JP2007274289A - Service transaction system and program thereof - Google Patents

Abstract

The present invention enables a service user to request a service without associating individual transactions with himself / herself and enables the service provider to reliably calculate an appropriate total amount of the service user's usage fee. It aims at providing the service transaction system which can be performed.
By obtaining the transaction identification information generated in the service providing device 1 by the service using device 2 and transmitting the signature to the service providing device 1 for each service transaction and using it for the next service transaction, The transaction authority of the service using device 2 is checked. Also, the service utilization apparatus 2 transmits confirmation information generated based on the current and next transaction identification information, the service provision apparatus 1 generates primary combined data, and the primary combined data is registered in the service utilization apparatus 2. The primary combined data for each service transaction is aggregated to calculate the total amount of usage charges, and unauthorized operations are determined based on the confirmation information.
[Selection] Figure 7

Description

  The present invention relates to a service transaction system for executing a service transaction without specifying individual information or transaction information closely related to an individual or an object related to the system, and a program thereof.

  As network systems such as the Internet rapidly spread, various types of information are transmitted and received on the network. However, there is a risk that information exchanged on the network is always illegally obtained or altered by a malicious third party. For this reason, various encryption processing techniques have been developed as a safety measure, and information transmitted and received on the network is encrypted to prevent unauthorized use and modification of the information.

  Such communication information encryption processing technology is effective for unauthorized acquisition and modification during communication, but it can handle misuse of information after the encrypted information has been properly acquired and decrypted. I can't.

  That is, when a specific individual sends an encrypted ID and password to a service provider and receives a service from the service provider, the service content received by the individual is stored in the service provider together with the ID, and the individual It is memorized as related information. Individual information accumulated in this way may be misappropriated even if strict information management is performed by the service provider. In particular, with the advancement of information processing systems, it has become possible to easily process a large amount of information, and the danger has increased.

  For example, in service transactions such as deposit and withdrawal of bank deposits and purchases of products using credit cards, a large amount of transaction information is accumulated by the service provider bank or credit sales company. This information needs to be protected in order to be stored in association. For this reason, methods for preventing the association between transaction information and personal information by increasing the anonymity of service users during service transactions are being studied.

  In Patent Document 1, a service provider terminal generates and issues a user ID to a service user, generates a certificate that proves the validity of the user ID, and is a service user necessary for providing the service. Personal information is stored in association with the user ID, and when the terminal of one user designates another user and uses the service provided by the service provider, the user ID and certificate are obtained, and the certificate is obtained. Describes that the validity of the user ID is verified and presented on the terminal of the service provider, and the service provider provides the service based on the personal information associated with the user ID.

  In Patent Literature 2, destination encrypted information obtained by encrypting destination information of a product with a public key published by an anonymous service provider in an orderer terminal device used by the orderer of the product is generated. The received destination encryption information is output and imported into the anonymous service terminal device, and the anonymous service terminal device describes that the destination encryption information is decrypted with a secret key and the delivery destination of the ordered product is specified. ing.

  In Patent Document 3, a purchaser orders a product from a member store using an anonymous ID, and uses a slip that does not contain the purchaser's personal information to ship the product from the member store to the anonymous service provider. It is described that the service provider converts the purchaser's address, name, etc. into a slip and then delivers the product to the purchaser.

In this specification, “individual information” refers to information regarding individuals, corporations such as companies, and items that are individually identified and handled (hereinafter referred to as “individuals”), and the names included in the information. , Which can identify a specific individual by date of birth or other description (including those that can be easily collated with other information, thereby identifying a specific individual, etc.) .)
JP 2005-50330 A JP 2004-139413 A JP 2002-7904 A

  As shown in the above-mentioned patent document, a sincere and neutral organization is established between the service user and the service provider so that service transactions are not associated with personal information through the organization. This is not an absolutely reliable system as long as there is a possibility of information leakage from a neutral institution because service transactions are associated with personal information in a neutral institution.

  As described above, in a system in which service users and service providers that are not trusted with each other are connected via a network to perform service transactions, it is currently impossible to perform service transactions with peace of mind.

  Therefore, the present invention is a service transaction system in which a service user and a service provider are connected by communication means to perform a service transaction, and the service user can request a service without associating each transaction with itself. Service transactions that allow service providers to reliably calculate the appropriate amount of service users' fees and to identify any unauthorized transactions by service users or providers The purpose is to provide a system.

  A service transaction system according to the present invention includes a service use device and a service providing device that is connected to the service use device via a communication unit and receives a service request from the service use device and processes the service. In the service transaction system, when the service providing apparatus determines that the transaction identification information transmitted from the service using apparatus is valid, the identification information determination means, and the transaction identification information is determined to be valid Service providing means for performing service processing in response to a request from the service using apparatus, signature processing means for performing signature processing on the encrypted transaction identification information transmitted from the service using apparatus, and the current transaction transmitted from the service using apparatus Transaction record generator for generating information including a set of identification information and confirmation information as a transaction record of a service using device The service using device transmits transaction identification information that has been signed by the service providing device stored in the memory to the service providing device and makes a service request, and transaction identification of the next service transaction. Identification information selection means for selecting information; encryption processing means for encrypting transaction identification information to generate encrypted transaction identification information; and decrypting encrypted transaction identification information that has been subjected to signature processing transmitted from the service providing apparatus Decryption processing means for storing transaction identification information that has been processed and signed in memory, and confirmation for generating confirmation information calculated using parameters that the service providing apparatus does not know from the transaction identification information for the next transaction And an information processing means.

  A service transaction method according to the present invention is a service transaction method in which a service providing apparatus processes a service in response to a service request from a service using apparatus, and the service using apparatus has received a signature process previously acquired from the service providing apparatus. Send the transaction identification information to request service from the service providing device, the service providing device determines whether the transaction identification information transmitted from the service using device is valid, and determines that the transaction identification information is valid Service processing in response to a request from the service using device, the service using device generates encrypted transaction identification information by encrypting the transaction identification information of the next service transaction, and Confirmation information calculated using parameters unknown to the service provider from the transaction identification information The service providing apparatus performs signature processing on the encrypted transaction identification information transmitted from the service using apparatus, and records information including the current transaction identification information and confirmation information on the transaction record of the service using apparatus. And the service using apparatus decrypts the signature-processed encrypted transaction identification information transmitted from the service providing apparatus to obtain the signature-processed transaction identification information.

  A program according to the present invention is a service transaction comprising a service using device and a service providing device that is connected to the service using device via a communication means and receives a service request from the service using device and processes the service. In the system, a program for causing the service using device to function, wherein the service using device transmits the transaction identification information processed by the service providing device stored in the memory to the service providing device to request a service. Means for selecting transaction identification information for the next service transaction, means for encrypting the transaction identification information to generate encrypted transaction identification information, parameters unknown to the service providing device from the transaction identification information for the next service transaction A means for generating confirmation information calculated using a service, transmitted from a service providing apparatus Signature processed encrypted transaction identification information means for storing the transaction identification information of the decoding process to signed processed in memory, to function as a.

  Another program according to the present invention includes a service using device and a service providing device that is connected to the service using device via communication means and receives a service request from the service using device and processes the service. In the service transaction system, a program for causing the service providing device to function, wherein the service providing device is a means for determining whether or not the transaction identification information transmitted from the service using device is valid, transaction identification Means for performing service processing in response to a request from the service using device when it is determined that the information is valid, means for performing signature processing on the encrypted transaction identification information transmitted from the service using device, and this time transmitted from the service using device For generating information including a set of transaction identification information and confirmation information as a transaction record of a service using device To function as.

Another service transaction system according to the present invention includes a service use device, and a service providing device that is connected to the service use device via a communication unit and receives a service request from the service use device and processes the service. In the service transaction system, the service using device encrypts the transaction identification information T (k + 1) of the (k + 1) -th service transaction in the k-th service transaction to generate encrypted transaction identification information. M is independent of each other by coefficients that are not known by the service providing device and the M element data V _s (k + 1) (s = 1, 2,..., M) calculated from the transaction identification information T (k + 1). Confirmation information processing means for generating confirmation information W _t (k) (t = 1, 2,..., M), which is a linear combination, and an encrypted transaction identifier that has been processed by the signature transmitted from the service providing apparatus. Decryption processing means for decrypting the other information and storing the signature-processed transaction identification information in the memory, and signature-processed transaction identification information T (k) for the k-th service transaction stored in the memory Service request means for sending a service request to the service providing apparatus, and P pieces of independent P calculated from the formula (B) below, transmitted from the service providing apparatus as the kth service transaction record. The registration means for registering the primary combined data S _j (k) (j = 1, 2,..., P) and the primary combined data S _j (k) registered in response to the aggregation request from the service providing apparatus are represented by j. The combined aggregated data ΣS _j (k) aggregated for k is calculated every time and the aggregated value Σr _{k + 1} W _t (k) (t = 1, 2,..., M) transmitted from the service providing apparatus is decoded. processing to aggregate values _{ΣX u (k) (u =} 1,2, ..., M) to produce a An identification value determining means for determining whether or not the transaction identification information transmitted from the service using apparatus is valid, and the transaction identification information is determined to be valid. Service providing means for performing service processing in response to a request from the service using device, signature processing means for processing the encrypted transaction identification information transmitted from the service using device, and P ² unknown to the service using device. Storage means for storing columns of coefficient data a _ij (i = 1, 2,..., P; j = 1, 2,..., P) and random numbers r _k (k = 1, 2,...); by using the coefficient data a _ij and the random number r _k stored in the unit, the service based on the use fee transaction data E (k), the random number R (k) and transmitted from the service using apparatus transaction identification information T (k ) M-number calculated by the element data V _s (k)及Confirmation information W _t (k) including P (P ≧ 2M + 2) pieces of mutually independent linear combinations of the values data _{S j (j = 1,2, ...} , P) following equation (B)
S _j (k) = a _1j E (k) + {a _{(1 + 1) j} V ₁ (k) + a _{(2 + 1) j} V ₂ (k) +... + A _{(M + 1)} V _M (k )} R _k + {a _{(M + 1 + 1) j} W ₁ (k) + a _{(M + 2 + 1) j} W ₂ (k) +... + A _{(2M + 1)} W _M (k)} r _{k +1} + a _{(2M + 2) j} R (k) (B)
A coupling calculating means for calculating a result, the service transaction number of the service using apparatus as N times, the service using apparatus of P sent from the bound aggregate data ΣS _j (k) and the coefficient data a _ij transaction identification information T based on (1) to total amount calculation means for calculating the total value ΣE (k) of data E (k) related to T (N), P pieces of combined total data ΣS _j (k) and coefficients transmitted from the service using device Based on the data a _ij , the total value Σr _k V _s (k) for k for each s of the product r _k V _s (k) of element data and random numbers related to the transaction identification information T (1) to T (N) and A total value Σr _{k + 1} W _t (k) for k for each t of the product r _{k + 1} W _t (k) of the confirmation information on the transaction identification information T (1) to T (N + 1) and the random number is calculated. and element aggregate value calculating means for transmitting aggregate value Σr k _{+ 1} W _t a (k) with Wherein the aggregate value Σr _k V _{s (k)} and transmitted from the service using apparatus the aggregate value .SIGMA.X _u (k) is a fraud determination means for determining whether or not contradictory.

Another service transaction method according to the present invention is a service transaction method in which a service providing apparatus processes a service in response to a service request from a service utilization apparatus, and the service utilization apparatus is previously configured in the k-th service transaction. The transaction identification information T (k) that has been subjected to signature processing acquired from the service providing apparatus is transmitted to request a service from the service providing apparatus, and the service providing apparatus has valid transaction identification information transmitted from the service using apparatus. If the transaction identification information is determined to be valid, service processing is performed in response to a request from the service utilization device, and the service utilization device encrypts the transaction identification information T (k + 1) of the next service transaction. Encrypted transaction identification information and M element data V _s (k) (s) calculated based on the transaction identification information T (k + 1) = 1, 2,..., M) generating confirmation information W _t (k) (t = 1, 2,. The service providing apparatus signs the encrypted identification information for the next service transaction, and also includes data E (k), random number R (k) based on the usage fee for the service transaction, and transaction identification information transmitted from the service utilization device. Coefficient data a that the service using apparatus does not know of P (P ≧ 2M + 2) values including M element data V _s (k) and confirmation information W _t (k) calculated based on T (k) _ij (i = 1, 2,..., P; j = 1, 2,..., P) and random numbers r _k (k = 1, 2,...) and mutually independent primary combined data S _j (k) ( j = 1,2, ..., P) with the following formula (B)
S _j (k) = a _1j E (k) + {a _{(1 + 1) j} V ₁ (k) + a _{(2 + 1) j} V ₂ (k) +... + A _{(M + 1)} V _M (k )} R _k + {a _{(M + 1 + 1) j} W ₁ (k) + a _{(M + 2 + 1) j} W ₂ (k) +... + A _{(2M + 1)} W _M (k)} r _{k +1} + a _{(2M + 2) j} R (k) (B)
Calculated by, of P calculated linear combination data S _j (k) is registered in the service using apparatus in accordance with the aggregation request from the service providing apparatus, one N times registered linear combination data S _j (k ) Is calculated for k for each j, and the combined total data ΣS _j (k) is calculated and the combined total data ΣS _j (k) is transmitted to the service providing apparatus, and the service providing apparatus is transmitted from the service using apparatus. Based on P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij , an aggregate value ΣE (k) of data E (k) related to transaction identification information T (1) to T (N) is calculated, and the service is used. A product r _k V _s (k) of element data and random numbers related to transaction identification information T (1) to T (N) based on P pieces of combined total data ΣS _j (k) and coefficient data a _ij transmitted from the apparatus. For each s of k Total value? R _k for k for each t in the aggregate value? R _k V _s (k) as well as transaction identification information T (1) ~T (N + 1) of the confirmation information and the random number relating to the product _{r k + 1 W t (k} ) ₊₁ W _t is calculated and the total value Σr _{k + 1} W _t (k) is transmitted to the service using apparatus, and the service using apparatus transmits the total value Σr _{k + 1} W _t (k) transmitted from the service providing apparatus. Are generated to generate a total value ΣX _u (k) (u = 1, 2,..., M), and the service providing apparatus transmits the total value ΣX _u and the total value Σr _k V transmitted from the service using apparatus. It is characterized by determining whether or not there is a contradiction with _s (k).

Still another program according to the present invention includes a service using device and a service providing device that is connected to the service using device via a communication unit and receives a service request from the service using device and processes the service. A service transaction system for functioning the service utilization device, wherein the service utilization device encrypts transaction identification information T (k + 1) of the (k + 1) th service transaction in the kth service transaction. Means for processing and generating encrypted transaction identification information, knowing the service providing apparatus of M element data V _s (k + 1) (s = 1, 2,..., M) calculated from transaction identification information T (k + 1) Means for generating confirmation information W _t (k) (t = 1, 2,..., M), which are M linear combinations independent of each other with no coefficients, transmitted from the service providing apparatus Decryption processing means for decrypting signature-processed encrypted transaction identification information and storing the signature-processed transaction identification information in a memory; Signature-processed transaction for k-th service transaction stored in memory Means for making a service request by transmitting identification information T (k) to the service providing device, transmitted from the service providing device as the k-th service transaction record, and calculated independently based on the following formula (B) P number of linear combinations data _{S j (k) (j =} 1,2, ..., P) means for registering the primary binding data S _j registered in accordance with the aggregation request from the service providing apparatus (k) each The combined aggregated data ΣS _j (k) aggregated for k for each j is calculated, and the aggregated value Σr _{k + 1} W _t (k) (t = 1, 2,..., M) transmitted from the service providing apparatus is calculated. decoding to aggregate values _{ΣX u (k) (u =} 1,2, ..., M) generates a That means, to function as.

