increases. This actual value is, for example, the amount of use of the mobile body by the user when the service provided by the business operator is a mobile body sharing service.
- the utilization amount of the moving body is, for example, at least one of the mileage, traveling time, fuel consumption, and power consumption of the moving body.
- the determination unit 602 may determine whether or not the confirmation timing has arrived, and if it determines that the confirmation timing has arrived, may determine whether or not the first performance information is allowed.
- the confirmation timing may be a predetermined timing such as a timing for billing the user for the service usage fee or a timing described in the contract. Further, the confirmation timing may be a timing when the usage amount of the service used after determining that the previous confirmation timing has arrived exceeds a predetermined usage amount. The predetermined usage amount may be larger than the usage amount of the service by the first user in the first period. Further, the confirmation timing may be determined that the confirmation timing has arrived because the second period has elapsed since the determination that the previous confirmation timing has arrived.
- the second period may be longer than the first period or may be the same period as the first period.
- the determination unit 602 may determine that the confirmation timing has arrived when the first actual result information is acquired from the generation device 21.
- the second period may be, for example, 12 hours, 1 day, 1 week, 1 month, or the like.
- the determination unit 602 notifies the communication unit 601 that the timing of confirmation has arrived.
- the confirmation timing is an example of the first timing.
- the judgment unit 602 determines that the first performance information is not allowed in the contract content rule of the contract concluded between the business operator and the first user, that is, the result of this judgment is that the first performance information is based on this rule.
- the contract content and the first actual result information may be transmitted to the terminal 32b of the second user who is different from the first user and belongs to the same group as the first user.
- the determination unit 602 determines that the first performance information is not allowed according to the rules of the contract contents of the contract concluded between the business operator and the first user
- the first user's terminal 32b is sent to the user B's terminal 32b.
- the contract details and the usage amount of the service by the first user in the first period are transmitted.
- the user B can use the terminal 32b to perform an audit based on the contract contents of the user A and the first performance information.
- the judgment unit 602 generates judgment transaction data including a judgment result as to whether or not the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user.
- the determination unit 602 transfers the generated determination transaction data to the communication unit 601.
- the transaction data verification unit 603 verifies the validity of the transaction data when the communication unit 601 receives the transaction data. For example, the transaction data verification unit 603 verifies whether the transaction data received by the communication unit 601 is given an electronic signature generated by a correct method. Note that this verification may be skipped.
- the transaction data received by the communication unit 601 is any one of contract transaction data, actual transaction data, determination transaction data, and confirmation transaction data.
- the transaction data verification unit 603 executes a consensus algorithm for agreeing on the validity of transaction data together with the business terminal 11 and the plurality of terminals 32.
- PBFT Practice Byzantine Fault Tolerance
- Known consensus algorithms include, for example, PoW (Proof of Work) or PoS (Proof of Stake).
- PoW Proof of Work
- PoS Proof of Stake
- the transaction data verification unit 603 receives a report indicating whether or not the transaction data verification is successful from each of the business terminal 11 and the plurality of terminals 32, and the number of such reports is predetermined. Determine if the number of is exceeded. Then, when the number of the reports exceeds a predetermined number, the transaction data verification unit 603 may determine that the validity of the transaction data has been verified by the consensus algorithm.
- the transaction data verification unit 603 When the transaction data verification unit 603 confirms the validity of the transaction data, the transaction data verification unit 603 causes the recording unit 604 to record the transaction data.
- the transaction data verification unit 603 verifies the validity of the contract transaction data, the actual transaction data, the judgment transaction data, and the confirmation transaction data received by the communication unit 601.
- the recording unit 604 records the transaction data by including the transaction data whose validation has been verified by the transaction data verification unit 603 in the block and storing it in the distributed ledger 605.
- the recording unit 604 may have a distributed ledger 605 internally configured.
- the distributed ledger 605 stores contract transaction data including contract information, actual transaction data including actual information, determination transaction data including determination results, and confirmation transaction data including confirmation information.
- FIG. 25 and 26 are sequence diagrams showing an audit process of the management system according to the first modification of the third embodiment.
- FIG. 26 shows a process following the process shown in FIG. 25.
- the business terminal 11 transfers contract transaction data including contract information indicating this contract to a plurality of terminals 32 and an agent server 60 (S401).
- the business operator individually concludes a contract with other user B and user C in the same manner as described above, and a plurality of terminals 32 and the agent server 60 provide contract transaction data including contract information indicating the concluded contract.
- the business terminal 11 may broadcast contract transaction data including contract information to a plurality of terminals 32 and an agent server 60.
- the business terminal 11, the plurality of terminals 32, and the agent server 60 execute the consensus algorithm, generate a block containing the contract transaction data, and store it in the distributed ledger 118, 327, 605 (S402).
- the terminal A transmits the authentication information to the mobile body generation device 21 (S403).
- the generation device 21 receives the authentication information from the terminal A, and whether or not the user A who uses the terminal A based on the received authentication information is a user who is permitted to use the mobile body including the generation device 21. Is performed (S404).
- the generation device 21 is authenticated successfully (Yes in S405), that is, the user A who uses the terminal A based on the received authentication information is permitted to use the mobile body including the generation device 21. If it is determined that the user is, the moving body is transitioned to an available state (S406). If the authentication fails (No in S405), the generator 21 leaves the moving body in an unusable state and returns to step S405.
- the generator 21 may shift the moving body to an available state by unlocking the door for entering the moving body, or by turning on the switch for driving the moving body. The moving body may be transitioned to an available state. Conversely, the generator 21 may lock the door for entering the room of the moving body to make the moving body unusable, or leave the switch for driving the moving body OFF.
- the moving object may be made unusable.
- the generation device 21 determines whether or not a predetermined timing has arrived (S407).
- the generation device 21 when it is determined that a predetermined timing has arrived, the generation device 21 generates the first actual result information based on the measured usage amount of the service, and the actual transaction data including the generated first actual result information. Is generated (S408).