Still another program according to the present invention includes a service using device and a service providing device that is connected to the service using device via a communication unit and receives a service request from the service using device and processes the service. In the service transaction system, a program for causing the service providing device to function, wherein the service providing device is a means for determining whether or not the transaction identification information transmitted from the service using device is valid. Means for performing service processing in response to a request from the service using apparatus when the identification information is determined to be valid, means for performing signature processing on the encrypted transaction identification information transmitted from the service using apparatus, and coefficient stored in the storage means data _{a ij (i = 1,2, ...} , P; j = 1,2, ..., P) and the random number _{r k (k = 1,2, ...} ) using a charge for the service transaction Based data E (k), the random number R (k) and M elements calculated by the transmitted transaction identification information T (k) from the service using apparatus data V _s (k) and the confirmation information W _t a (k) P (P ≧ 2M + 2) values of primary combination data S _j (j = 1, 2,..., P) independent of each other are included in the following formula (B)
S _j (k) = a _1j E (k) + {a _{(1 + 1) j} V ₁ (k) + a _{(2 + 1) j} V ₂ (k) +... + A _{(M + 1)} V _M (k )} R _k + {a _{(M + 1 + 1) j} W ₁ (k) + a _{(M + 2 + 1) j} W ₂ (k) +... + A _{(2M + 1)} W _M (k)} r _{k +1} + a _{(2M + 2) j} R (k) (B)
And the transaction identification information T (1) based on P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service utilization device, where N is the number of service transactions of the service utilization device. Means for calculating aggregate value ΣE (k) of data E (k) related to T (N), transaction based on P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service using device Aggregated value Σr _k V _s (k) for k for each s of product r _k V _s (k) of element data and random numbers relating to identification information T (1) to T (N) and transaction identification information T (1) The total value Σr _{k + 1} W _t (k) for k for each t of the product r _{k + 1} W _t (k) of the confirmation information and random numbers r to T (N + 1) is calculated and the total value Σr _{k + 1} It means for transmitting W _t a (k), service utilization and aggregate value Σr _k V _{s (k)} Whether Incorrect determining means placed et the transmitted aggregate value .SIGMA.X _u (k) is inconsistent, to function as a.

Still another service transaction system according to the present invention includes a service using device, and a service providing device that is connected to the service using device via a communication unit and receives a service request from the service using device and processes the service. The service transaction system is provided, wherein the service utilization device is set based on transaction identification information T (k) selected for use in service transaction in the k-th service transaction and the number of transactions. Identification data generating means for generating identification data by combining the data Q (k), and encryption processing for generating encrypted identification data by encrypting identification data T (k + 1) Q (k + 1) of the next service transaction means a transaction identification information T (k + 1) is calculated from M element data _{V s (k + 1) (} s = 1,2, ..., M) of the service providing apparatus Confirmation by coefficients not known to be mutually independent M number of primary connection information _{W t (k) (t =} 1,2, ..., M) and verify information processing means for generating a signature processing transmitted from the service providing apparatus The decryption processing means for decrypting the encrypted encrypted identification data and storing the signature processed identification data in the memory, and sending the signature processed identification data stored in the memory to the service providing apparatus and requesting the service Service request means for performing P, and P pieces of primary combination data S _j (k) (j, which are calculated based on the following formula (D) and transmitted from the service providing apparatus as a k-th service transaction record = 1, 2,..., P), and the registered primary combined data S _j (k) for N times is totaled for k for each j in response to a totaling request from the service providing apparatus. Calculate the combined data ΣS _j (k) And total processing means for transmitting values corresponding to the combined total data ΣS _j (k) and the count data Q (N) to the service providing apparatus, and the total value Σr _{k + 1} W _t (k transmitted from the service providing apparatus. ) (T = 1, 2,..., M) to generate an aggregate value ΣX _u (k) (u = 1, 2,..., M). The providing device responds to the request from the service using device when the transaction identifying information transmitted from the service using device is valid, and when the transaction identifying information is determined to be valid. Service providing means for performing service processing, signature processing means for performing signature processing on encrypted identification data transmitted from the service using apparatus, and P ² coefficient data a _ij (i = 1,2) unknown to the service using apparatus. , ..., P; j = 1,2 , ..., to store a sequence of P) and the random number _{r k (k = 1,2, ...} ) M elements calculated by storage means and data E (k) based on the service transaction usage fee, random number R (k), and transaction identification information T (k) transmitted from the service utilization device data V _s (k) and the confirmation information W _t (k) including P (P ≧ 2M + 3) pieces of values, mutually independent linear combination data using the coefficient data a _ij stored and the random number r _k in the storage means S _j (j = 1, 2,..., P) is expressed by the following equation (D)
S _j (k) = a _1j E (k) + a _2j Q (k) + {a _{(1 + 2) j} V ₁ (k) + a _{(2 + 2) j} V ₂ (k) +... + A _{(M + 2)} V _M (k)} r _k + {a _{(M + 1 + 2) j} W ₁ (k) + a _{(M + 2 + 2) j} W ₂ (k) + ... + a _{(2M + 2)} W _M (K)} r _{k + 1} + a _{(2M + 3) j} R (k) (D)
The transaction calculation information is calculated based on the combined calculation data ΣS _j (k) and the coefficient data a _ij transmitted from the service utilization device, where N is the number of service transactions of the service utilization device and N is the number of service transactions of the service utilization device. (1) to total amount calculation means for calculating the total value ΣE (k) of data E (k) related to T (N), P pieces of combined total data ΣS _j (k) and coefficients transmitted from the service using device Based on the data a _ij , the total value ΣQ (k) of the count data Q (k) relating to the transaction identification information T (1) to T (N) is calculated, and the total value ΣQ (k) is transmitted from the service using device. First fraud determination means for determining consistency with a value corresponding to the number of times data Q (N), P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service using device. Transaction identification information T (1 About ~T product of element data and the random number relating to (N) r _k V aggregate values for k for each s of _{s (k) Σr k V s} (k) as well as transaction identification information T (1) ~T (N + 1) Calculate the total value Σr _{k + 1} W _t (k) for k for each t of the product r _{k + 1} W _t (k) of the confirmation information and the random number and calculate the total value Σr _{k + 1} W _t (k) Element total value calculation means for transmission, and second fraud determination means for determining whether or not the total value Σr _k V _s (k) and the total value ΣX _u (k) transmitted from the service using device are inconsistent. It is characterized by being.

Still another service transaction method according to the present invention is a service transaction method in which a service providing apparatus processes a service in response to a service request from a service utilization apparatus, and the service utilization apparatus performs the k-th service transaction. The transaction identification information T (k) having been subjected to signature processing acquired in advance from the service providing apparatus is transmitted to request the service providing apparatus, and the service providing apparatus has valid transaction identification information transmitted from the service using apparatus. In addition to determining whether or not the transaction identification information is valid, the service processing is performed in response to a request from the service using device, and the service using device receives the transaction identification information T (k + 1) for the next service transaction. Identification data T (k + 1) Q (k + 1) by combining the number data Q (k + 1) set based on the number of transactions Generated, encrypted, and transmitted as encrypted identification data to the service providing apparatus. The service providing apparatus performs signature processing on the encrypted identification data, and the service using apparatus decrypts the signature-processed encrypted identification data and performs signature. A service providing apparatus for obtaining M identification data V _s (k + 1) (s = 1, 2,..., M) calculated based on the next transaction identification information T (k + 1) while obtaining processed identification data Confirmation information W _t (k) (t = 1, 2,..., M), which are M linear combinations independent of each other by a coefficient that is unknown, is generated, and the service providing apparatus is based on the usage fee of the service transaction. Data E (k), random number R (k), identification data T (k) transmitted from the service using device Q (k) obtained from Q (k), identification data T (k) transmitted from the service using device T (k) calculated from Q (k) Coefficients calculated M elements data V _s (k) and the service P utilization including confirmation information transmitted from the device _{W t (k) (P ≧} 2M + 3) are sets of values based, service utilization device does not know data _{a ij (i = 1,2, ...} , P; j = 1,2, ..., P) and the random number _{r k (k = 1,2, ...} ) in a flat independent using the following binding data S _j (k ) (J = 1,2, ..., P) to the following formula (D)
S _j (k) = a _1j E (k) + a _2j Q (k) + {a _{(1 + 2) j} V ₁ (k) + a _{(2 + 2) j} V ₂ (k) +... + A _{(M + 2)} V _M (k)} r _k + {a _{(M + 1 + 2) j} W ₁ (k) + a _{(M + 2 + 2) j} W ₂ (k) + ... + a _{(2M + 2)} W _M (K)} r _{k + 1} + a _{(2M + 3) j} R (k) (D)
Calculated by, of P calculated linear combination data S _j (k) is registered in the service using apparatus in accordance with the aggregation request from the service providing apparatus, one N times registered linear combination data S _j (k ) For each j, the combined total data ΣS _j (k) is calculated, and the values corresponding to the combined total data ΣS _j (k) and the number of times data Q (N) are transmitted to the service providing apparatus. The providing apparatus aggregates data E (k) related to transaction identification information T (1) to T (N) based on P pieces of combined aggregation data ΣS _j (k) and coefficient data a _ij transmitted from the service using apparatus. Count data relating to transaction identification information T (1) to T (N) based on P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service using device by calculating the value ΣE (k) Collection of Q (k) The measured value ΣQ (k) is calculated to determine consistency between the total value ΣQ (k) and the value corresponding to the number of times data Q (N) transmitted from the service using device, and transmitted from the service using device. For each s of the product r _k V _s (k) of element data and random numbers related to the transaction identification information T (1) to T (N) based on the P pieces of combined total data ΣS _j (k) and the coefficient data a _ij Of k for each t of the product r _{k + 1} W _t (k) of the total value Σr _k V _s (k) of k and confirmation information on the transaction identification information T (1) to T (N + 1) and random numbers The aggregate value Σr _{k + 1} W _t is calculated and the aggregate value Σr _{k + 1} W _t (k) is transmitted to the service using device, and the service using device transmits the aggregate value Σr _{k + 1} W transmitted from the service providing device. _t (k) is decrypted to generate an aggregate value ΣX _u (k) (u = 1, 2,..., M). It is characterized by determining whether or not there is a contradiction between the total value ΣX _u transmitted from the service using device and the total value Σr _k V _s (k).

Still another program according to the present invention includes a service using device and a service providing device that is connected to the service using device via a communication unit and receives a service request from the service using device and processes the service. In the service transaction system, a program for causing the service utilization device to function, the transaction identification information T (k) selected to use the service utilization device for the service transaction in the k-th service transaction; Means for generating identification data by combining the number of times data Q (k) set based on the number of transactions, identification data T (k + 1) Q (k + 1) for the next service transaction is encrypted and encrypted identification data means for generating a transaction identification information T (k + 1) is calculated from M element data _{V s (k + 1) (} s = 1,2, ..., M) Confirmation by a factor unknown to the service providing apparatus are mutually independent M number of primary connection information _{W t (k) (t =} 1,2, ..., M) means for generating a signature processing transmitted from the service providing apparatus Means for decrypting the encrypted encrypted identification data and storing the signature processed identification data in the memory, means for transmitting the signature processed identification data stored in the memory to the service providing apparatus, and making a service request; P primary combined data S _j (k) (j = 1, 2,..., which are transmitted from the service providing apparatus as the k-th service transaction record and calculated based on the following formula (D). P) is registered, and the combined total data ΣS _j (k) obtained by totaling the registered primary combined data S _j (k) for N times for k for each j in response to the total request from the service providing apparatus. Calculate and join aggregated data Σ _j (k) and the number of data Q means for transmitting a value corresponding to (N) to the service providing apparatus, aggregate values sent from the service providing apparatus _{Σr k + 1 W t (k} ) (t = 1,2, ... , M) is decrypted to function as a means for generating a total value ΣX _u (k) (u = 1, 2,..., M).

Still another program according to the present invention includes a service using device and a service providing device that is connected to the service using device via a communication unit and receives a service request from the service using device and processes the service. In the service transaction system, a program for causing the service providing device to function, wherein the service providing device is a means for determining whether or not the transaction identification information transmitted from the service using device is valid. Means for performing service processing in response to a request from the service using device when the identification information is determined to be valid, means for performing signature processing on the encrypted identification data transmitted from the service using device, service transaction, Data E (k) based on usage fee, random number R (k) and transmitted from service usage device The trading identity T (k) is calculated by the M element data V _s (k) and the confirmation information W P including _{t (k) (P ≧ 2M} + 3) number of values, stored in the storage means coefficient data _{a ij (i = 1,2, ...} , P; j = 1,2, ..., P) and the random number _{r k (k = 1,2, ...} ) independent with primary binding data S _j ( j = 1,2, ..., P) with the following formula (D)
S _j (k) = a _1j E (k) + a _2j Q (k) + {a _{(1 + 2) j} V ₁ (k) + a _{(2 + 2) j} V ₂ (k) +... + A _{(M + 2)} V _M (k)} r _k + {a _{(M + 1 + 2) j} W ₁ (k) + a _{(M + 2 + 2) j} W ₂ (k) + ... + a _{(2M + 2)} W _M (K)} r _{k + 1} + a _{(2M + 3) j} R (k) (D)
And the transaction identification information T (1) based on P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service utilization device, where N is the number of service transactions of the service utilization device. Means for calculating aggregate value ΣE (k) of data E (k) related to T (N), transaction based on P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service using device The total value ΣQ (k) of the count data Q (k) regarding the identification information T (1) to T (N) is calculated, and the total value ΣQ (k) and the count data Q (N) transmitted from the service using device are calculated. equivalent means for determining consistency between the value, P number of bound aggregates which are transmitted from the service using apparatus data ΣS _j (k) and transaction identification based on the coefficient data a _ij information T (1) ~T ( N) Element data and random numbers Product r _k aggregate value of k for each s of _{V s (k) Σr k V} s (k) as well as transaction identification information T (1) through T product of (N + 1) regarding confirmation information and the random number r _{k +} 1 W It means for transmitting the aggregate value _{Σr k + 1 W t (k} ) to calculate the _t aggregate value of k for each t in _{(k) Σr k + 1 W} t (k), the aggregate value? r _k V _s ( k) and a means for determining whether or not the total value ΣX _u (k) transmitted from the service using device contradicts.

  In the service transaction system and the service transaction method according to the present invention, the service use apparatus transmits the transaction identification information that has been subjected to the signature processing acquired in advance from the service providing apparatus, and the service providing apparatus uses the transaction identification information to validate each transaction. A service process by determining whether the transaction identification information has the correct signature of the service providing device and whether the transaction identification information has already been used. After the service transaction is successfully completed, the service using device transmits encrypted transaction identification information obtained by encrypting the transaction identification information of the next service transaction, and the service providing device transmits the encrypted transaction identification information after signature processing. The next transaction identification information that has been subjected to signature processing after decryption processing of the encrypted transaction identification information that has been signed Because be acquired, it is possible to determine that a is one service providing device authorized user using a signature processed transaction identification information not associated with even users in individual transactions. Further, since the transaction identification information to be used next time is transmitted to the service providing apparatus in an encrypted state after the service transaction is normally completed, the service providing apparatus performs signature processing without knowing the next transaction identification information. In other words, the service providing device can confirm that the service using device correctly receives the next service after the processing related to the service is correctly completed, but the service using device associates the current service transaction with the next service transaction. Is not known to the service providing apparatus. The signature-processed encrypted transaction identification information becomes signature-processed transaction identification information that can be decrypted and decrypted by the service using device, and is transmitted to the service providing device at the next service transaction.

  As described above, if the service using device can perform a transaction without being associated with each transaction, and can receive a service request without being associated with individual information, Transaction related information is no longer stored in association with each other. In addition, the service providing device can determine the legitimacy of the user and the legitimacy at the time of transaction without specifying the user, and it is not necessary to strictly manage the individual information at the time of the service transaction, There is no need to use a third party as in the past.

In another service transaction system and service transaction method according to the present invention, a service using device transmits a transaction identification information T (k) having been subjected to signature processing acquired in advance from the service providing device in the k-th service transaction. A service request is made to the providing device, and the service providing device determines whether or not the transaction identification information transmitted from the service using device is valid, and from the service using device when the transaction identification information is determined to be valid. In response to the request, the service using device is calculated based on the encrypted transaction identification information obtained by encrypting the transaction identification information T (k + 1) of the next service transaction and the transaction identification information T (k + 1). M pieces of element data _{V s (k) (s =} 1,2, ..., M) are mutually independent M number of linear combinations by a factor unknown to the service providing apparatus of the confirmation Distribution _{W t (k) (t =} 1,2, ..., M) to generate a service providing device, as well as sign the encrypted identification information for the next service transaction, based on the charge for the service transaction data M element data V _s (k) and confirmation information W _t (k) calculated based on E (k), random number R (k), transaction identification information T (k) transmitted from the service using device The coefficient data a _ij (i = 1, 2,..., P; j = 1, 2,..., P) and the random number r _k (k = k =) that the service using apparatus does not know, including P (P ≧ 2M + 2) values. 1, 2,... Are calculated by the above equation (B), and the P primary linkage data S _j (k) (j = 1, 2,..., P) that are independent from each other are calculated. data S _j (k) is registered in the service using apparatus in accordance with the aggregation request from the service providing apparatus, one N times registered linear combination data S _j (k) of the k for each j There transmits bonded aggregate data [sigma] s _j (k) to the service providing apparatus to calculate the aggregate binding aggregated data [sigma] s _j (k), the service providing device, P number of binding aggregated data sent from the service using apparatus [sigma] s _Since the total value ΣE (k) of the data E (k) related to the transaction identification information T (1) to T (N) is calculated based on _j (k) and the coefficient data a _ij , they are associated with each transaction. The user can request the service transaction without any problem, and the service providing apparatus can surely calculate only the total amount without knowing the usage fee of each transaction by the specific user. That is, by the P number of linear combinations data S _j coefficient data a _ij used to calculate the (k), the random number r _k and the random number R (k) is known only service providing device data, the calculation method Service calculation results of only the primary binding data S _j (k) without revealing the utilization apparatus is to be registered in the service using apparatus, arbitrarily operating the primary binding data S _j, registered in the service using apparatus (k) I can't. If the combined total data ΣS _j (k) can be obtained from the service using device, the total value ΣE (k), the total value Σr _k V _s (k), the total value Σr _{k + 1} W _t (k) and the total By solving P (P ≧ 2M + 2) simultaneous linear equations using the coefficient data a _ij with (2M + 2) data of the value ΣR (k) as variables, the aggregate value ΣE (k) can be accurately obtained. it can. Therefore, the total value can be calculated correctly and the total amount can be charged to the user without knowing E (k), which is the usage fee for each transaction.

Further, encryption is performed based on the M element data V _s (k) based on the transaction identification information T (k) of the current service transaction transmitted from the service utilization device and the transaction identification information T (k + 1) of the next service transaction. The M pieces of confirmation information W _t (k) subjected to the conversion processing are included in the calculation formula of the primary combination data S _j (k), so that the primary combination data S _j (k) of the series of service transactions is obtained from the service providing apparatus. They can be associated with each other in an unknown manner, and the service providing apparatus cannot associate and store individual service transactions. It is also possible to determine an unauthorized operation on the service using device by associating service transactions with each other. That is, based on the combined total data ΣS _j (k) and the coefficient data a _ij , the total of each product r _k V _s (k) of the element data and random numbers related to the transaction identification information T (1) to T (N) is calculated for each s. Aggregated value Σr _{k + 1} W _t for each t of product rk _{+ 1} W _t (k) of value Σr _k V _s (k) and confirmation information on transaction identification information T (1) to T (N + 1) and random numbers (K) is calculated, and the aggregate value Σr _{k + 1} W _t (k) is decrypted by the service using device to obtain the aggregate value ΣX _u (k). Without knowing the information, it is possible to obtain the total value of the product of the confirmation information and the random numbers regarding the transaction identification information T (1) to T (N + 1). This value is obtained by multiplying the element data V _s (N + 1) based on the next transaction identification information T (N + 1) obtained from the service using device by the product of the element data on the transaction identification information T (1) to T (N) and a random number. Since it matches the value added to the total value Σr _k V _s (k), if it is determined whether or not they match, it is possible to determine whether or not there has been an unauthorized operation on the service using device side.

In another service transaction system and service transaction method according to the present invention, the service using apparatus transmits the transaction identification information T (k) that has been subjected to signature processing and obtained in advance from the service providing apparatus in the k-th service transaction. A service request is made to the service providing apparatus, and the service providing apparatus determines whether or not the transaction identification information transmitted from the service using apparatus is valid, and if the transaction identification information is determined to be valid, the service using apparatus In response to a request from the service, the service utilization apparatus combines the transaction identification information T (k + 1) of the next service transaction and the number of times data Q (k + 1) set based on the number of transactions, and the identification data T (K + 1) Q (k + 1) is generated, encrypted, and transmitted as encrypted identification data to the service providing apparatus. The signature processing is performed on the encoded identification data, and the service using device decrypts the encrypted identification data that has been subjected to the signature processing to obtain the signature-processed identification data, and based on the next transaction identification information T (k + 1). Confirmation information W _t (k) that is M linear combinations independent of each other by coefficients unknown to the service providing apparatus of the M element data V _s (k + 1) (s = 1, 2,..., M) calculated by ) (T = 1, 2,..., M), and the service providing device uses data E (k), random number R (k) based on the usage fee of the service transaction, and identification data transmitted from the service using device. M elements calculated based on Q (k) obtained from T (k) Q (k) and T (k) obtained from identification data T (k) Q (k) transmitted from the service using device confirmation that was sent from the data V _s (k) and the service using apparatus Distribution W _t P containing (k) of the (P ≧ 2M + 3) number of values, the coefficient does not know the service using device data _{a ij (i = 1,2, ...} , P; j = 1,2, ..., P) And the first-order coupled data S _j (k) (j = 1, 2,..., P) that are independent of each other using the random numbers r _k (k = 1, 2,...) The registered P primary combination data S _j (k) is registered in the service using device, and the registered N primary combination data S _j (k) is obtained for each j in response to the aggregation request from the service providing device. The combined total data ΣS _j (k) totaled for k is calculated, and values corresponding to the combined total data ΣS _j (k) and the frequency data Q (N) are transmitted to the service providing apparatus. Transaction identification information T (1) to T (N) based on P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the utilization device. ) Data E (k) is calculated as an aggregate value ΣE (k), so that the user can request a service transaction without being associated with each transaction, and the service providing apparatus is a specific user. It is possible to reliably calculate only the total amount without knowing the usage fee of each transaction. That is, by the P number of linear combinations data S _j coefficient data a _ij used to calculate the (k), the random number r _k and the random number R (k) is known only service providing device data, the calculation method Service calculation results of only the primary binding data S _j (k) without revealing the utilization apparatus is to be registered in the service using apparatus, arbitrarily operating the primary binding data S _j, registered in the service using apparatus (k) I can't. If the combined aggregate data ΣS _j (k) can be obtained from the service using device, the aggregate value ΣE (k), the aggregate value ΣQ (k), the aggregate value Σr _k V _s (k), the aggregate value Σr _{k + 1} By solving P (P ≧ 2M + 3) simultaneous linear equations using coefficient data a _ij with (2M + 3) pieces of data of W _t (k) and the summation value ΣR (k) as variables, the sum value ΣE (k ) Can be obtained accurately. Therefore, the total value can be calculated correctly and the total amount can be charged to the user without knowing E (k), which is the usage fee for each transaction.

Then, based on the P pieces of combined total data ΣS _j and coefficient data a _ij transmitted from the service utilization device, the total value ΣQ (k) of the count data Q (k) regarding the transaction identification information T (1) to T (N) ) And the consistency between the aggregate value ΣQ (k) and the number of times data Q (N + 1) transmitted from the service using device is determined, the number of times data Q (k) based on the number of service transactions is obtained. Since it is given according to the order of the number of times, the order of the last number of service transactions is specified from the total value ΣQ (k) obtained by adding Q (1) to Q (N), and Q (N + 1) which is the next number of times order ) Can be determined, and if it is not consistent, it can be assumed that there has been an unauthorized operation.

When it is determined that there is consistency regarding the number of times data Q (k), M element data V _s (k) based on the transaction identification information T (k) of the current service transaction transmitted from the service using device. In addition, the unauthorized operation is determined more reliably by using the M pieces of confirmation information W _t (k) encrypted based on the transaction identification information T (k + 1) of the next service transaction. Judgment can be made. In other words, by including in the calculation formula of the element data V _s (k) and the confirmation information W _t (k) primary binding data S _j (k), a set of service transactions primary binding data S _j (k) to the service The providing devices can be associated with each other without the knowledge of the providing device, and the service providing device cannot associate and store individual service transactions. It is also possible to determine an unauthorized operation on the service using device by associating service transactions with each other. Based on the combined total data ΣS _j (k) and the coefficient data a _ij , the total value Σr for each s of the product r _k V _s (k) of the element data and random numbers related to the transaction identification information T (1) to T (N) The total value Σr _{k + 1} W _t (k) for each t of the product r _{k + 1} W _t (k) of confirmation information and random numbers for _k V _s (k) and transaction identification information T (1) to T (N + 1) ) And the aggregate value Σr _{k + 1} W _t (k) is decrypted by the service using device to obtain the aggregate value ΣX _u (k). Without knowing, the total value of the product of the confirmation information on the transaction identification information T (1) to T (N + 1) and the random number can be obtained. This value is obtained by multiplying the element data V _s (N + 1) based on the next transaction identification information T (N + 1) obtained from the service using device by the product of the element data on the transaction identification information T (1) to T (N) and a random number. Since it matches the value added to the total value Σr _k V _s (k), if it is determined whether or not they match, it is possible to determine whether or not there has been an unauthorized operation on the service using device side.

  Hereinafter, embodiments according to the present invention will be described in detail. The embodiments described below are preferable specific examples for carrying out the present invention, and thus various technical limitations are made. However, the present invention is particularly limited in the following description. Unless otherwise specified, the present invention is not limited to these forms.

  FIG. 1 is a schematic diagram showing a configuration of an embodiment relating to a service transaction system according to the present invention. The service providing apparatus 1 is connected to the service using apparatus 2 via a network 3 such as the Internet. In general, many service use devices 2 are connected to the network, but only one service use device 2 is shown here for easy understanding.

  The service providing apparatus 1 includes an information processing unit 10 and a storage unit 11. The information processing unit 10 reads data and programs stored in the storage unit 11, performs data processing, and transmits / receives data to / from the service using device 2. Is supposed to do. Each of the service using devices 2 includes an information processing unit 20 and a storage unit 21. The information processing unit 20 reads out data and programs stored in the storage unit 21 and performs data processing. Send and receive. Functions related to individual information processing in the service providing apparatus 1 and the service using apparatus 2 are realized by a program that is installed in advance using a recording medium or a network.

  FIG. 2 shows a functional block diagram for determining the legitimacy between the service providing apparatus 1 and the service using apparatus 2. The information processing unit 10 of the service providing apparatus 1 includes a password extraction unit 100, a first encryption key generation unit 101, a first encryption processing unit 102, a second encryption key generation unit 103, a second encryption processing unit 104, validity The determination unit 105 and the transmission / reception unit 106 are provided, and these functions are realized by the service providing program 110 stored in the storage unit 11. In the customer DB 111 stored in the storage unit 11, customer attribute information such as IDs, passwords, names, and addresses of all users who use the service using device is registered.

  The password extraction unit 100 extracts a plurality of passwords p corresponding to an ID list made up of a plurality of IDs received from the service using device from the customer DB 111 of the storage unit 11 and creates a password list corresponding to the arrangement order of the ID list. .

The first encryption key generation unit 101 generates a random bit pattern r having the same length as the password p as the first encryption key used in the first encryption processing unit 102. The first encryption processing unit 102 performs an exclusive OR x between the first encryption key r and the password p in the password list created by the password extraction unit 100.
x = pXORr
Is calculated as encryption information of p, and an encryption password list corresponding to the password list is created.

  The second encryption key generation unit 103 generates a second encryption key K, and the second encryption processing unit 104 generates encrypted information K (r) obtained by encrypting the first encryption key r with the second encryption key K. And K (r) and K are used as verification information of the service providing apparatus. The encryption password list and the encryption information K (r) are transmitted to the service using apparatus 2 through the transmission / reception unit 106 together with the second encryption key K. The second encryption processing unit 104 may use encryption methods with different encryption keys and decryption keys. For example, the encryption processing may be performed using a known encryption method such as RSA.

  The validity determination unit 105 collates the random bit pattern received as the verification information from the service use device 2 with the random bit pattern r, which is the first encryption key generated by the first encryption key generation unit 101, and uses the service use device. The validity of 2 is determined. The transmission / reception unit 106 transmits / receives data to / from the service using device 2.

  The information processing unit 20 of the service use device 2 includes an ID generation unit 200, a password processing unit 201, a validity determination unit 202, and a transmission / reception unit 203, and these functions are stored in the service use program 210 stored in the storage unit 21. It is realized by. The storage unit 21 includes an ID / password registration unit 211 that stores the ID and password p of the user who uses the service using device 2.

  The ID generation unit 200 generates a plurality of IDs including IDs registered in the ID / password registration unit 211 of the storage unit 21 and creates an ID list. IDs other than the user IDs are randomly generated based on the number of IDs of all users.

The password processing unit 201 includes an encryption password x corresponding to the position of the ID registered in the ID / password registration unit 211 in the encryption password list received from the service providing apparatus and the password q registered in the ID / password registration unit 211. Exclusive OR with
y = xXORq
Further, y is encrypted by the same encryption method as the second encryption processing unit 104 using the second encryption key K received from the service providing apparatus 1, and is set to K (y).

Here, in the password processing unit 201, the encrypted password x received from the service providing apparatus 1 is
x = pXORr
Therefore, if q = p,
y = xXORq = pXORrXORp = r (E)
Thus, the original first encryption key r is decrypted. For example,
p = 001100
r = 011000
If x = 010100
It becomes. Therefore,
xXORp = 01000 = r
It becomes.

  The validity determination unit 202 determines whether or not the encrypted random bit pattern K (r) received from the service providing apparatus 1 matches the K (y) calculated by the password processing unit 201 by pattern comparison. If it is determined that they match, the service providing apparatus 1 transmits the random bit pattern y (= r) calculated by the password processing unit 201 as valid information to the service providing apparatus 1 as verification information. The service providing apparatus does not transmit a random bit pattern as an illegal one.

FIG. 3 shows a processing flow for determining the legitimacy between the service providing apparatus 1 and the service using apparatus 2. First, when performing the authentication process, the service using device 2 randomly generates (N-1) IDs from all the user IDs (S100). In the case of generating a plurality of IDs, for example, the total number of IDs of all users is stored in advance in the storage unit 21 and may be selected at random from the serial numbers of the total number of IDs. Then, the user ID registered in the service using device 2 is read from the storage unit 21 and randomly arranged together with a plurality of generated IDs to create an ID list composed of N IDs (S101). FIG. 4 shows an example of the ID list. In this example, the user ID _k is set for the t-th.