- the first performance information may include user information for identifying the user authenticated in step S404.
- the generation device 21 may determine that a predetermined timing has arrived when the generation device 21 receives the end information indicating that the user A who uses the terminal A ends the use of the mobile body.
- the generation device 21 transmits the generated actual transaction data to the business terminal 11, the plurality of terminals 32, and the agent server 60 (S409).
- the generation device 21 may broadcast the actual transaction data including the actual information to the business terminal 11, the plurality of terminals 32, and the agent server 60.
- the generation device 21 receives the authentication information from a terminal other than the terminal A (for example, the terminal B), so that the generation device 21 receives the authentication information from the terminal A, as in the case of receiving the authentication information.
- the processes of steps S404 to S409 are performed. Therefore, the actual transaction data including the actual information regarding the usage amount of the services used by the users A to C is transmitted to the agent server 60.
- the agent server 60 receives the actual transaction data, and calculates the usage charge of the service of the usage amount indicated by the actual information based on the actual information included in the received actual transaction data (S410).
- the agent server 60 generates charge transaction data including the calculated usage charge (S411).
- the agent server 60 transfers the generated charge transaction data to the operator terminal 11 and the plurality of terminals 32 (S412).
- the operator terminal 11, the plurality of terminals 32, and the agent server 60 execute the consensus algorithm to generate a block containing the actual transaction data and a block including the charge transaction data, and the distributed ledger 118, 327, It is stored in 605 (S413).
- the agent server 60 transmits the payment request for the usage fee calculated in step S410 to the terminal A (S414).
- the terminal A makes a payment by receiving an input for payment from the user A by displaying a display (UI) prompting the user A to request payment of the usage fee (S415).
- UI display
- the agent server 60 determines whether or not the confirmation timing has arrived (S416).
- the agent server 60 determines whether or not the first performance information is permitted by the contract content rules of the contract concluded between the business operator and the first user. Judgment (S417). If the agent server 60 determines that the confirmation timing has not arrived (No in S416), the agent server 60 returns to step S416.
- the agent server 60 generates determination transaction data including a determination result of whether or not the first actual information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user (S418). ..
- the agent server 60 transfers the generated determination transaction data to the business terminal 11 and the plurality of terminals 32 (S419).
- the business terminal 11, the plurality of terminals 32, and the agent server 60 execute the consensus algorithm, generate a block containing the determination transaction data, and store it in the distributed ledger 118, 327 (S420).
- the agent server 60 determines whether or not the result of the determination as to whether or not the first performance information is permitted in the contract content rules of the contract concluded between the business operator and the first user is negative. (S421).
- the agent server 60 determines that the determination result is negative (Yes in S421), the agent server 60 notifies the terminal A (that is, the terminal 32a) of the user A of the negative determination result (S422).
- step S422 ends or the determination result is determined to be positive (No in S421), the agent server 60 ends the audit process.
- Modification 2 In the first modification of the third embodiment, the case where the agent server, the plurality of terminals 32, and the operator terminal 11 have a distributed ledger composed of a plurality of ledgers having the same contents has been described, but the present invention is not limited to this.
- the agent server and the plurality of authentication servers may have a distributed ledger composed of a plurality of ledgers having the same contents, and the plurality of terminals 32 and the business terminal 11 may not have the distributed ledger.
- the agent server and a plurality of authentication servers have a distributed ledger consisting of a plurality of ledgers having the same contents
- the agent server identifies the contractor who audits the contract of the newly concluded contract, and verifies whether the specified contractor has agreed to the contract. explain.
- the points different from the modification 1 and the like described above will be mainly described.
- FIG. 27 is a diagram showing an example of the configuration of the management system according to the second modification of the third embodiment.
- the same elements as those in FIGS. 18 and 23 are designated by the same reference numerals, and detailed description thereof will be omitted.
- the management system shown in FIG. 27 is different in configuration from the management system shown in FIG. 18 in that it further includes an agent server 60 and an authentication server 51a to an authentication server 51c. Since the agent server 60 shown in FIG. 27 is as described in the first modification of the third embodiment, the description thereof will be omitted here. Further, in the following, each of the terminals 32a to 32x is also referred to as a terminal 32, but the terminals 32a to 32x may be referred to as terminals A to X. Similarly, each of the authentication servers 51a to 51c is also referred to as an authentication server 51, but the authentication servers 51a to 51c may be referred to as an authentication server A to an authentication server C.
- the authentication server 51 is an example of the first server.
- FIG. 28 is a diagram showing an example of the configuration of the authentication server 51 according to the second modification of the third embodiment.
- the same elements as those in FIG. 5 are designated by the same reference numerals, and detailed description thereof will be omitted.
- the authentication server 51 shown in FIG. 28 is different from the authentication server 50 shown in FIG. 5 in that the determination unit 502 is not configured.
- the authentication server 51 can also be realized by the processor executing a predetermined program using the memory.
- FIG. 29 and 30 are sequence diagrams showing an audit process of the management system according to the second modification of the third embodiment.
- FIG. 30 shows a process following the process shown in FIG. 29.
- the business terminal 11 transfers contract transaction data including contract information indicating this contract to a plurality of authentication servers 51 and agent server 60 (S501).
- the business operator individually concludes a contract with other user B and user C, and a plurality of authentication servers 51 and an agent server provide contract transaction data including contract information indicating the concluded contract.
- Send to 60 The business terminal 11 may broadcast contract transaction data including contract information to a plurality of authentication servers 51 and agent servers 60.
- the plurality of authentication servers 51 and the agent server 60 execute the consensus algorithm, generate blocks including contract transaction data, and store them in the distributed ledgers 505 and 605 (S502).
- the terminal A transmits the authentication information to the mobile body generation device 21 (S503).
- the generation device 21 receives the authentication information from the terminal A, and whether or not the user A who uses the terminal A based on the received authentication information is a user who is permitted to use the mobile body including the generation device 21. Is performed (S504).