The created ID list is transmitted to the service providing apparatus 1, and passwords corresponding to N IDs in the list are extracted from the storage unit 11 (S102). Then, the extracted passwords are arranged according to the ID list arrangement to create a password list (S103). FIG. 5 shows a password list created based on the ID list of FIG. At the t-th password list, user passwords _pk are listed.

Next, a random bit pattern r, which is a first encryption key, is generated (S104), and an exclusive OR x of the password in the password list and the random bit pattern r is calculated (S105). After calculating the exclusive logical sum x for each password in the password list, an encrypted password list is created by arranging according to the password list array (S106). FIG. 6 shows an encryption password list created based on the password list of FIG. The t-th exclusive OR x _{k in the} encryption password list corresponds to the user password p _k .

Here, in order to prevent the user to know directly the password other than p _k, each of the password list password before calculating the exclusive OR x of a random bit pattern r or later, keep in encrypting Also good. However, in this case, the service using apparatus 2 can calculate the same encryption key as that of the service providing apparatus 1 so that the service using apparatus 2 can calculate information obtained by encrypting the exclusive OR x of p _k or p _k and r. It is necessary to provide an encryption mechanism. Of course, the encryption method in this case must have a different encryption key and decryption key.

  Next, the second encryption key generation unit 103 generates a second encryption key K (S107), encrypts the random bit pattern r using the second encryption key K (S108), and the second encryption key K The encrypted random bit pattern K (r) and the encrypted password list are transmitted to the service using device 2 (S109).

The service using device 2 extracts the t-th exclusive OR x _k from the received encrypted password list (S110), and performs exclusive OR with the user password p _k registered in the storage unit 21. Is calculated (S111). Since the random bit pattern y is calculated by the calculation process in step S111 as shown in the equation (E), the calculated random bit pattern is encrypted using the second encryption key K (S112). The encrypted random bit pattern K (y) is compared with the random bit pattern K (r) received from the service providing apparatus 1 (S113), and the validity of the service providing apparatus 1 is determined. If they match, the service providing apparatus 1 correctly calculates the exclusive OR of all IDs in the ID list received from the service using apparatus 2 and the random bit pattern r, and the service providing apparatus is a legitimate service providing apparatus. Can be determined. Therefore, the random bit pattern y calculated in step S111 is transmitted to the service providing apparatus 1 (S114). If they do not match in step S113, the service providing apparatus determines that the service providing device is illegal and ends without transmitting the random bit pattern y.

  The service providing apparatus 1 compares the received random bit pattern y with the random bit pattern r generated in step S104 (S115), and determines the validity of the service using apparatus 2. If they match, it can be determined that the service using device 2 has processed using the password included in the encrypted password list transmitted from the service providing device 1, and therefore service provision to the service using device 2 is started. If they do not match, the service using device 2 has not processed using the password included in the encryption password list, and therefore transmits an error message as invalid and ends (S116).

  In the above processing, since the ID list is transmitted from the service using apparatus 2, the service providing apparatus 1 does not specify which ID user is accessing, and can determine the legitimacy of the user. Then, in the service using device 2, the service providing device 1 correctly processes by confirming that the random bit pattern K (r) transmitted from the service providing device 1 matches K (y) calculated by itself. You can confirm that you are doing. In this case, the password of another user is transmitted to the service using device 2, but the exclusive OR of the password or the password and the random bit pattern is also encrypted by an encryption method in which the encryption key and the decryption key are different. Since another key is required for decryption, unauthorized use in the service utilization device can be easily prevented. Similarly, since the encryption of the random bit pattern r used in the service providing apparatus 1 is also performed by an encryption method in which the encryption key and the decryption key are different, the service is performed by directly decrypting the encrypted random bit pattern K (r). Unauthorized processing such as transmission to the providing apparatus 1 is also prevented. In other words, the service utilization device 2 cannot decrypt the random bit pattern r without an authentic password.

  Since the password is processed using the common random bit pattern r in the encryption password list, the service providing apparatus 1 does not specify what number password in the encryption password list is decrypted. Further, since the service providing apparatus 1 determines the validity based on the random bit pattern y received from the service using apparatus 2, authentication can be performed without specifying the user.

  As described above, the service providing apparatus 1 and the service using apparatus 2 can authenticate each other anonymously.

  FIG. 7 is a schematic block diagram when a service transaction is performed between the service providing apparatus 1 and the service using apparatus 2. The information processing unit 10 of the service providing apparatus 1 includes a transaction identification information generation unit 120, a transaction identification information determination unit 121, a service processing unit 122, a signature processing unit 123, a combination calculation unit 124, a total value calculation unit 125, and an fraud determination unit 126. And a random number generator 127, and these functions are realized by the service providing program 110 stored in the storage unit 11.

The storage unit 11 includes a transaction identification information table 128 for managing the generated transaction identification information T, and (2M + 2) ^two coefficient data a _ij (i = 1,2) used for the combination calculation process and the total value calculation process. ,..., 2M + 2; j = 1, 2,..., 2M + 2) and coefficient data storage for storing a sufficiently long random number sequence r _k (k = 1, 2,...) Generated by the random number generator 127. The part 129 is stored. The coefficient data a _ij is appropriately set using an appropriate numerical value, but is set so that the determinant of the matrix composed of the coefficient data a _ij does not become zero. Random number r _k is stored by generating a pre sufficient number of random by the random number generator. As described later, when calculating the linear combination data S _j relates to the k-th service transactions of each service user, using a common random number r _k and r _{k + 1.}

  The transaction identification information generation unit 120 generates transaction identification information T used for identifying individual service transactions, and the generated transaction identification information T is registered in the transaction identification information table 128 and managed. The transaction identification information determination unit 121 checks that the transaction identification information transmitted from the service using device 2 has been signed and is unused based on the transaction identification information table 128, and makes a valid service request. It is determined whether or not.

  The service processing unit 122 performs service processing according to the request content in response to a legitimate service request. When the service transaction is completed, the service usage fee is calculated and the transaction identification information used is registered in the transaction identification information table 128. When the transaction identification information to be used next time is encrypted and transmitted from the service using device 2 after the service transaction is completed, the signature processing unit 123 performs signature processing on the encrypted transaction identification information and performs the service using device 2. Send to.

The combination calculation unit 124 encrypts the M pieces of initial confirmation information W _t (0) (t = 1) based on the transaction identification information T (1) used for the first transaction transmitted from the service utilization device 2. , 2,..., M), (2M + 2) pieces of primary combined data using the random number R (0) generated by the random number generator 127, the coefficient data a _ij and the random number r ₁ stored in the coefficient data storage unit 129. S _j (j = 1, 2,..., 2M + 2) is expressed by the following formula (A)
S _j = {a _{(M + 1 + 1) j} W ₁ (0) + a _{(M + 2 + 1) j} W ₂ (0) +... + A _{(2M + 1)} W _M (0)} r ₁ + a _{( 2M + 2) j} R (0) ... (A)
Calculated by

In addition, after completing the k-th service transaction of the service utilization device 2, the connection calculation unit 124 uses the data E (k) (k = 1, 2,. M element data V _s (k) (s = 1, 2,..., M) based on the transaction identification information T (k) (k = 1, 2,. And M pieces of confirmation information W _t (k) (t = 1, 2,...) Encrypted based on the transaction identification information T (k + 1) (k = 1, 2,..., N) of the next service transaction. , M), random number generated in the random number generating unit 127 R (k) (k = 1,2, ..., N), using the coefficient data a _ij and the random number r _k stored in the coefficient data storage section 129 ( 2M + 2) pieces of primary combined data S _j (k) (j = 1, 2,..., 2M + 2) are expressed by the following equation (B)
S _j (k) = a _1j E (k) + {a _{(1 + 1) j} V ₁ (k) + a _{(2 + 1) j} V ₂ (k) +... + A _{(M + 1)} V _M (k )} R _k + {a _{(M + 1 + 1) j} W ₁ (k) + a _{(M + 2 + 1) j} W ₂ (k) +... + A _{(2M + 1)} W _M (k)} r _{k +1} + a _{(2M + 2) j} R (k) (B)
Calculated by

In addition, if the number of primary combination data S _j (k) (j = 1, 2,..., 2M + 2) to be calculated is equal to or greater than (2M + 2), each aggregate value to be described later can be calculated. The number P may be set to satisfy (P ≧ 2M + 2). And, for the coefficient data a _ij accordingly, P ² pieces of coefficient data _{a ij (i = 1,2, ...} , P; j = 1,2, ..., P) may be set to.

Based on (2M + 2) pieces of combined total data ΣS _j and coefficient data a _ij transmitted from the service using device, the total value calculation unit 125 generates data E (k) related to the transaction identification information T (1) to T (N). ) E calculated value ΣE (k), and the service utilization apparatus 2 has executed N service transactions so far, the total amount of usage charges related to the N service transactions is obtained. Further, based on (2M + 2) pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service using device 2, element data and random numbers of the transaction identification information T (1) to T (N) Aggregated value ΣV _s (k) for k for each s of product r _k V _s (k), initial confirmation information W _t (0), confirmation information and random number regarding transaction identification information T (1) to T (N + 1) The total value Σr _{k + 1} W _t for k for each t of the product r _{k + 1} W _t (k) is calculated, and the total value Σr _{k + 1} W _t is transmitted to the service using device 2.

The fraud determination unit 126 adds the element data transmitted from the service using device 2 and the random number product r _{k + 1} V _s (N + 1) to the total value Σr _k V _s for each s and the service using device 2. It is determined whether or not the total value ΣX _u (k) transmitted from is coincident.

The information processing unit 20 of the service using device 2 includes a transaction identification information acquisition unit 220, a service processing unit 221, an encryption processing unit 222, a decryption processing unit 223, a confirmation information processing unit 224, a combined data totaling unit 225, and an element total value. The processing unit 226 is provided, and such a function is realized by the service use program 210 stored in the storage unit 21. The storage unit 21 includes a list 227 of transaction identification information included in the transaction identification information T acquired from the service providing device 1, a registration unit 228 in which the transaction identification information subjected to signature processing in the service providing device 1 is registered, and the service providing device. A registration unit 229 that stores (2M + 2) pieces of primary combined data S _j transmitted from 1, M ² used to calculate confirmation information by encrypting transaction identification information T (k + 1) of the next service transaction The coefficient data storage unit 230 that stores the pieces of coefficient data b _st (s = 1, 2,..., M; t = 1, 2,..., M) is stored.

  The transaction identification information acquisition unit 220 selects and acquires the required number of transaction identification information from the transaction identification information T from the service providing apparatus 1 before starting the service transaction. The service processing unit 221 makes a service request by transmitting the signature-processed transaction identification information registered in the registration unit 228 to the service providing apparatus 1.

  The encryption processing unit 222 encrypts the transaction identification information T (1) of the first service transaction or the transaction identification information T (k + 1) (k = 1, 2,..., N) of the next service transaction after the service transaction is completed. Process and generate encrypted transaction identification information. In addition, the decryption processing unit 223 decrypts the signature-processed encrypted transaction identification information transmitted from the service providing apparatus, and stores the signature-processed transaction identification information in the registration unit 228.

  The encryption processing of transaction identification information T allows the service providing device to associate the transaction identification information used in the next service transaction with the transaction identifying information used in the current service transaction when the service providing device is informed It is because it becomes. Further, since the service providing apparatus performs signature processing on the transaction identification information of the next service transaction after the completion of the current service transaction, the transaction identification information that has been subjected to the signature processing is provided only to the service user who registered the service properly. It is possible to reliably calculate the total amount of service usage.

As the encryption processing of the transaction identification information X in the encryption processing unit 222, for example, the following processing is performed using the random number r and the public key p on the service providing apparatus 1 side.
X → r ^p X
The signature processing unit 123 processes the encrypted transaction identification information thus processed using the secret key q of the service providing apparatus 1 as follows.
r ^p X → (r ^p X) ^q
In this case, since the transaction identification information X is multiplied by a random number r, the service providing apparatus 1 cannot know the transaction identification information X, and blind signature processing is performed. The decryption processing unit 223 processes the signature-processed encrypted transaction identification information using the random number r used in the encryption processing of the encryption processing unit 222 as follows.
(R ^p X) ^q → (r ^pq X ^q ) / r
Here, pq = 1, so
(R ^pq X ^q ) / r → (rX ^q ) / r → X ^q
Thus, the transaction identification information X signed with the secret key q of the service providing apparatus 1 can be obtained. When it is desired to check whether or not the transaction identification information transmitted by the service using device has been subjected to signature processing, the transaction identification information subjected to signature processing is multiplied by the public key p of the service providing device 1.
X ^q → X ^qp → X
It can be confirmed.

The confirmation information processing unit 224 is a service providing device for M element data V _s (1) (s = 1, 2,..., M) calculated based on the transaction identification information T (1) of the first service transaction. The initial confirmation information W _t (0) (t = 1, 2,..., M), which is M linear combinations independent of each other by a coefficient that is not known, is generated, and the number of service transactions this time after completion of the service transaction , And M element data V _s (k + 1) (s = 1, 2,... Calculated based on the transaction identification information T (k + 1) (k = 1, 2,..., N) of the next service transaction. , M), the confirmation information W _t (k) (t = 1, 2,..., M), which is M linear combinations independent of each other by coefficients that the service providing apparatus 1 does not know.

The M element data V _s (k) is, for example, each bit string obtained by equally dividing the bit string constituting the transaction identification information T (k) into M pieces as shown in FIG. The M pieces of confirmation information W _t (k) encrypted based on the next transaction identification information T (k + 1) first generate M element data V _s (k + 1) as shown in FIG. Then, using the M ² pieces of coefficient data b _st stored in the coefficient data storage unit 230, the following equation (F)
W _t (k) = b _1t V ₁ (k + 1) + b _2t V ₂ (k + 1) +... + B _Mt V _M (k + 1) (F)
Is calculated by

Since only the service using device 2 registers the M ² coefficient data b _st , the service providing device 1 cannot know the next transaction identification information T (k + 1) from the confirmation information W _t (k). . Therefore, the service providing apparatus 1 is prevented from accumulating the next service transaction in association with the current service transaction. In addition, the service providing apparatus 1 secures the continuity of the service transaction by calculating the primary combined data S _j (k) based on the confirmation information regarding the current transaction identification information and the transaction identification information of the next service transaction. This makes it possible to reliably detect alterations such as deletion or replacement of service transaction records by the service using device after the aggregation processing.

The combined totaling unit 225 calculates the combined total data ΣS _j (k) obtained by totaling the primary combined data S _j (k) registered in response to the totaling request from the service providing apparatus 1 for k for each j, Assuming that the number of service transactions received by the service utilization apparatus 2 so far is N, element data V _s (N + 1) is generated based on the next transaction identification information T (N + 1), and the combined total data ΣS _j (k) and Element data V _s (N + 1) is transmitted.

For example, assuming that N service transactions have been performed with the service providing device 1, the service providing device 1 provides the service using device 2 with respect to transaction identification information T (1) used first before the service transaction. the When S _j (0), as shown in FIG. 10, (N + 1) times the primary binding data from S _j (0) to S _j (N) is transmitted. Then, when there is a totaling request from the service providing apparatus 1, the combined total data ΣS _j (k) obtained by totaling the primary combined data S _j (k) for k for each j is expressed by the lowermost expression in FIG. expressed. This equation is a coefficient with (2M + 2) data of the aggregate value ΣE (k), the aggregate value Σr _k V _s (k), the aggregate value Σr _{k + 1} W _t (k) and the aggregate value ΣR (k) as variables. _These are (2M + 2) simultaneous linear equations using data a _ij .

Therefore, if the total value calculation unit 125 of the service providing apparatus 1 can obtain the combined total data ΣS _j (k), (2M + 2) simultaneous linear equations can be solved based on the coefficient data a _ij and the total is calculated. The value ΣE (k), the total value Σr _k V _s (k), the total value Σr _{k + 1} W _t (k) and the total value ΣR (k) can be obtained. Therefore, the total value calculation unit 125 of the service providing apparatus 1 can calculate the total value ΣE (k) without knowing the usage fee E (k) related to each service transaction of the service using apparatus 2. .

Further, the calculation formula for binding aggregated data [sigma] s _j (k), since in addition to the random number r _k and R of the coefficient data a _ij does not know the service using apparatus 2 side (k) is used, the service using apparatus 2 The calculation formula of the primary combined data S _j (k) cannot be known, and an illegal operation cannot be performed.

Here, the total value Σr _{k + 1} W _t (k) is a value corresponding to the value obtained by adding the next transaction identification information T (N + 1) to the transaction identification information T (1) to T (N), and therefore, the service provision In the total value calculation unit 125 of the device 1, the element data V _s (N + 1) corresponding to the next transaction identification information T (N + 1) transmitted from the service providing device 1 to the obtained total value Σr _k V _s (k). The total value Σr _k V _s (k) is calculated by adding the product of the random number r _{N + 1} V _s (N + 1) for each s.

Further, the total value calculation unit 125 transmits the total value Σr _{k + 1} W _t (k) to the service utilization device 2, and the element total processing unit 226 decrypts the total value Σr _{k + 1} W _t (k). The total value ΣX _u (k) (u = 1, 2,..., M) is generated by processing. Since the confirmation information W _t (k) is calculated by the equation (F) using the M ² coefficient data b _st as described above, the total value Σr _{k + 1} W _t (k) is the element data. can be regarded as the M linear equations using the coefficient data b _st aggregate value of k for each s of V _s (k)? r _k V _s (k) is a variable. Therefore, if the total value Σr _{k + 1} W _t (k) can be obtained from the service providing apparatus 1, the element total processing unit 226 solves the M simultaneous linear equations using the coefficient data b _st and calculates the total value. ΣX _u (k) can be obtained.

The total value ΣX _u (k) calculated and processed by the element total processing unit 226 is a total value related to the transaction identification information T (1) to T (N + 1). Therefore, if no unauthorized processing is performed, the total value Σr _This is consistent with _k V _s (k). Therefore, it is possible to check whether or not an illegal operation has been performed by determining whether or not the total value calculated by the fraud determination unit 126 matches. That is, when an unauthorized operation such as deleting or replacing the combined aggregate data ΣS _j (k) on the service using device 2 side, the transaction identification information T (k) of the current service transaction and the transaction identification information T of the next transaction are performed. The consistency of the confirmation information calculated from (k + 1) is lost, and the total value Σr _k V _s (k) of the element data related to the current transaction identification information T (k) calculated by the fraud determination unit 126 of the service providing apparatus 1 The aggregate value ΣX _u (k) of the element data related to the next transaction identification information T (k + 1) calculated by the element aggregation processing unit 226 of the service using device 2 is not matched and is checked by the fraud determination unit 126.

Since the element total processing unit 226 returns only the total value ΣV _s (k) to the service providing apparatus 1, element data V _s (k) relating to the transaction identification information T (k) of each service transaction is obtained. Not known.

  FIG. 11 is a flow relating to the transaction identification information issuance process performed before the execution of the service transaction. In the service providing apparatus 1, a necessary number of transaction identification information is generated in advance and a transaction identification information table 128 is stored (S200). First, as shown in FIG. 3, the service providing apparatus 1 and the service using apparatus 2 determine each other's validity (S201, S202) and perform anonymous authentication. When it is determined that the two are legitimate, the service using device 2 requests the service providing device 1 to issue a necessary number of transaction identification information (S203). The service providing apparatus 1 lists unused transaction identification information and issues the required number to the service using apparatus 2 (S204). In this case, you may make it select from the list-up on the service utilization apparatus 2 side. The issued transaction identification information is stored in the registration unit 228 of the service using device 2 (S205).

Next, the transaction identification information T (1) used for the first service transaction is selected and the encryption processing is performed by the encryption processing unit 222 (S206), and the encrypted transaction identification information T (1) is generated. Then, the confirmation information processing unit 224 generates confirmation information W _t (0) based on the selected transaction identification information T (1) (S207). Attaching the generated encrypted transaction identification information T (1) and initial confirmation information W _t (0) to the service providing apparatus 1 is requested (S208). In the service providing apparatus 1, the signature processing unit 123 performs signature processing on the encrypted transaction identification information T (1) (S209), and the combination calculation unit 124 converts the primary combined data S _j (0) according to the above equation (A). Calculation processing is performed (S210). The signature-processed encrypted transaction identification information T (1) and the calculated primary combined data S _j (0) are transmitted to the service using device 2 (S211), and the signature-processed encrypted transaction identification information T (1) Is processed by the decryption processing unit 223 of the service using apparatus 2 to become transaction identification information T (1) with a signature (S212), registered in the registration unit 228, and the primary combined data _Sj is registered in the registration unit 229. (S212).

  With the above processing, the service using device 2 can obtain transaction identification information necessary for service transaction and obtain transaction identification information with a signature to be used first.

  FIG. 12 is a flow relating to processing when the service use device 2 performs the k-th service transaction. First, validity determination is performed between the service providing apparatus 1 and the service using apparatus 2 (S300, S301), and anonymous authentication is performed. When it is determined that the two are legitimate, the service use measure 2 reads the transaction identification information T (k) with a signature (S302) and attaches the transaction identification information T (k) with a signature to the service providing apparatus. 1 is requested for service (S303).

  Upon receipt of the service request, the service providing apparatus 1 acquires the transaction identification information T (k) with a signature (S304), checks whether it is normally signed and whether it is unused or not. The identification information T (k) is determined (S305). When it is determined that the transaction identification information T (k) is normal, service processing is started and a service transaction is performed with the service using device 2 (S306). Then, after the service transaction is completed, the usage fee E (k) is calculated (S307).

  If it is determined in step S305 that the transaction identification information T (k) is not normal, error processing is performed (S308), and service processing is not performed.

On the other hand, when the service transaction with the service providing device 1 is started, the service using device 2 performs necessary service processing (S309), and transaction identification information T (k + 1) used in the next service transaction after the service transaction is completed. Is encrypted by the encryption processing unit 222 (S310), and encrypted transaction identification information T (k + 1) is generated. Then, the confirmation information processing unit 224 generates confirmation information W _t (k) based on the selected transaction identification information T (k + 1) (S311). The generated encrypted transaction identification information T (k + 1) is attached and the service providing apparatus 1 is requested to perform signature processing (S312).

In the service providing apparatus 1, the signature processing unit 123 performs signature processing on the encrypted transaction identification information T (k + 1) (S 313), and the combination calculation unit 124 converts the primary combined data S _j (k) according to the above equation (B). Calculation processing is performed (S314). The signature-processed encrypted transaction identification information T (k + 1) and the calculated primary combined data S _j (k) are transmitted to the service using device 2 (S315), and the signature-processed encrypted transaction identification information T (k + 1) Is processed by the decryption processing unit 223 of the service using device 2 to become transaction identification information T (k + 1) with a signature (S316), registered in the registration unit 228, and the primary combined data S _j (k) is stored in the registration unit It is registered in 229 (S317).

In the above processing, even after the mutual validity is determined and the anonymous authentication is performed, the service providing apparatus 1 performs the service transaction when the signature is entered using the transaction identification information. Therefore, each service transaction is anonymous. In addition to being able to do so, it ensures that consecutive transactions of service-using devices are done correctly. Further, since the next transaction identification information is processed by the encrypted transaction identification information and confirmation information W _t (k) that have been encrypted, the transaction identification information is not associated with the current transaction identification information, Unable to identify service transactions.

  The service providing apparatus 1 can reliably determine a user who has a legitimate service transaction authority based on the transaction identification information with a signature.

  FIG. 13 is a flow relating to a totaling process of usage charges and the like related to the service usage device 2. The aggregation process is performed in the service providing apparatus 1 every predetermined period. First, validity determination is performed between the service providing apparatus 1 and the service using apparatus 2 (S400, S401), and anonymous authentication is performed. When it is determined that the two are legitimate, the service providing apparatus 1 makes a totaling request to the service using apparatus 2 (S402).

The service using device 2 is assumed to have performed N service transactions so far, and the primary combined data S _j (k) accumulated in the registration unit 229 based on the totaling request is totaled for each data, and the combined total data ΣS _j (k) is calculated (S403). Then, the selected next transaction identification information T (N + 1) is read out (S404), the element data V _s (N + 1) is generated (S405), and the combined total data ΣS _j and the element data V _s (N + 1) are serviced. It transmits to the providing apparatus 1 (S406).

Service providing apparatus 1, the binding aggregated data ΣS _j (k), based on the coefficient data a _ij and r _k, aggregate values? En (k), the aggregate value Σr _k V _{s (k)} and total value? R _{k +} 1 W _t (k) is calculated (S407). Then, the total value Σr _k V _s (k) is obtained by adding the element data and the random number product r _{N + 1} V _s (N + 1) for each s (S408), and the total value Σr _{k + 1 is obtained.} W _t (k) is transmitted to the service using device 2 (S409).

The service using device 2 calculates the total value ΣX _u (k) based on the total value Σr _{k + 1} W _t (k) (S410), and uses the calculated total value ΣX _u (k) as the service providing device 1. (S411).

Whether the service providing apparatus 1 matches the transmitted total value ΣX _u (k) with the total value r _k V _s (k) calculated in step S408 (a value _obtained by adding r _{N + 1} V _s (N + 1)). If it matches, the service utilization apparatus 2 is charged for the usage fee based on the total value ΣE (k) (S413). The service use device 2 performs a payment process based on the charge for the use fee (S414).

If they do not match in step S412, the service providing apparatus 1 performs an unauthorized process on the assumption that there has been an unauthorized operation (S415). In the fraud processing, for example, the service utilization apparatus 2 is requested to disclose the coefficient data _bst , the element data V _s (k) is calculated from the confirmation information W _t (k), and the service transaction related to the service utilization apparatus 2 is performed. Identify the transaction identification information used. Then, based on the identified transaction identification information, the usage amount is totaled from the primary combined data registered in the service utilization device 2 and charged to the service utilization device 2.

  With the above processing, the service using device 2 only needs to provide the service providing device 1 with a total value for a predetermined period without notifying each service transaction, and the service providing device 1 also obtains only the total value, The total amount of the usage fee can be calculated accurately, and it is possible to reliably determine that there has been an unauthorized operation.

In the embodiment described above, M element data V _s (k) based on the transaction identification information T (k) of the current service transaction and the transaction identification of the next service transaction in the confirmation information processing unit 224 of the service utilization device 2. The M element data W _t (k) encrypted based on the information T (k + 1) is generated and transmitted to the service providing apparatus 1, but the transaction identification information T ( Instead of k + 1), transaction identification information T (k-1) of the previous service transaction can be used.

FIG. 14 is a list of primary combined data S _j when the previous transaction identification information T (k−1) is used as confirmation information. In this case, the service using device 2 generates the element data V _s (0) using the dummy transaction identification information T (0) before starting the service transaction, and transmits it to the service providing device 1 without performing the encryption process. To do. The service providing apparatus 1 _{converts the} primary combined data S _j (0) into the following formula (G)
S _j (0) = {a _{(1 + 1) j} V ₁ (0) + a _{(2 + 1) j} V ₂ (0) +... + A _{(M + 1)} V _M (0)} r ₁ + a _{(2M +2) j} R (0) ... (G)
Calculated by After the service transaction of the service utilization device 2 is completed, the M element data V _s (k) based on the transaction identification information T (k) of the current service transaction and the previous transaction identification information T (k− M pieces of confirmation information W _t (k−1) encrypted based on 1) are generated and transmitted to the service providing apparatus 1. The service providing apparatus 1 _{converts the} primary combined data S _j (k) into the following formula (H)
S _j (k) = a _1j E (k) + {a _{(1 + 1) j} V ₁ (k) + a _{(2 + 1) j} V ₂ (k) +... + A _{(M + 1)} V _M (k )} R _{k + 1} + {a _{(M + 1 + 1) j} W ₁ (k−1) + a _{(M + 2 + 1) j} W ₂ (k−1) +... + A _{(2M + 1)} W _M (K-1)} r _k + a _{(2M + 2) j} R (k) (H)
Calculated by If the primary combined data S _j (k) calculated as described above is transmitted and registered to the service using device 2, the usage charges can be tabulated and fraud determination can be performed as in the above embodiment.

  FIG. 15 to FIG. 17 are processing flows when the previous transaction identification information T (k−1) is used as confirmation information. Parts different from the processing flow described with reference to FIGS. 11 to 13 will be described, and description of the same parts will be omitted.

In the flow relating to the transaction identification information issuance process performed before the service transaction is performed, dummy transaction identification information T (0) is generated after the transaction identification information issuance process as shown in FIG. 15 (S506). V _s (0) is generated (S507) and transmitted to the service providing apparatus 1, and the service providing apparatus 1 calculates the primary combined data S _j (0) using the above equation (G) (S508). The calculated primary combination data S _j (0) is transmitted to the service using device 2 (S509) and registered in the registration unit 229 (S510).

As shown in FIG. 16, in the flow relating to the processing in the case of performing a service transaction, after completion of the service transaction, the previous transaction identification information T (k-1) is encrypted to generate confirmation information W _t (k-1). (S610). The generated confirmation information W _t (k−1) is transmitted to the service providing apparatus 1, and the primary combined data S _j (k) is calculated using the above equation (H) (S615). The calculated primary combined data S _j (k) is transmitted to the service using apparatus 2 together with the signed information (S616) and registered in the registration unit 229 (S618).

In the flow related to the aggregation processing such as the usage fee, as shown in FIG. 17, the transaction identification information T (N) used in the last service transaction after the calculation processing of the combined aggregation data ΣS _j (k) is read (S704) Element data V _s (N) is generated (S705), and the combined total data ΣS _j (k) and V _s (N) are transmitted to the service providing apparatus 1 (S706). The service providing apparatus 1 calculates the total value ΣE (k), the total value Σr _k V _s (k), and the total value Σr _k W _t (k−1) using the combined total data ΣS _j (k). (S707), r _N V _s (N) is subtracted from the total value Σr _k V _s (k) (S708), and the total value Σr _k W _t (k−1) is transmitted to the service using device 2 (S709). ). The service using device 2 calculates the total value ΣX _u (k−1) from the total value Σr _k W _t (k−1) (S710) and transmits it to the service providing device 1 (S711). Then, it is determined whether or not the total value calculated in step S708 matches the total value ΣX _u (k−1) (S712), and fraud determination is performed.

  Through the processing as described above, even with confirmation information using the previous transaction identification information, usage charges can be tabulated and fraud determination can be performed as in the above-described embodiment.

  FIG. 18 is a schematic block diagram relating to an embodiment different from the above-described embodiment. In this example, in order to perform fraud determination, the number of transactions is used in addition to the confirmation information used in the above embodiment. In addition, about the structure similar to the above-mentioned embodiment, since description overlaps, it abbreviate | omits.

  The information processing unit 10 of the service providing apparatus 1 includes a transaction identification information generation unit 120, a transaction identification information determination unit 121, a service processing unit 122, a signature processing unit 123, a combination calculation unit 124, a total value calculation unit 125, and an fraud determination unit 126. And a random number generator 127, and these functions are realized by the service providing program 110 stored in the storage unit 11.