- the generation device 21 is authenticated successfully (Yes in S505), that is, the user A who uses the terminal A based on the received authentication information is permitted to use the mobile body including the generation device 21.
- the moving body is transitioned to an available state (S506). If the authentication fails (No in S505), the generator 21 leaves the moving body in an unusable state and returns to step S505.
- the generator 21 may shift the moving body to an available state by unlocking the door for entering the moving body, or by turning on the switch for driving the moving body.
- the moving body may be transitioned to an available state.
- the generator 21 may lock the door for entering the room of the moving body to make the moving body unusable, or leave the switch for driving the moving body OFF.
- the moving object may be made unusable.
- the generation device 21 determines whether or not a predetermined timing has arrived (S507).
- the generation device 21 when it is determined that a predetermined timing has arrived, the generation device 21 generates the first actual result information based on the measured usage amount of the service, and the actual transaction data including the generated first actual result information. Is generated (S508).
- the first performance information may include user information for identifying the user authenticated in step S504.
- the generation device 21 may determine that a predetermined timing has arrived when the generation device 21 receives the end information indicating that the user A who uses the terminal A ends the use of the mobile body.
- the generation device 21 transmits the generated actual transaction data to the plurality of authentication servers 51 and the agent server 60 (S509).
- the generation device 21 may broadcast the actual transaction data including the actual information to the plurality of authentication servers 51 and the agent server 60.
- the generation device 21 receives the authentication information from a terminal other than the terminal A (for example, the terminal B), so that the generation device 21 receives the authentication information from the terminal A, as in the case of receiving the authentication information.
- the processes of steps S504 to S509 are performed. Therefore, the actual transaction data including the actual information regarding the usage amount of the services used by the users A to C is transmitted to the agent server 60.
- the agent server 60 receives the actual transaction data, and calculates the usage charge of the service of the usage amount indicated by the actual information based on the actual information included in the received actual transaction data (S510).
- the agent server 60 generates charge transaction data including the calculated usage charge (S511).
- the agent server 60 transfers the generated charge transaction data to the plurality of authentication servers 51 (S512).
- the plurality of authentication servers 51 and the agent server 60 execute the consensus algorithm to generate a block containing the actual transaction data and a block including the charge transaction data, and store the blocks in the distributed ledgers 505 and 605 (S513). ).
- the agent server 60 transmits the payment request for the usage fee calculated in step S510 to the terminal A (S514).
- the terminal A makes a payment by displaying a display (UI) prompting the user A to request payment of the usage fee and accepting an input for payment from the user A (S515).
- UI display
- the agent server 60 determines whether or not the confirmation timing has arrived (S516).
- the agent server 60 determines whether or not the first performance information is permitted by the rules of the contract contents of the contract concluded between the business operator and the first user. Judgment (S517). If the agent server 60 determines that the confirmation timing has not arrived (No in S516), the agent server 60 returns to step S516.
- the agent server 60 generates determination transaction data including a determination result of whether or not the first actual information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user (S518). ..
- the agent server 60 transfers the generated determination transaction data to the plurality of authentication servers 51 (S519).
- the plurality of authentication servers 51 and the agent server 60 execute the consensus algorithm, generate a block containing the determination transaction data, and store it in the distributed ledger 118, 327 (S520).
- the agent server 60 determines whether or not the result of the determination as to whether or not the first performance information is permitted in the contract content rules of the contract concluded between the business operator and the first user is negative. (S521).
- the agent server 60 determines that the determination result is negative (Yes in S521), the agent server 60 notifies the terminal A (that is, the terminal 32a) of the user A of the negative determination result (S522).
- step S522 ends or the determination result is determined to be positive (No in S521), the agent server 60 ends the audit process.
- the authentication server, the agent server, and the like determine whether or not the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user. I explained, but it is not limited to this.
- the authentication server, agent server, and the like may further be equipped with AI (Artificial Intelligence).
- AI Artificial Intelligence
- the authentication server, the agent server, and the like may have the AI determine whether or not the first performance information is permitted according to the rules of the contract contents of the contract concluded between the business operator and the first user.
- Each device in the above embodiment is specifically a computer system composed of a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like.
- a computer program is recorded in the RAM or the hard disk unit.
- the microprocessor operates according to the computer program, each device achieves its function.
- a computer program is configured by combining a plurality of instruction codes indicating commands to a computer in order to achieve a predetermined function.
- Each device in the above embodiment may be composed of a part or all of the constituent elements of one system LSI (Large Scale Integration).
- a system LSI is an ultra-multifunctional LSI manufactured by integrating a plurality of components on a single chip, and specifically, is a computer system including a microprocessor, ROM, RAM, and the like. ..
- a computer program is recorded in the RAM. When the microprocessor operates according to the computer program, the system LSI achieves its function.
- each part of the component components constituting each of the above devices may be individually integrated into one chip, or may be integrated into one chip so as to include a part or all of them.
- system LSI Although it is referred to as a system LSI here, it may be referred to as an IC, an LSI, a super LSI, or an ultra LSI due to the difference in the degree of integration. Further, the method of making an integrated circuit is not limited to LSI, and may be realized by a dedicated circuit or a general-purpose processor. An FPGA (Field Programmable Gate Array) that can be programmed after the LSI is manufactured, or a reconfigurable processor that can reconfigure the connection and settings of the circuit cells inside the LSI may be used.
- FPGA Field Programmable Gate Array
- each of the above devices may be composed of an IC card or a single module that can be attached to and detached from each device.
- the IC card or the module is a computer system composed of a microprocessor, a ROM, a RAM, and the like.
- the IC card or the module may include the above-mentioned super multifunctional LSI.
- the microprocessor operates according to a computer program, the IC card or the module achieves its function. This IC card or this module may have tamper resistance.
- the present disclosure may be the method shown above. Further, it may be a computer program that realizes these methods by a computer, or it may be a digital signal composed of the computer program.
- the present disclosure discloses a recording medium in which the computer program or the digital signal can be read by a computer, such as a flexible disc, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, and a BD (Blu-ray).
- a computer such as a flexible disc, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, and a BD (Blu-ray).
- BD Blu-ray
- the computer program or the digital signal may be transmitted via a telecommunication line, a wireless or wired communication line, a network typified by the Internet, data broadcasting, or the like.
- the present disclosure is a computer system including a microprocessor and a memory, in which the memory records the computer program, and the microprocessor may operate according to the computer program.
- This disclosure can be used for control methods, servers, and programs. For example, when a business operator and a user make an individual contract in a vehicle sharing service, etc., the contract of the contract concluded between the business operator and the first user. It can be used for control methods, servers, programs, etc. that can determine whether or not performance information is allowed by the content rules.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Tourism & Hospitality (AREA)
- Economics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Primary Health Care (AREA)
- Human Resources & Organizations (AREA)
- Marketing (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Development Economics (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
まず、本開示に係るシステム構成について説明する。
図1は、実施の形態1に係る管理システムの構成の一例を示す図である。
事業者端末10は、事業者により使用される端末の一例である。事業者は、グループ単位で利用できるサービスを提供する。グループには、複数のユーザが含まれる。事業者は、一のグループに含まれる複数のユーザのそれぞれと、提供するサービスについて個別に契約を締結し、締結された契約に応じたサービスを提供する。例えば、事業者は、締結された契約に応じた量のサービスを提供する。なお、サービスを提供する事業者は管理システムのユーザの一例であり、事業者からサービスの提供を受けるユーザは管理システムのユーザの一例である。
通信部101は、事業者とユーザとの間の契約の契約内容と、ユーザの電子署名とを含む契約情報を含む契約トランザクションデータを、認証サーバ50に送信する。
入力部102は、事業者の操作による情報入力を受け付ける。入力部102は、受け付けた情報入力を、表示部103に表示したり、情報生成部104に送信したり、通信部101に送信したりする。
表示部103は、入力部102が受け付けた情報入力を表示する。表示部103は、認証サーバ50から通知された情報を表示する。
情報生成部104は、契約に関する第1情報を生成する。
トランザクションデータ生成部105は、契約トランザクションデータを生成する。
生成装置20は、ユーザ毎のサービスの利用実績に関する実績情報を生成する装置の一例である。生成装置20のいずれかは、事業者との間で契約を合意した複数のユーザのうちの第1ユーザにより使用される装置である。また、生成装置20のいずれかは、事業者との間で契約を合意した複数のユーザのうちの第1ユーザとは異なる第2ユーザにより使用される装置である。
通信部201は、ネットワークNを介して情報を認証サーバ50に送信する。また、通信部201は、認証サーバ50から情報を受信したりまたは通知されたりしてもよい。また、通信部201は、ネットワークNを介して、事業者端末10に情報を送信してもよいし、事業者端末10からの情報を受信してもよい。
計測部202は、事業者から提供されたサービスの、ユーザによる利用実績を計測する。計測部202は、例えば、事業者により提供されるサービスが電力である場合、ユーザによる電力の利用量を計測する。電力の利用量は、例えば、ユーザの住宅40により消費された消費電力量である。計測部202は、事業者により提供されるサービスが移動体通信である場合、ユーザによる通信の利用量を計測する。通信の利用量は、例えば、ユーザの端末30により通信に利用された通信データ量である。計測部202は、事業者により提供されるサービスが移動体のシェアリングサービスである場合、ユーザによる移動体の利用量を計測する。移動体の利用量は、例えば、移動体の走行距離、走行時間、消費燃料、および消費電力量のうちの少なくとも1つである。計測部202は、計測結果、つまり、計測したユーザによる利用実績を、情報生成部204に送信したり、通信部201に送信したりする。
判断部203は、所定のタイミングが到来したか否かを判定する。判断部203は、例えば、計測部202により計測が開始されてから第1期間が経過したことで所定のタイミングが到来したと判定してもよいし、前回所定のタイミングが到来したと判定してから第1期間が経過したことで所定のタイミングが到来したと判定してもよい。第1期間は、例えば、12時間、1日、1週間、1ヶ月などであってもよい。判断部203は、所定のタイミングが到来したことを通信部201または情報生成部204に通知する。
情報生成部204は、第1期間において計測部202により計測されることで得られた第1期間における第1ユーザによる第1利用実績と、第1ユーザの電子署名とを含む第1実績情報を生成する。情報生成部204は、判断部203により所定のタイミングが到来したと判定されたときに、計測部202により計測されたサービスの利用量に基づいて第1実績情報を生成する。情報生成部204は、計測部202が第1ユーザによるサービスの利用開始からの累積利用量を計測している場合には、前回のタイミングで第1実績情報を生成する基になった累積利用量を、今回のタイミングにおける計測部202により計測された累積利用量から減算することで、前回のタイミングから今回のタイミングまでの第1期間における第1ユーザによる第1利用実績を算出する。情報生成部204は、計測部202が前回のタイミングからの第1ユーザによる第1利用実績を計測している場合には、計測部202により今回のタイミングにおいて計測された利用量を、前回のタイミングから今回のタイミングまでの第1期間における第1ユーザによる第1利用実績として取得する。第1実績情報は、第1利用実績が計測された時間を含んでいてもよい。なお、第1実績情報は、単に実績情報とも称する。