The storage unit 11 has a transaction identification information table 128 for managing the generated transaction identification information T, and (2M + 3) ^two coefficient data a _ij (i = 1, 2) used for the combination calculation process and the total value calculation process. ,..., 2M + 3; j = 1, 2,..., 2M + 3) and a coefficient data storage unit 129 for storing a sufficiently large random number sequence r _k (k = 1, 2,...). The coefficient data a _ij is appropriately set using an appropriate numerical value, but is set so that the determinant of the matrix composed of the coefficient data a _ij does not become zero. Random number r _k is stored in advance is generated by the random number generation unit 127. As described later, when calculating the linear combination data S _j (k) for the k-th service transactions of each service user, using a common random number r _k and r _{k + 1.}

  The transaction identification information generation unit 120 and the service processing unit 122 have the same functions as those in the above-described embodiment.

The combination calculation unit 124 encrypts the M pieces of initial confirmation information W _t (0) (t = 1) based on the transaction identification information T (1) used for the first transaction transmitted from the service utilization device 2. , 2,..., M), (2M + 3) pieces of primary combined data using the random number R (0) generated by the random number generator 127, the coefficient data a _ij and the random number r ₁ stored in the coefficient data storage unit 129. S _j (0) (j = 1, 2,..., 2M + 3) is expressed by the following formula (I)
S _j (0) = {a _{(M + 1 + 2) j} W ₁ (0) + a _{(M + 2 + 2) j} W ₂ (0) +... + A _{(2M + 2)} W _M (0)} r ₁ + a _{(2M + 3) j} R (0) ... (I)
Calculated by

Further, after the k-th service transaction by the service utilization device 2 is completed, the combination calculation unit 124 uses the data E (k) (k = 1, 2,..., N) based on the usage fee of the service transaction, the service utilization device 2 Number data Q (k) (k = 1, 2,..., N) based on the number of current service transactions transmitted from, and transaction identification information T (k) (k = 1, 2,. , N) based on M element data V _s (k) (s = 1, 2,..., M), transaction identification information T (k + 1) (k = 1, 2,..., N) of the next service transaction M pieces of confirmation information W _t (k) (t = 1, 2,..., M) encrypted based on the random number R (k) generated by the random number generator 127 (k = 1, 2, , N) and (2M + 3) pieces of primary combined data S _j (k) (j = 1, 2,..., 2M + 3) using the coefficient data a _ij and the random number r _k stored in the coefficient data storage unit 129. ) With the following formula (J)
S _j (k) = a _1j E (k) + a _2j Q (k) + {a _{(1 + 2) j} V ₁ (k) + a _{(2 + 2) j} V ₂ (k) +... + A _{(M + 2)} V _M (k)} r _k + {a _{(M + 1 + 2) j} W ₁ (k) + a _{(M + 2 + 2) j} W ₂ (k) + ... + a _{(2M + 2)} W _M (K)} r _{k + 1} + a _{(2M + 3) j} R (k) (J)
Calculated by

In addition, if the number of primary combination data S _j (k) (j = 1, 2,..., 2M + 2) to be calculated is (2M + 3) or more, each aggregate value to be described later can be calculated. The number P may be set so as to satisfy (P ≧ 2M + 3). And, for the coefficient data a _ij accordingly, P ² pieces of coefficient data _{a ij (i = 1,2, ...} , P; j = 1,2, ..., P) may be set to.

The total value calculation unit 125 assumes (2M + 3) pieces of combined total data ΣS _j (k) and coefficient data a _ij transmitted from the service using device, where N is the number of transactions that the service using device 2 has executed so far. The total value ΣE (k) of the data E (k) related to the transaction identification information T (1) to T (N) is calculated based on the above, and the total amount of usage charges related to N service transactions is obtained. In addition, based on (2M + 3) pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service utilization device 2, the number-of-times data Q (k) relating to the transaction identification information T (1) to T (N). The total value ΣQ (k) is calculated. Further, based on (2M + 3) pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service utilization device 2, the product of element data and random numbers relating to the transaction identification information T (1) to T (N) r _k V _s (k) aggregate value? r _k V _s and transaction identification information T for the k for each s of (1) ~T (N + 1 ) on initial confirmation information and the random number of the product r ₁ W _t (0) and The total value Σr _{k + 1} W _t (k) for k for each t of the product r _{k + 1} W _t (k) of the confirmation information and the random number is calculated and the total value Σr _{k + 1} W _t (k) is calculated. It transmits to the service using device 2.

The fraud determination unit 126 determines the consistency between the total value ΣQ (k) calculated by the total value calculation unit 125 and the number of times data Q (N + 1) transmitted from the service using device 2 as a first fraud determination. It is determined whether or not there is an unauthorized operation, and if there is consistency regarding the number of times data Q (k), as a second unauthorized determination, the aggregate value Σr _k V _s (k) is transferred from the service using device 2. Whether the total value obtained by adding the product r _{N + 1} V _s (N + 1) of the transmitted element data and the random number for each s matches the total value ΣX _u (k) transmitted from the service using device 2 judge.

The information processing unit 20 of the service utilization device 2 includes a transaction identification information acquisition unit 220, a service processing unit 221, an encryption processing unit 222, a decryption processing unit 223, an identification data generation unit 231, a confirmation information processing unit 224, and a combined data tabulation. Unit 225 and element total value processing unit 226, and these functions are realized by the service use program 210 stored in the storage unit 21. The storage unit 21 includes a list 227 of transaction identification information selected from the transaction identification information T acquired from the service providing device 1, a registration unit 228 in which identification data signature-processed by the service providing device 1 is registered, and each kth time A registration unit 229 that stores (2M + 3) pieces of primary combined data S _j (k) transmitted from the service providing apparatus 1 in the service transaction of the service transaction, and is used for encryption processing of transaction identification information T (k + 1) of the next service transaction. A coefficient data storage unit 230 that stores M ² pieces of coefficient data b _st (s = 1, 2,..., M; t = 1, 2,..., M) is stored.

  The transaction identification information acquisition unit 220 has the same function as that of the above-described embodiment.

  The identification data generation unit 231 has a function of setting the number data indicating the number of service transactions by incrementing automatically by 1 each time a service transaction is performed, and transaction identification information T (1) of the first service transaction. Is selected, the number of times data Q (1) is set, identification data T (1) Q (1) is generated by combining the two, and the transaction identification information of the next service transaction after the completion of the kth service transaction T (k + 1) (k = 1, 2,..., N) is selected, the number of times data Q (k) is set, and identification data T (k + 1) Q (k + 1) is generated by combining the two. The number data Q (k) may be set to (transaction number-constant) or (transaction number × constant) in addition to the data of the transaction number itself, and increases by one for each service transaction. What is necessary is just to set so that.

  The encryption processing unit 222 encrypts the identification data T (1) Q (1) of the first service transaction or the identification data T (k + 1) Q (k + 1) of the next service transaction after the service transaction is completed. Generate data. Also, the decryption processing unit 223 decrypts the signature-processed encrypted identification data transmitted from the service providing apparatus, and stores the signature-processed identification data in the registration unit 228.

  The identification data encrypted by the encryption processing unit 222 is subjected to signature processing by the signature processing unit 123 of the service providing apparatus 1, transmitted to the service using apparatus, and decrypted by the decryption processing unit 223. This process is performed in the same manner as in the above-described embodiment.

The confirmation information processing unit 224 receives the M pieces of initial confirmation information W _t (0) (t = 1, 2,..., M) encrypted based on the transaction identification information T (1) of the first service transaction. And V _s (k + 1) calculated based on transaction identification information T (k + 1) (k = 1, 2,..., N) of the next service transaction after the completion of the kth service transaction M pieces of confirmation information W _t (k) (t = 1, 2,..., M) are generated. M element data V _s (k + 1) and M pieces of confirmation information W _t (k) are generated in the same manner as in the above-described embodiment.

The combined totaling unit 225 calculates the combined total data ΣS _j (k) obtained by calculating the primary combined data S _j (k) registered in response to the totaling request from the service providing apparatus 1 for k for each j and the next time. Element data V _s (N + 1) based on the transaction identification information T (N + 1) and the number of times data Q (N + 1) based on the order of the number of times of the next service transaction are generated, and the combined total data ΣS _j (k), element data V _s ( N + 1) and count data Q (N + 1).

For example, assuming that N service transactions have been performed with the service providing device 1, information relating to transaction identification information T (1) to be used first before the service transaction is transferred from the service providing device 1 to the service using device 2. When S _j (0), as shown in FIG. 19, (N + 1) times the primary binding data from S _j (0) to S _j (N) is transmitted to the service using apparatus 2. Then, when there is a totaling request from the service providing apparatus 1, the combined total data ΣS _j (k) obtained by totaling the primary combined data S _j (k) for k for each j is expressed by the lowermost expression in FIG. Desired. This formula is calculated as (2M + 3) of the total value ΣE (k), the total value ΣQ (k), the total value Σr _k V _s (k), the total value Σr _{k + 1} W _t (k), and the total value ΣR (k). _These are (2M + 3) simultaneous linear equations using coefficient data a _ij with the data as variables.

Therefore, the aggregate value calculation unit 125 of the service providing apparatus 1, if it is possible to obtain binding aggregated data ΣS _j (k), can be solved on the basis of the coefficient data a _ij of (2M + 3) number of simultaneous linear equations, aggregation The value ΣE (k), the total value ΣQ (k), the total value Σr _k V _s (k), the total value Σr _{k + 1} W _t (k), and the total value ΣR (k) can be obtained. Therefore, the total value calculation unit 125 of the service providing apparatus 1 can calculate the total value ΣE (k) without knowing the usage fee E (k) related to each service transaction of the service using apparatus 2. .

Further, the calculation formula of the primary binding data [sigma] s _j (k), since in addition to the random number r _k and R of the coefficient data a _ij does not know the service using apparatus 2 side (k) is used, the service using apparatus 2 The calculation formula of the primary combined data S _j cannot be known, and an illegal operation cannot be performed.

When the fraud determination unit 126 performs fraud determination using the total value ΣQ (k), the total value ΣQ (k) is the sum of the number of times related to the transaction identification information T (1) to T (N). From this, it is determined that there has been an unauthorized operation in the aggregation of the primary combined data S _j by checking the consistency of the transaction identification information T (N + 1) transmitted from the service utilization device 2 with the number data Q (N + 1). it can. For example, when the count data Q (k) is data indicating the transaction count itself, the count data Q (N + 1) is (N + 1), and the total value is a value obtained by continuously adding integers from 1 to N N · ( N + 1) / 2, but if the aggregate value ΣQ (k) obtained from the aggregate value calculation unit 125 is different from this value, it is suspected that the primary combined data S _j is partially omitted and aggregated. You can check for unauthorized operations.

When the fraud determination unit 126 performs fraud determination based on the total value Σr _k V _s (k), as shown in FIG. 19, the element data and the random number of the transaction identification information T (1) to T (N) For the total value Σr _k V _s (k) _obtained by totaling the products r _k V _s (k), the total value Σr _{k + 1} W _t (k) is stored in the transaction identification information T (1) to T (N). Since the sum of the next transaction identification information T (N + 1) is aggregated, the combined data aggregation unit 225 calculates the product r _{N + 1} of the element data and the random number based on the next transaction identification information T (N + 1). V _s (N + 1) is generated and transmitted to the service providing apparatus 1, and the total value Σr _k V _s (k) totaled by the total value calculation unit 125 is multiplied by the product r _{N + 1} of the element data and random number for each s. V _s (N + 1) is added to calculate a total value for transaction identification information T (1) to T (N + 1).

Then, the total value calculation unit 125 transmits the total value Σr _{k + 1} W _t (k) to the service utilization device 2, and the total value ΣX _u (k) is transmitted in the element total processing unit 226 as in the above-described embodiment. Since the calculated and calculated total value ΣX _u (k) is the total value regarding the transaction identification information T (1) to T (N + 1), the total value Σr _k V _{s is obtained} unless an unauthorized process is performed. Since it matches (k), it is possible to check whether or not an illegal operation has been performed by determining whether or not the total value calculated by the fraud determination unit 126 matches. If the primary combined data ΣS _j (k) is illegally operated on the service utilization device 2 side, the confirmation information of the transaction identification information T (k) of the current and next service transactions cannot be matched with T (k + 1), and the service Total value Σr _k V _s (k) of the element data related to the current transaction identification information T (k) calculated by the fraud determination unit 126 of the providing device 1 and the next transaction calculated by the element total processing unit 226 of the service using device 2 The total value ΣX _u (k) of the element data relating to the identification information T (k + 1) does not match and is checked by the fraud determination unit 126.

Since the element totaling processing unit 226 returns only the total value Σr _k V _s (k) to the service providing apparatus 1, element data V _s (k) regarding the transaction identification information T (k) of each service transaction is returned. ) Is not known.

  FIG. 20 is a flow relating to the transaction identification information issuance process performed before the execution of the service transaction. In the service providing apparatus 1, a necessary number of transaction identification information is generated in advance and the transaction identification information table 128 is stored (S800). First, validity determination is performed between the service providing apparatus 1 and the service using apparatus 2 (S801, S802), and anonymous authentication is performed. When it is determined that the two are legitimate, the service using device 2 requests the service providing device 1 to issue the necessary number of transaction identification information (S803). The service providing apparatus 1 lists unused transaction identification information and issues the required number to the service using apparatus 2 (S804). The issued transaction identification information is stored in the registration unit 228 of the service utilization device 2 (S805).

Next, the transaction identification information T (1) used for the first service transaction is selected (S806), and the count data Q (1) is set (S807), and identification data T (1) Q (1) is generated (S807). S808). The generated identification data is encrypted by the encryption processing unit 222 (S809) to generate encrypted identification data. Then, based on the selected transaction identification information T (1), the confirmation information processing unit 224 generates initial confirmation information W _t (0) (S810). Attaching the generated encrypted identification data T (1) Q (1) and initial confirmation information W _t (0), the service providing apparatus 1 is requested to perform signature processing (S811). In the service providing apparatus 1, the signature processing unit 123 performs signature processing on the encrypted identification data T (1) Q (1) (S812), and the combination calculation unit 124 converts the primary combined data S _j (1) to the above formula ( Calculation processing is performed according to (I) (S813). The signature processing encrypted identification data T (1) Q (1) and the calculated primary combined data S _j (1) are transmitted to the service using device 2 (S814), and the signature processing encrypted identification data T ( 1) Q (1) is processed by the decryption processing unit 223 of the service using device 2 to become signature-added identification data T (1) Q (1) (S815), registered in the registration unit 228, and primary combined data S _j (1) is registered in the registration unit 229 (S816).

  Through the above processing, the service using device 2 can obtain transaction identification information necessary for service transaction and obtain identification data with a signature to be used first.

  FIG. 21 is a flow relating to processing when the service use device 2 performs the k-th service transaction. First, validity determination is performed between the service providing apparatus 1 and the service using apparatus 2 (S900, S901), and anonymous authentication is performed. When it is determined that the two are legitimate, the service utilization measure 2 reads the signed identification data T (k) Q (k) (S902) and makes a service request to the service providing apparatus 1 (S903). ).

  Upon receipt of the service request, the service providing apparatus 1 acquires signed identification data T (k) Q (k) (S904), and whether or not the transaction identification information T (k) has been successfully signed. It is checked whether or not it is used, and the identification data T (k) Q (k) is determined (S905). When it is determined that the identification data T (k) Q (k) is normal, service processing is started and a service transaction is performed with the service using device 2 (S906). Then, after the service transaction is completed, the usage fee E (k) is calculated (S907).

  If it is determined in step S905 that the identification data T (k) Q (k) is not normal, error processing is performed (S908), and service processing is not performed.