トランザクションデータ生成部205は、実績トランザクションデータを生成する。
端末30は、ユーザにより使用される端末の一例である。端末30は、例えばパーソナルコンピュータであってもよいし、スマートフォン及びタブレットなどの携帯端末であってもよい。端末30のいずれかは、事業者との間で契約を合意した複数のユーザのうちの第1ユーザにより使用される端末である。また、端末30のいずれかは、事業者との間で契約を合意した複数のユーザのうちの第1ユーザとは異なる第2ユーザにより使用される端末である。
通信部301は、ネットワークNを介して情報を認証サーバ50に送信したり、認証サーバ50から情報を受信したりまたは通知されたりする。また、通信部301は、ネットワークNを介して、事業者端末10に情報を送信したり、事業者端末10からの情報を受信したりする。
入力部302は、ユーザの操作による情報入力を受け付ける。入力部302は、受け付けた情報入力を、表示部303に表示したり、情報生成部304に送信したり、通信部301に送信したりする。
表示部303は、入力部302が受け付けた情報入力を表示する。表示部303は、認証サーバ50から送信された情報を表示する。
情報生成部304は、事業者および第1ユーザで締結された契約の契約内容のルールで第1実績情報が許容されるか否かの第2ユーザによる確認結果と、第2ユーザの電子署名とを含む確認情報を生成する。
トランザクションデータ生成部305は、確認トランザクションデータを生成する。
認証サーバ50は、第1サーバの一例である。
通信部501は、事業者端末10から契約情報を含む契約トランザクションデータを受信する。通信部501は、事業者端末10から契約トランザクションデータを受信することで契約情報を取得する。通信部501は、事業者端末10から契約情報を直接受信してもよい。
判断部502は、事業者および第1ユーザで締結された契約の契約内容のルールで第1実績情報が許容されるか否かを判定する。契約内容のルールでは、第1実績情報が契約内容に含まれる閾値を超えることが許容されない。つまり、このルールでは、例えば、第1期間においてユーザにより利用されたサービスの利用量の上限が定められている。なお、第1実績情報は、ユーザによるサービスの利用量、または、サービスの利用時間が増加するにしたがって増加する実績値を含む。この実績値は、例えば、事業者により提供されるサービスが電力である場合、ユーザによる電力の利用量である。電力の利用量は、例えば、ユーザの住宅40により消費された消費電力量である。また、実績値は、事業者により提供されるサービスが移動体通信である場合、ユーザによる通信の利用量である。通信の利用量は、例えば、ユーザの端末30により通信に利用された通信データ量である。また、実績値は、事業者により提供されるサービスが移動体のシェアリングサービスである場合、ユーザによる移動体の利用量である。移動体の利用量は、例えば、移動体の走行距離、走行時間、消費燃料、および消費電力量のうちの少なくとも1つである。
トランザクションデータ検証部503は、通信部501がトランザクションデータを受信したとき、そのトランザクションデータの正当性を検証する。例えば、トランザクションデータ検証部503は、通信部501が受信したトランザクションデータに、正しい方法で生成された電子署名が付与されているかなどを検証する。なお、この検証はスキップされてもよい。ここで、通信部501が受信するトランザクションデータは、契約トランザクションデータ、実績トランザクションデータ、判定トランザクションデータ、および確認トランザクションデータのいずれかである。
記録部504は、トランザクションデータ検証部503により正当性の検証がなされたトランザクションデータをブロックに含めて分散台帳505に格納することで、トランザクションデータを記録する。
分散台帳505は、契約情報を含む契約トランザクションデータ、実績情報を含む実績トランザクションデータ、判定結果を含む判定トランザクションデータ、および、確認情報を含む確認トランザクションデータを格納している。
次に、以上のように構成された管理システムの動作について説明する。
以上のように、実施の形態1に係る管理システム等によれば、事業者により提供されたサービスのユーザによる利用実績に関する第1実績情報が、契約に基づくルールで許容されるか否かを判定することができるだけでなく、その判定結果を含む判定トランザクションデータを分散台帳に格納することができる。
管理システムの監査処理のうち、図7を用いて説明したステップS110以降の処理について、図8に示すように一部の処理を置き換えてもよい。
管理システムの監査処理のうち、図7を用いて説明したステップS110以降の処理について、図9に示すように一部の処理を置き換えてもよい。
図10は、実施の形態2に係る管理システムの構成の一例を示す図である。
図12は、実施の形態2に係る生成装置21の構成の一例を示す図である。図3と同様の要素には同一の符号を付しており、詳細な説明を省略する。
認証部216は、端末31から認証情報を受信し、受信した認証情報に基づいて端末31を使用するユーザが、生成装置21を含む移動体の利用が許可されているユーザであるか否かを認証する。認証部216は、具体的には、受信した認証情報が予め記憶されている情報に含まれるか否かを判定する。認証部216は、端末31から受信した認証情報が当該情報に含まれる場合、端末31を使用するユーザが生成装置21を含む移動体の利用が許可されているユーザであると判定し、当該認証情報が当該情報に含まれない場合、端末31を使用するユーザが移動体の利用が許可されていないユーザであると判定する。
図13は、実施の形態2に係る端末31の構成の一例を示す図である。図4と同様の要素には同一の符号を付しており、詳細な説明を省略する。
記憶部316は、生成装置21を含む移動体の利用を認証するための認証情報を記憶している。記憶部316に記憶されている認証情報は、例えば、端末31のユーザによる認証のための入力が入力部302により受け付けられると、通信部301により生成装置21へ送信される。認証情報は、ユーザが端末31を操作することで、移動体の利用するための登録を外部サーバとの間で行うことにより、外部サーバから端末31が受信した情報であってもよい。
次に、以上のように構成された管理システムの動作について説明する。
以上のように、実施の形態2に係る管理システム等によれば、1つの生成装置21が複数のユーザによるサービスの利用実績をユーザ毎に個別に計測する場合であっても、事業者により提供されたサービスのユーザによる利用実績に関する第1実績情報が、契約に基づくルールで許容されるか否かを判定することができるだけでなく、その判定結果を含む判定トランザクションデータを分散台帳に格納することができる。
管理システムの監査処理のうち、図15を用いて説明したステップS217以降の処理について、図16に示すように一部の処理を置き換えてもよい。
管理システムの監査処理のうち、図15を用いて説明したステップS217以降の処理について、図17に示すように一部の処理を置き換えてもよい。
実施の形態2では、管理システムが備える複数の認証サーバ50の分散台帳に、各トランザクションデータに含まれる情報を格納するとして説明したが、これに限らない。管理システムは、認証サーバを備えず、それぞれが分散台帳を有する事業者端末及び複数の端末を備えてもよい。そして、このような場合に、事業者端末及び複数の端末の分散台帳に監査結果を受けて有効化された契約に格納してもよい。以下、実施の形態1及び実施の形態2と、異なる点を中心に説明する。
図18は、実施の形態3に係る管理システムの構成の一例を示す図である。図1及び図10と同様の要素には同一の符号を付しており、詳細な説明を省略する。
事業者端末11は、事業者端末10と同様に、事業者により使用される端末の一例である。事業者端末11は、例えばパーソナルコンピュータであってもよいし、スマートフォン及びタブレットなどの携帯端末であってもよい。
トランザクションデータ検証部116は、通信部101がトランザクションデータを受信したとき、そのトランザクションデータの正当性を検証する。なお、この検証はスキップされてもよい。
記録部117は、トランザクションデータ検証部116により正当性の検証がなされたトランザクションデータをブロックに含めて分散台帳118に格納することで、そのトランザクションデータを記録する。
分散台帳118は、契約情報を含む契約トランザクションデータ、実績情報を含む実績トランザクションデータ、判定結果を含む判定トランザクションデータ、および、確認情報を含む確認トランザクションデータを格納している。
端末32は、端末30と同様に、ユーザにより使用される端末の一例である。端末32は、例えばパーソナルコンピュータであってもよいし、スマートフォン及びタブレットなどの携帯端末であってもよい。端末32のいずれかは、事業者との間で契約を合意した複数のユーザのうちの第1ユーザにより使用される端末である。また、端末32のいずれかは、事業者との間で契約を合意した複数のユーザのうちの第1ユーザとは異なる第2ユーザにより使用される端末である。
トランザクションデータ検証部325は、通信部301がトランザクションデータを受信したとき、そのトランザクションデータの正当性を検証する。なお、この検証はスキップされてもよい。
記録部326は、トランザクションデータ検証部325により正当性の検証がなされたトランザクションデータをブロックに含めて分散台帳327に格納することで、そのトランザクションデータを記録する。
分散台帳327は、契約情報を含む契約トランザクションデータ、実績情報を含む実績トランザクションデータ、判定結果を含む判定トランザクションデータ、および、確認情報を含む確認トランザクションデータを格納している。
次に、以上のように構成された管理システムの動作について説明する。
以上のように、実施の形態3に係る管理システム等によれば、1つの生成装置21が複数のユーザによるサービスの利用実績をユーザ毎に個別に計測する場合であっても、事業者により提供されたサービスのユーザによる利用実績に関する第1実績情報が、契約に基づくルールで許容されるか否かを判定することができるだけでなく、その判定結果を含む判定トランザクションデータを分散台帳に格納することができる。
上記の実施の形態3では、事業者端末11および端末Aなどの複数の端末32のいずれかが、事業者および第1ユーザで締結された契約の契約内容のルールで第1実績情報が許容されるか否かの判定を行う場合について説明したが、これに限らない。エージェントサーバが事業者および第1ユーザで締結された契約の契約内容のルールで第1実績情報が許容されるか否かの判定を行ってもよい。
図23は、実施の形態3の変形例1に係る管理システムの構成の一例を示す図である。図18と同様の要素には同一の符号を付しており、詳細な説明を省略する。
エージェントサーバ60は、第1サーバの一例である。
通信部601は、事業者端末11から契約情報を含む契約トランザクションデータを受信する。通信部601は、事業者端末11から契約トランザクションデータを受信することで契約情報を取得する。通信部601は、事業者端末11から契約情報を直接受信してもよい。
判断部602は、事業者および第1ユーザで締結された契約の契約内容のルールで第1実績情報が許容されるか否かを判定する。契約内容のルールでは、第1実績情報が契約内容に含まれる閾値を超えることが許容されない。つまり、このルールでは、例えば、第1期間においてユーザにより利用されたサービスの利用量の上限が定められている。なお、第1実績情報は、ユーザによるサービスの利用量、または、サービスの利用時間が増加するにしたがって増加する実績値を含む。この実績値は、例えば、事業者により提供されるサービスが移動体のシェアリングサービスである場合、ユーザによる移動体の利用量である。移動体の利用量は、例えば、移動体の走行距離、走行時間、消費燃料、および消費電力量のうちの少なくとも1つである。
トランザクションデータ検証部603は、通信部601がトランザクションデータを受信したとき、そのトランザクションデータの正当性を検証する。例えば、トランザクションデータ検証部603は、通信部601が受信したトランザクションデータに、正しい方法で生成された電子署名が付与されているかなどを検証する。なお、この検証はスキップされてもよい。ここで、通信部601が受信するトランザクションデータは、契約トランザクションデータ、実績トランザクションデータ、判定トランザクションデータ、および確認トランザクションデータのいずれかである。
記録部604は、トランザクションデータ検証部603により正当性の検証がなされたトランザクションデータをブロックに含めて分散台帳605に格納することで、トランザクションデータを記録する。
分散台帳605は、契約情報を含む契約トランザクションデータ、実績情報を含む実績トランザクションデータ、判定結果を含む判定トランザクションデータ、および、確認情報を含む確認トランザクションデータを格納している。
次に、以上のように構成された管理システムの動作について説明する。
上記の実施の形態3の変形例1では、エージェントサーバと複数の端末32と事業者端末11とが、同一内容の複数の台帳からなる分散台帳を有する場合について説明したが、これに限らない。エージェントサーバと複数の認証サーバが同一内容の複数の台帳からなる分散台帳を有し、複数の端末32と事業者端末11とは当該分散台帳を有さないとしてもよい。
図27は、実施の形態3の変形例2に係る管理システムの構成の一例を示す図である。図18及び図23と同様の要素には同一の符号を付しており、詳細な説明を省略する。
ここでは、認証サーバ51a~認証サーバ51cの構成は共通しているので、認証サーバ51と称して説明する。
次に、以上のように構成された管理システムの動作について説明する。
以上のように、本開示について上記の実施の形態に基づいて説明してきたが、本開示は、上記の実施の形態に限定されないのはもちろんである。以下のような場合も本開示に含まれる。
20、20a、20b、20c、20x、21 生成装置
30、30a、30b、30c、30x、31、31a、31b、31c、31x、32、32a、32b、32c、32x 端末
40a、40b、40c、40x 住宅
50、50a、50b、50c、51、51a、51b、51c 認証サーバ
60 エージェントサーバ
101、201、301、501、601 通信部
102、302 入力部
103、303 表示部
104、204、304 情報生成部
105、205、305 トランザクションデータ生成部
116、325、503、603 トランザクションデータ検証部
117、326、504、604 記録部
118、327、505、605 分散台帳
202 計測部
203、502、602 判断部
216 認証部
316 記憶部
Claims (10)
- 事業者から提供されたサービスをグループ単位で利用した場合における一のグループに属するユーザ毎の利用実績に関する実績情報を生成する生成装置と、複数のサーバとを備えるシステムにおける、前記複数のサーバのうちの第1サーバによって実行される制御方法であって、