  On the other hand, when the service transaction with the service providing device 1 is started, the service using device 2 performs necessary service processing (S909), and uses the transaction identification information T (k + 1) used for the next service transaction after the service transaction is completed. Select (S910) and set the count data Q (k + 1) (S911) to generate identification data T (k + 1) Q (k + 1) (S912). The generated identification data is encrypted by the encryption processing unit 222 (S913) to generate encrypted identification data.

Next, confirmation information W _t (k) is generated by the confirmation information processing unit 224 based on the next transaction identification information T (k + 1) (S914). Then, the generated encryption identification data T (k + 1) Q (k + 1) is attached and the service providing apparatus 1 is requested to perform signature processing (S915).

In the service providing apparatus 1, the signature processing unit 123 performs signature processing on the encrypted identification data T (k + 1) Q (k + 1) (S916), and the combination calculation unit 124 converts the primary combined data ΣS _j (k) to the above formula ( J) to calculate (S917). The signature identification encrypted identification data T (k + 1) Q (k + 1) and the calculated primary combined data S _j (k) are transmitted to the service using apparatus 2 (S918), and the signature identification encryption identification data T ( k + 1) Q (k + 1) is processed by the decryption processing unit 223 of the service using apparatus 2 to become signature-added identification data T (k + 1) Q (k + 1) (S919), registered in the registration unit 228, and primary combined data S _j is registered in the registration unit 229 (S920).

  In the above processing, even after the mutual validity is determined and the anonymous authentication is performed, the service providing apparatus 1 performs the service transaction when the signature is entered using the transaction identification information. Therefore, each service transaction is anonymous. It can be executed correctly. Further, since the next transaction identification information is processed by the encrypted identification data T (k + 1) Q (k + 1) that has been encrypted, the transaction identification information is not associated with the current transaction identification information and a series of services are obtained. The transaction cannot be identified.

  The service providing apparatus 1 can reliably determine a user who has a legitimate service transaction authority based on the identification data with a signature, and uses the signature data for the number of times data as the basis data for fraud determination. be able to.

  FIG. 22 is a flow relating to a totaling process of usage fees and the like related to the service usage apparatus 2 that has performed N service transactions so far. The aggregation process is performed in the service providing apparatus 1 every predetermined period. First, validity determination is performed between the service providing apparatus 1 and the service using apparatus 2 (S1000, S1001), and anonymous authentication is performed. When it is determined that the two are legitimate, the service providing apparatus 1 makes a totaling request to the service using apparatus 2 (S1002).

The service using device 2 calculates the combined aggregated data ΣS _j (k) by aggregating the primary combined data S _j (k) stored in the registration unit 229 for each j based on the aggregation request (S1003). Then, the selected next transaction identification information T (N + 1) is read out (S1004), and the count data Q (N + 1) is set (S1005), and element data V _s (N + 1) is generated (S1006), and the combined tabulation is performed. Data ΣS _j (k), number-of-times data Q (N + 1), and element data V _s (N + 1) are transmitted to the service providing apparatus 1 (S1007).

The service providing apparatus 1 calculates the total value ΣE (k), the total value ΣQ (k), the total value Σr _k V _s (k), and the total value Σr _{k + 1} based on the combined total data ΣS _j and the coefficient data a _ij. W _t (k) is calculated (S1008). Then, the consistency between the calculated total value ΣQ (k) and the number of times data Q (N + 1) transmitted from the service using apparatus 2 is checked (S1009). The total value Σr _k V _s (k) is calculated by adding the element data and the random number product r _{N + 1} V _s (N + 1) for each s (S1010), and the total value Σr _{k + 1} W _{t is obtained.} (K) is transmitted to the service using device 2 (S1011).

The service using apparatus 2 calculates the total value ΣX _u (k) based on the total value Σr _{k + 1} W _t (k) (S1012), and uses the calculated total value ΣX _u (k) as the service providing apparatus 1. (S1013).

The service providing apparatus 1 determines whether or not the transmitted total value ΣX _u (k) matches the total value calculated in step S1010 (S1014). If they match, the total value ΣE (k ), The service usage apparatus 2 is charged for the usage fee (S1015). The service use device 2 performs a payment process based on the charge for the use fee (S1016).

If there is no consistency with respect to the count data Q in step S1009 and there is no match with respect to the element data V _s (k) in step 1014, the service providing apparatus 1 performs an unauthorized process on the assumption that an unauthorized operation has occurred (S1017). ).

  With the above processing, the service providing apparatus 1 can make a double fraud determination regarding the number data Q and the transaction identification information T, and can more accurately determine an illegal operation.

In the above example, transaction identification information is generated on the service transaction device side and acquired by the service utilization device. However, a third party or the like generates transaction identification information and provides it to the service utilization device. You may do it. Further, the element data V _s (k) generated based on the transaction identification information can be generated and used by the service providing apparatus, or can be generated by the service using apparatus and transmitted to the service providing apparatus. Select and configure the system.

  Thus, in the service transaction system according to the present invention, service transactions can be performed without knowing the details of individual transactions on the service user side. Further, the service provider can reliably charge the usage fee without accumulating individual information, and the management cost of the individual information can be greatly reduced. And even if an unauthorized operation is performed on the calculation of usage charges, it is possible to reliably determine fraud and charge the correct usage charges.

  Therefore, service transactions can be smoothly performed by using the present invention in a society where the network has spread not only in companies but also in homes due to the progress of ubiquitous computing in the future.

It is the schematic which shows the structure of embodiment which concerns on this invention. It is a functional block diagram for judging validity in the embodiment concerning the present invention. It is a processing flow for determining validity in the embodiment according to the present invention. It is explanatory drawing regarding an ID list. It is explanatory drawing regarding a password list. It is explanatory drawing regarding an encryption password list. It is a functional block diagram regarding the service transaction in the embodiment according to the present invention. It is explanatory drawing regarding the element data of transaction identification information. It is explanatory drawing regarding the element data of transaction identification information. It is explanatory drawing regarding totaling of primary combined data. It is the flow regarding the issue processing of the transaction identification information performed before implementation of a service transaction. It is the flow regarding the process in the case of performing a service transaction. It is a flow related to a totaling process such as a usage fee. It is explanatory drawing regarding the total of the primary combination data in a modification. It is a flow regarding the issue processing of the transaction identification information performed before implementation of the service transaction in a modification. It is a flow regarding the process in the case of performing the service transaction in a modification. It is a flow regarding the totaling process of the usage fee etc. in the modification. It is a functional block diagram regarding the service transaction in another embodiment. It is explanatory drawing regarding the total of the primary combined data in another embodiment. It is a flow regarding the issue processing of the transaction identification information performed before implementation of the service transaction in another embodiment. It is a flow regarding the process in the case of performing service transaction in another embodiment. It is a flow regarding totaling processing of usage fees and the like in another embodiment.

Explanation of symbols

1 service providing device 2 service using device 3 network
10 Information processing department
11 Memory
20 Information processing department
21 Memory

Claims (12)