前記一のグループに属する第1ユーザによる第1利用実績に関する第1実績情報を前記生成装置から取得し、
取得した前記第1実績情報が、前記第1サーバに記憶されている前記第1ユーザおよび前記事業者の間で締結された契約の契約内容に基づくルールで許容されるか否かを判定し、
前記判定による判定結果を含む第1トランザクションデータを、前記複数のサーバのうちの前記第1サーバとは異なる複数の第2サーバに転送し、かつ、前記第1トランザクションデータを含む第1ブロックを前記第1サーバが管理する分散台帳に格納する
制御方法。 - さらに、
第1のタイミングが到来したか否かを判定し、
前記第1のタイミングが到来したと判定した場合、前記第1実績情報が前記ルールで許容されるか否かを判定する
請求項1に記載の制御方法。 - さらに、
前記判定結果が、前記第1実績情報が前記ルールで許容されないことを示す場合、前記第1ユーザとは異なり、かつ、前記一のグループに属する第2ユーザの端末へ、前記契約内容および前記第1実績情報を送信し、
前記端末から前記契約内容および前記第1実績情報についての前記第2ユーザによる確認結果を取得し、
取得した前記確認結果を、前記複数の第2サーバに転送し、かつ、前記確認結果を含む第2ブロックを前記分散台帳に格納する
請求項1または2に記載の制御方法。 - さらに、
取得した前記第1実績情報を、前記複数の第2サーバに転送し、かつ、前記第1実績情報を含む第3ブロックを前記分散台帳に格納する
請求項1から3のいずれか1項に記載の制御方法。 - 前記第1ブロックを前記分散台帳に格納する際、
前記複数の第2サーバとともに、前記第1トランザクションデータを含むトランザクションデータの正当性について合意するためのコンセンサスアルゴリズムを実行し、
前記コンセンサスアルゴリズムによって前記トランザクションデータの正当性について合意された場合、前記トランザクションデータを含むブロックを前記分散台帳に格納する
請求項1から4のいずれか1項に記載の制御方法。 - 前記システムは、前記ユーザ毎にそれぞれ使用される複数の端末をさらに備え、
前記複数の端末はそれぞれ、前記分散台帳を有し、
前記第1トランザクションデータを含むブロックを前記分散台帳に格納する際、
前記複数の端末とともに、前記第1トランザクションデータを含むトランザクションデータの正当性について合意するためのコンセンサスアルゴリズムを実行し、
前記コンセンサスアルゴリズムによって前記トランザクションデータの正当性について合意された場合、前記トランザクションデータを含むブロックを前記分散台帳に格納する
請求項1から4のいずれか1項に記載の制御方法。 - 前記トランザクションデータを含むブロックを前記分散台帳に格納する際、
前記トランザクションデータをブロックチェーンのトランザクションデータとして前記分散台帳に格納する
請求項5または6に記載の制御方法。 - 前記第1実績情報は、前記第1ユーザによる前記サービスの利用量、または、利用時間が増加するにしたがって増加する実績値を含み、
前記ルールでは、前記第1実績情報が前記契約内容に含まれる閾値を超えることが許容されない
請求項1から7のいずれか1項に記載の制御方法。 - 事業者から提供されたサービスをグループ単位で利用した場合における一のグループに属するユーザ毎の利用実績に関する実績情報を生成する生成装置と、複数のサーバとを備えるシステムにおける、前記複数のサーバのうちの一つのサーバであって、
プロセッサと、
メモリと、を備え、
前記プロセッサは、
一のグループに属する第1ユーザによる第1利用実績に関する第1実績情報を前記生成装置から取得し、
取得した前記第1実績情報が、前記サーバに記憶されている前記第1ユーザおよび前記事業者の間で締結された契約に基づくルールで許容されるか否かを判定し、
前記判定による判定結果を含む第1トランザクションデータを、前記複数のサーバのうちの前記一つのサーバとは異なる複数の他のサーバに転送し、かつ、前記第1トランザクションデータを含む第1ブロックを前記サーバが管理する分散台帳に格納する
サーバ。 - 事業者から提供されたサービスをグループ単位で利用した場合における一のグループに属するユーザ毎の利用実績に関する実績情報を生成する生成装置と、複数のサーバとを備えるシステムにおける、前記複数のサーバのうちの第1サーバによって実行される制御方法をコンピュータに実行させるためのプログラムであって、
一のグループに属する第1ユーザによる第1利用実績に関する第1実績情報を前記生成装置から取得し、
取得した前記第1実績情報が、前記第1サーバに記憶されている前記第1ユーザおよび前記事業者の間で締結された契約に基づくルールで許容されるか否かを判定し、
前記判定による判定結果を含む第1トランザクションデータを、前記複数のサーバのうちの前記第1サーバとは異なる複数の第2サーバに転送し、かつ、前記第1トランザクションデータを含む第1ブロックを前記第1サーバが管理する分散台帳に格納することを
コンピュータに実行させるためのプログラム。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202080047814.4A CN114127773A (zh) | 2019-08-01 | 2020-07-28 | 控制方法、服务器及程序 |
JP2021535367A JPWO2021020408A1 (ja) | 2019-08-01 | 2020-07-28 | |
US17/579,927 US20220147984A1 (en) | 2019-08-01 | 2022-01-20 | Control method, server, and recording medium |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201962881589P | 2019-08-01 | 2019-08-01 | |
US62/881,589 | 2019-08-01 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/579,927 Continuation US20220147984A1 (en) | 2019-08-01 | 2022-01-20 | Control method, server, and recording medium |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021020408A1 true WO2021020408A1 (ja) | 2021-02-04 |
Family
ID=74228501
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2020/028947 WO2021020408A1 (ja) | 2019-08-01 | 2020-07-28 | 制御方法、サーバ、及び、プログラム |
Country Status (4)
Country | Link |
---|---|
US (1) | US20220147984A1 (ja) |
JP (1) | JPWO2021020408A1 (ja) |
CN (1) | CN114127773A (ja) |
WO (1) | WO2021020408A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP7174870B1 (ja) | 2022-01-27 | 2022-11-17 | 弁護士ドットコム株式会社 | プログラム、情報処理装置、情報処理システム、情報処理方法 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018132794A (ja) * | 2017-02-13 | 2018-08-23 | 株式会社野村総合研究所 | シェアリングシステム |
JP2019008791A (ja) * | 2017-06-19 | 2019-01-17 | 株式会社日立製作所 | スマートコントラクトライフサイクル管理 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150382057A1 (en) * | 2014-06-27 | 2015-12-31 | Bce Inc. | Content consumption monitoring |
US10250381B1 (en) * | 2018-02-22 | 2019-04-02 | Capital One Services, Llc | Content validation using blockchain |
US11341467B2 (en) * | 2018-05-15 | 2022-05-24 | Comcast Cable Communications, Llc | Systems and methods for monitoring content consumption |
-
2020
- 2020-07-28 CN CN202080047814.4A patent/CN114127773A/zh active Pending
- 2020-07-28 WO PCT/JP2020/028947 patent/WO2021020408A1/ja active Application Filing
- 2020-07-28 JP JP2021535367A patent/JPWO2021020408A1/ja active Pending
-
2022
- 2022-01-20 US US17/579,927 patent/US20220147984A1/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2018132794A (ja) * | 2017-02-13 | 2018-08-23 | 株式会社野村総合研究所 | シェアリングシステム |
JP2019008791A (ja) * | 2017-06-19 | 2019-01-17 | 株式会社日立製作所 | スマートコントラクトライフサイクル管理 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP7174870B1 (ja) | 2022-01-27 | 2022-11-17 | 弁護士ドットコム株式会社 | プログラム、情報処理装置、情報処理システム、情報処理方法 |
JP2023109214A (ja) * | 2022-01-27 | 2023-08-08 | 弁護士ドットコム株式会社 | プログラム、情報処理装置、情報処理システム、情報処理方法 |
Also Published As
Publication number | Publication date |
---|---|
US20220147984A1 (en) | 2022-05-12 |
JPWO2021020408A1 (ja) | 2021-02-04 |
CN114127773A (zh) | 2022-03-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102810874B (zh) | 电力控制装置、电力管理装置和电力管理系统 | |
CN102136761A (zh) | 电子机器、电力管理装置和识别机器的方法 | |
CN104570823B (zh) | 信息处理方法和信息处理设备 | |
CN102136909A (zh) | 设备认证系统和供电控制方法 | |
CN110098936A (zh) | 控制方法、控制器、数据结构以及电力交易系统 | |
US10131243B2 (en) | Method and device for identifying an electric vehicle by receiving a current contract key in an electric vehicle | |
EP2806526B1 (en) | Unauthorized connection detection device, unauthorized connection detection system and method for detecting unauthorized connection | |
JP5988057B2 (ja) | 不正接続検知装置、不正接続検知システム及び不正接続検知方法 | |
US20090165107A1 (en) | Identification managment system for electronic device authentication | |
CN102104593A (zh) | 电动移动体、管理设备和驱动管理方法 | |
EP2698860A1 (en) | Battery-history information management apparatus, battery-history information management method, battery-history information management system, and power storage apparatus | |
CN115398417A (zh) | 用于环境信用评分的安全方法和系统 | |
CN109246175A (zh) | 电子投票系统和控制方法 | |
CN103297232B (zh) | 网络系统、证书管理方法以及证书管理程序 | |
CN102136760A (zh) | 电力管理装置、电力管理系统及设备控制方法 | |
US20210174373A1 (en) | Ticket validity confirmation device, method, and program | |
WO2021020408A1 (ja) | 制御方法、サーバ、及び、プログラム | |
CN113474804A (zh) | 数字货币的交易和账户验证方法,装置及存储介质 | |
CN114026579A (zh) | 管理电池的系统及方法 | |
WO2020122039A1 (ja) | データ管理方法、データ管理システム及びプログラム | |
KR102457915B1 (ko) | 블록체인의 스마트 컨트랙트를 이용한 전자 투표 시스템 및 방법 | |
CN113613941A (zh) | 充电站、电池管理系统以及充电方法 | |
TW201108168A (en) | Securing the billing of energy obtained via a charging station | |
WO2021020407A1 (ja) | 制御方法、サーバ、及び、プログラム | |
WO2021020406A1 (ja) | 制御方法、サーバ、及び、プログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20847103 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2021535367 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 20/05/2022) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20847103 Country of ref document: EP Kind code of ref document: A1 |