A service transaction system comprising: a service using device; and a service providing device connected to the service using device via a communication means and receiving a service request from the service using device to process the service,
The service providing apparatus includes an identification information determination unit that determines whether or not the transaction identification information transmitted from the service utilization apparatus is valid, and a request from the service utilization apparatus when the transaction identification information is determined to be valid. A service providing means for performing service processing according to the above, a signature processing means for signing the encrypted transaction identification information transmitted from the service using apparatus, and the current transaction identification information and confirmation information transmitted from the service using apparatus. Transaction record generating means for generating information including a transaction record of a service using device,
The service utilization device selects transaction request information for sending a service request by transmitting the transaction identification information processed by the service providing device stored in the memory to the service providing device, and transaction identification information for the next service transaction. Identification information selection means, encryption processing means for encrypting transaction identification information and generating encrypted transaction identification information, and decryption processing of the encrypted transaction identification information transmitted from the service providing apparatus. Decryption processing means for storing the transaction identification information that has been subjected to signature processing in a memory; and confirmation information processing means for generating confirmation information calculated from the transaction identification information for the next transaction using parameters that the service providing device does not know; A service transaction system characterized by comprising:   A service transaction method in which a service providing apparatus processes a service in response to a service request from a service using apparatus, and the service using apparatus transmits the transaction identification information subjected to signature processing acquired from the service providing apparatus in advance to provide the service. A service request is made to the device, and the service providing device determines whether or not the transaction identification information transmitted from the service using device is valid, and if the transaction identifying information is determined to be valid, In addition to processing the service in response to the request, the service using device generates encrypted transaction identification information by encrypting the transaction identification information of the next service transaction, and knows the service providing device from the next transaction identification information. Confirmation information calculated using no parameters is generated and sent to each service providing device. The providing device performs signature processing on the encrypted transaction identification information transmitted from the service using device, and generates information including the current transaction identification information and confirmation information as a transaction record of the service using device. A service transaction method characterized in that signature-processed encrypted transaction identification information transmitted from a service providing apparatus is decrypted to obtain signature-processed transaction identification information. In a service transaction system comprising: a service using device; and a service providing device that is connected to the service using device via a communication unit and receives a service request from the service using device and processes the service. Is a program for making
The service using device,
Means for making a service request by transmitting transaction identification information that has been signed by the service providing apparatus stored in the memory to the service providing apparatus;
Means for selecting transaction identification information for the next service transaction,
Means for encrypting transaction identification information and generating encrypted transaction identification information;
Means for generating confirmation information calculated by using parameters unknown to the service providing device from the transaction identification information of the next service transaction;
Means for decrypting the signature-processed encrypted transaction identification information transmitted from the service providing apparatus and storing the signature-processed transaction identification information in a memory;
Program to function as. In a service transaction system comprising: a service using device; and a service providing device that is connected to the service using device via a communication unit and receives a service request from the service using device and processes the service. Is a program for making
The service providing device;
Means for determining whether or not the transaction identification information transmitted from the service using device is valid;
Means for performing service processing in response to a request from the service using device when the transaction identification information is determined to be valid;
Means for signing encrypted transaction identification information transmitted from a service using device;
Means for generating information including a set of the current transaction identification information and confirmation information transmitted from the service using device as a transaction record of the service using device;
Program to function as. A service transaction system comprising: a service using device; and a service providing device connected to the service using device via a communication means and receiving a service request from the service using device to process the service,
The service using apparatus encrypts transaction identification information T (k + 1) of the (k + 1) -th service transaction in the k-th service transaction to generate encrypted transaction identification information, transaction identification information T Confirmation information W that is M linear combinations independent of each other by coefficients unknown to the service providing apparatus of M element data V _s (k + 1) (s = 1, 2,..., M) calculated from (k + 1). Confirmation information processing means for generating _t (k) (t = 1, 2,..., M), and the signature-processed encrypted transaction identification information transmitted from the service providing apparatus are decrypted and signed. The decryption processing means for storing the transaction identification information in the memory and the transaction identification information T (k) for which the signature processing for the k-th service transaction stored in the memory is transmitted to the service providing apparatus to make a service request. Service request means and kth P primary combination data S _j (k) (j = 1, 2,..., P) independent from each other and calculated based on the following formula (B), which is transmitted as a service transaction record of A registration means for registering the data, and the combined total data ΣS _j (k) obtained by totaling the primary combined data S _j (k) registered in response to the total request from the service providing apparatus for k for each j, The aggregate value Σr _{k + 1} W _t (k) (t = 1, 2,..., M) transmitted from the service providing apparatus is decrypted to obtain the aggregate value ΣX _u (k) (u = 1, 2,. , M) and an element total value processing means for generating
The service providing apparatus includes an identification information determination unit that determines whether or not the transaction identification information transmitted from the service utilization apparatus is valid, and a request from the service utilization apparatus when the transaction identification information is determined to be valid. Service providing means for performing service processing in accordance with the signature processing means, signature processing means for signing encrypted transaction identification information transmitted from the service using apparatus, and P ² coefficient data a _ij (i = 1, 2,..., P; j = 1, 2,..., P) and random numbers r _k (k = 1, 2,...), And coefficient data a _ij stored in the storage means and using the random number r _k, M number of elements calculated by the data E based on the use fee (k), the random number R (k) and transmitted from the service using apparatus transaction identification information T (k) of the service transaction P including data V _s (k) and confirmation information W _t (k) (P ≧ 2M + 2) pieces of independent primary combination data S _j (j = 1, 2,..., P) are expressed by the following equation (B)
S _j (k) = a _1j E (k) + {a _{(1 + 1) j} V ₁ (k) + a _{(2 + 1) j} V ₂ (k) +... + A _{(M + 1)} V _M (k )} R _k + {a _{(M + 1 + 1) j} W ₁ (k) + a _{(M + 2 + 1) j} W ₂ (k) +... + A _{(2M + 1)} W _M (k)} r _{k +1} + a _{(2M + 2) j} R (k) (B)
A coupling calculating means for calculating a result, the service transaction number of the service using apparatus as N times, the service using apparatus of P sent from the bound aggregate data ΣS _j (k) and the coefficient data a _ij transaction identification information T based on (1) to total amount calculation means for calculating the total value ΣE (k) of data E (k) related to T (N), P pieces of combined total data ΣS _j (k) and coefficients transmitted from the service using device Based on the data a _ij , the total value Σr _k V _s (k) for k for each s of the product r _k V _s (k) of element data and random numbers related to the transaction identification information T (1) to T (N) and A total value Σr _{k + 1} W _t (k) for k for each t of the product r _{k + 1} W _t (k) of the confirmation information on the transaction identification information T (1) to T (N + 1) and the random number is calculated. and element aggregate value calculating means for transmitting aggregate value Σr k _{+ 1} W _t a (k) with Service trading system, characterized in that the aggregate values Σr _k V _{s (k)} and transmitted from the service using apparatus the aggregate value .SIGMA.X _u (k) is a fraud determination means for determining whether or not contradictory. A service transaction method in which a service providing apparatus processes a service in response to a service request from a service using apparatus,
The service using apparatus transmits the transaction identification information T (k) having been subjected to signature processing acquired in advance from the service providing apparatus in the k-th service transaction to request the service providing apparatus, and the service providing apparatus receives the service using apparatus. The transaction identification information transmitted from the server is determined whether or not the transaction identification information is valid, and when the transaction identification information is determined to be valid, service processing is performed in response to a request from the service utilization device. The encrypted transaction identification information obtained by encrypting the transaction identification information T (k + 1) of the service transaction, and M pieces of element data V _s (k) (s = 1, 2,..., M) to generate confirmation information W _t (k) (t = 1, 2,..., M) which are M linear combinations independent of each other by coefficients unknown to the service providing device. But next time In addition to signing the encrypted identification information for the service transaction, based on the data E (k) based on the usage fee of the service transaction, the random number R (k), and the transaction identification information T (k) transmitted from the service utilization device The coefficient data a _ij (i = 1, i = 1, P) (P ≧ 2M + 2) values including the M element data V _s (k) and the confirmation information W _t (k) calculated by 2,..., P; j = 1, 2,..., P) and random numbers r _k (k = 1, 2,...) And mutually independent primary combined data S _j (k) (j = 1, 2, ..., P) is replaced by the following formula (B)
S _j (k) = a _1j E (k) + {a _{(1 + 1) j} V ₁ (k) + a _{(2 + 1) j} V ₂ (k) +... + A _{(M + 1)} V _M (k )} R _k + {a _{(M + 1 + 1) j} W ₁ (k) + a _{(M + 2 + 1) j} W ₂ (k) +... + A _{(2M + 1)} W _M (k)} r _{k +1} + a _{(2M + 2) j} R (k) (B)
Calculated by, of P calculated linear combination data S _j (k) is registered in the service using apparatus in accordance with the aggregation request from the service providing apparatus, one N times registered linear combination data S _j (k ) Is calculated for k for each j, and the combined total data ΣS _j (k) is calculated and the combined total data ΣS _j (k) is transmitted to the service providing apparatus, and the service providing apparatus is transmitted from the service using apparatus. Based on P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij , an aggregate value ΣE (k) of data E (k) related to transaction identification information T (1) to T (N) is calculated, and the service is used. A product r _k V _s (k) of element data and random numbers related to transaction identification information T (1) to T (N) based on P pieces of combined total data ΣS _j (k) and coefficient data a _ij transmitted from the apparatus. For each s of k Total value? R _k for k for each t in the aggregate value? R _k V _s (k) as well as transaction identification information T (1) ~T (N + 1) of the confirmation information and the random number relating to the product _{r k + 1 W t (k} ) ₊₁ W _t is calculated and the total value Σr _{k + 1} W _t (k) is transmitted to the service using apparatus, and the service using apparatus transmits the total value Σr _{k + 1} W _t (k) transmitted from the service providing apparatus. And the aggregate value ΣX _u (k) (u = 1, 2,..., M) is generated, and the service providing apparatus transmits the aggregate value ΣX _u and the aggregate value Σr _k V transmitted from the service using apparatus. A service transaction method characterized by determining whether there is a contradiction with _s (k). In a service transaction system comprising: a service using device; and a service providing device that is connected to the service using device via a communication unit and receives a service request from the service using device and processes the service. Is a program for making
The service using device,
means for encrypting transaction identification information T (k + 1) of the (k + 1) -th service transaction in the k-th service transaction to generate encrypted transaction identification information;
M element data V _s (k + 1) (s = 1, 2,..., M) calculated from the transaction identification information T (k + 1) are M linear combinations independent of each other by coefficients unknown to the service providing apparatus. Means for generating certain confirmation information W _t (k) (t = 1, 2,..., M);
Decryption processing means for decrypting the signature-processed encrypted transaction identification information transmitted from the service providing apparatus and storing the signature-processed transaction identification information in a memory;
Means for sending a service request by transmitting the transaction identification information T (k) processed for signature for the k-th service transaction stored in the memory to the service providing device;
P primary combined data S _j (k) (j = 1, 2,..., which are transmitted from the service providing apparatus as the k-th service transaction record and calculated based on the following formula (B). P) means to register,
The combined total data ΣS _j (k) obtained by totaling k for each j of the primary combined data S _j (k) registered in response to the total request from the service providing apparatus is calculated and transmitted from the service providing apparatus. Means for decoding aggregate value Σr _{k + 1} W _t (k) (t = 1, 2,..., M) to generate aggregate value ΣX _u (k) (u = 1, 2,..., M) ,
Program to function as. In a service transaction system comprising: a service using device; and a service providing device that is connected to the service using device via a communication unit and receives a service request from the service using device and processes the service. Is a program for making
The service providing device;
Means for determining whether or not the transaction identification information transmitted from the service using device is valid;
Means for performing service processing in response to a request from the service using device when the transaction identification information is determined to be valid;
Means for signing encrypted transaction identification information transmitted from a service using device;
Using the coefficient data a _ij (i = 1, 2,..., P; j = 1, 2,..., P) and random numbers r _k (k = 1, 2,...) _Stored in the storage means, M element data V _s (k) and confirmation information W calculated by data E (k) based on transaction usage fee, random number R (k), and transaction identification information T (k) transmitted from the service utilization device _The primary combination data S _j (j = 1, 2,..., P) of P (P ≧ 2M + 2) values including _t (k), which are independent from each other, is expressed by the following formula (B)
S _j (k) = a _1j E (k) + {a _{(1 + 1) j} V ₁ (k) + a _{(2 + 1) j} V ₂ (k) +... + A _{(M + 1)} V _M (k )} R _k + {a _{(M + 1 + 1) j} W ₁ (k) + a _{(M + 2 + 1) j} W ₂ (k) +... + A _{(2M + 1)} W _M (k)} r _{k +1} + a _{(2M + 2) j} R (k) (B)
Means for calculating by
The number of service transactions of the service using device is N times, and the transaction identification information T (1) to T (N) based on P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service using device. Means for calculating an aggregate value ΣE (k) of data E (k) related to
A product r _k V _s (product of element data on transaction identification information T (1) to T (N) and random numbers based on P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service using device. k) for each s, the total value Σr _k V _s (k) for each s and each of the product r _{k + 1} W _t (k) of confirmation information and random numbers for transaction identification information T (1) to T (N + 1) It means for transmitting the aggregate value _{Σr k + 1 W t (k} ) and calculates the total value _{Σr k + 1 W t (k} ) for k for each t,
Means for determining whether the total value Σr _k V _s (k) and the total value ΣX _u (k) transmitted from the service using device are inconsistent;
Program to function as. A service transaction system comprising: a service using device; and a service providing device connected to the service using device via a communication means and receiving a service request from the service using device to process the service,
The service utilization apparatus identifies the transaction identification information T (k) selected for use in the service transaction in the k-th service transaction and the number-of-times data Q (k) set based on the number of transactions. Identification data generating means for generating data, encryption processing means for generating encrypted identification data by encrypting identification data T (k + 1) Q (k + 1) of the next service transaction, and transaction identification information T (k + 1) Confirmation information W _t (k) that is M linear combinations independent of each other by coefficients unknown to the service providing apparatus of M element data V _s (k + 1) (s = 1, 2,..., M) calculated from ) Confirmation information processing means for generating (t = 1, 2,..., M), and the signature-processed encrypted identification data transmitted from the service providing apparatus is decrypted and the signature-processed identification data is stored in the memory. Decoding processing means stored in And service request means for transmitting the identification processed data stored in the memory to the service providing apparatus to make a service request, and the following formula (D) transmitted from the service providing apparatus as the k-th service transaction record ) Based on the registration means for registering P pieces of primary combined data S _j (k) (j = 1, 2,..., P) independent from each other, The combined total data ΣS _j (k) obtained by counting the registered primary combined data S _j (k) for N times for each j is calculated, and the combined total data ΣS _j (k) and the frequency data Q (N) are calculated. a counting processing unit for transmitting the corresponding value to the service providing apparatus, the aggregate value _{Σr k + 1 W t (k} ) (t = 1,2, ..., M) transmitted from the service providing apparatus to process decoding the Element summation to generate summation value ΣX _u (k) (u = 1,2, ..., M) A value processing means,
The service providing apparatus includes an identification information determination unit that determines whether or not the transaction identification information transmitted from the service utilization apparatus is valid, and a request from the service utilization apparatus when the transaction identification information is determined to be valid. Service providing means for performing service processing according to the above, signature processing means for performing signature processing on the encrypted identification data transmitted from the service using apparatus, and P ² coefficient data a _ij (i = 1) unknown to the service using apparatus. , 2, ..., P; j = 1,2, ..., P) and random number r _k (k = 1,2, ...), and in the service transaction, in the usage fee of the service transaction M element data V _s (k) and confirmation information W _t (k) calculated based on the data E (k) based on this, the random number R (k), and the transaction identification information T (k) transmitted from the service using device. Storage means for including P (P ≧ 2M + 3) values Independent one with stored coefficient data a _ij and the random number r _k linear combination data _{S j (j = 1,2, ...} , P) following equation (D)
S _j (k) = a _1j E (k) + a _2j Q (k) + {a _{(1 + 2) j} V ₁ (k) + a _{(2 + 2) j} V ₂ (k) +... + A _{(M + 2)} V _M (k)} r _k + {a _{(M + 1 + 2) j} W ₁ (k) + a _{(M + 2 + 2) j} W ₂ (k) + ... + a _{(2M + 2)} W _M (K)} r _{k + 1} + a _{(2M + 3) j} R (k) (D)
The transaction calculation information is calculated based on the combined calculation data ΣS _j (k) and the coefficient data a _ij transmitted from the service utilization device, where N is the number of service transactions of the service utilization device and N is the number of service transactions of the service utilization device. (1) to total amount calculation means for calculating the total value ΣE (k) of data E (k) related to T (N), P pieces of combined total data ΣS _j (k) and coefficients transmitted from the service using device Based on the data a _ij , the total value ΣQ (k) of the count data Q (k) relating to the transaction identification information T (1) to T (N) is calculated, and the total value ΣQ (k) is transmitted from the service using device. First fraud determination means for determining consistency with a value corresponding to the number of times data Q (N), P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service using device. Transaction identification information T (1 About ~T product of element data and the random number relating to (N) r _k V aggregate values for k for each s of _{s (k) Σr k V s} (k) as well as transaction identification information T (1) ~T (N + 1) Calculate the total value Σr _{k + 1} W _t (k) for k for each t of the product r _{k + 1} W _t (k) of the confirmation information and the random number and calculate the total value Σr _{k + 1} W _t (k) Element total value calculation means for transmitting, and second fraud determination means for determining whether or not the total value Σr _k V _s (k) and the total value ΣX _u (k) transmitted from the service using device contradict each other. Service transaction system characterized by A service transaction method in which a service providing apparatus processes a service in response to a service request from a service using apparatus,
The service using apparatus transmits the transaction identification information T (k) subjected to signature processing acquired in advance from the service providing apparatus in the k-th service transaction and requests the service providing apparatus, and the service providing apparatus receives the service using apparatus. The transaction identification information transmitted from is determined whether or not the transaction identification information is valid, and when the transaction identification information is determined to be valid, service processing is performed in response to a request from the service utilization device. The transaction identification information T (k + 1) of the service transaction and the number of times data Q (k + 1) set based on the number of transactions are combined to generate identification data T (k + 1) Q (k + 1), which is encrypted and encrypted. Data is transmitted to the service providing device, the service providing device performs signature processing on the encrypted identification data, and the service using device performs signature processing. Of identification with the data decoding process to obtain a signing processed identification data, the next transaction identification information T (k + 1) is calculated on the basis of the M pieces of element data _{V s (k + 1) (} s = 1, 2,..., M) to generate confirmation information W _t (k) (t = 1, 2,. Q (k) obtained from data E (k), random number R (k) based on the usage fee of the service transaction, identification data T (k) Q (k) transmitted from the service usage device, service usage device M element data V _s (k) calculated based on T (k) obtained from the identification data T (k) Q (k) transmitted from and the confirmation information W _t ( k) including P (P ≧ 2M + 3) number of service using devices Et no coefficient data _{a ij (i = 1,2, ...} , P; j = 1,2, ..., P) and the random number _{r k (k = 1,2, ...} ) mutually independent linear combination data S using the _j (k) (j = 1, 2,..., P) is expressed by the following equation (D)
S _j (k) = a _1j E (k) + a _2j Q (k) + {a _{(1 + 2) j} V ₁ (k) + a _{(2 + 2) j} V ₂ (k) +... + A _{(M + 2)} V _M (k)} r _k + {a _{(M + 1 + 2) j} W ₁ (k) + a _{(M + 2 + 2) j} W ₂ (k) + ... + a _{(2M + 2)} W _M (K)} r _{k + 1} + a _{(2M + 3) j} R (k) (D)
Calculated by, of P calculated linear combination data S _j (k) is registered in the service using apparatus in accordance with the aggregation request from the service providing apparatus, one N times registered linear combination data S _j (k ) For each j, the combined total data ΣS _j (k) is calculated, and the values corresponding to the combined total data ΣS _j (k) and the number of times data Q (N) are transmitted to the service providing apparatus. The providing apparatus aggregates data E (k) related to transaction identification information T (1) to T (N) based on P pieces of combined aggregation data ΣS _j (k) and coefficient data a _ij transmitted from the service using apparatus. Count data relating to transaction identification information T (1) to T (N) based on P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service using device by calculating the value ΣE (k) Collection of Q (k) The measured value ΣQ (k) is calculated to determine consistency between the total value ΣQ (k) and the value corresponding to the number of times data Q (N) transmitted from the service using device, and transmitted from the service using device. For each s of the product r _k V _s (k) of element data and random numbers related to the transaction identification information T (1) to T (N) based on the P pieces of combined total data ΣS _j (k) and the coefficient data a _ij Of k for each t of the product r _{k + 1} W _t (k) of the total value Σr _k V _s (k) of k and confirmation information on the transaction identification information T (1) to T (N + 1) and random numbers The aggregate value Σr _{k + 1} W _t is calculated and the aggregate value Σr _{k + 1} W _t (k) is transmitted to the service using device, and the service using device transmits the aggregate value Σr _{k + 1} W transmitted from the service providing device. _t (k) is decrypted to generate an aggregate value ΣX _u (k) (u = 1, 2,..., M). A service transaction method characterized by determining whether or not there is a contradiction between a total value ΣX _u transmitted from a service using device and a total value Σr _k V _s (k). In a service transaction system comprising: a service using device; and a service providing device that is connected to the service using device via a communication unit and receives a service request from the service using device and processes the service. Is a program for making
The service using device,
means for generating identification data by combining transaction identification information T (k) selected for use in service transaction in the k-th service transaction and number-of-times data Q (k) set based on the number of transactions;
Means for encrypting identification data T (k + 1) Q (k + 1) of the next service transaction to generate encrypted identification data;
M element data V _s (k + 1) (s = 1, 2,..., M) calculated from the transaction identification information T (k + 1) are M linear combinations independent of each other by coefficients unknown to the service providing apparatus. Means for generating certain confirmation information W _t (k) (t = 1, 2,..., M);
Means for decrypting the signature-processed encrypted identification data transmitted from the service providing apparatus and storing the signature-processed identification data in the memory;
Means for sending a service request by transmitting the identification processed identification data stored in the memory to the service providing device;
P primary combined data S _j (k) (j = 1, 2,..., which are transmitted from the service providing apparatus as the k-th service transaction record and calculated based on the following formula (D). P) means to register,
In response to the aggregation request from the service providing apparatus, the combined total data ΣS _j (k) obtained by totaling the registered N primary combined data S _j (k) for k for each j is calculated and the combined total data ΣS. means for transmitting a value corresponding to _j (k) and the count data Q (N) to the service providing device;
The aggregate value Σr _{k + 1} W _t (k) (t = 1, 2,..., M) transmitted from the service providing apparatus is decrypted to obtain the aggregate value ΣX _u (k) (u = 1, 2,. , M),
Program to function as. In a service transaction system comprising: a service using device; and a service providing device that is connected to the service using device via a communication unit and receives a service request from the service using device and processes the service. Is a program for making
The service providing device;
Means for determining whether or not the transaction identification information transmitted from the service using device is valid;
Means for performing service processing in response to a request from the service using device when the transaction identification information is determined to be valid;
Means for signing encrypted identification data transmitted from the service using device;
In a service transaction, M element data V _s (calculated from data E (k) based on the usage fee of the service transaction, a random number R (k) and transaction identification information T (k) transmitted from the service utilization device. k) and P (P ≧ 2M + 3) values of coefficient data a _ij (i = 1, 2,..., P; j = 1, 2, P) stored in the storage means including the confirmation information W _t (k) .., P) and random numbers r _k (k = 1, 2,...) And mutually independent primary combined data S _j (j = 1, 2,..., P) are expressed by the following equation (D)
S _j (k) = a _1j E (k) + a _2j Q (k) + {a _{(1 + 2) j} V ₁ (k) + a _{(2 + 2) j} V ₂ (k) +... + A _{(M + 2)} V _M (k)} r _k + {a _{(M + 1 + 2) j} W ₁ (k) + a _{(M + 2 + 2) j} W ₂ (k) + ... + a _{(2M + 2)} W _M (K)} r _{k + 1} + a _{(2M + 3) j} R (k) (D)
Means for calculating by
The number of service transactions of the service using device is N times, and the transaction identification information T (1) to T (N) based on P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service using device. Means for calculating an aggregate value ΣE (k) of data E (k) related to
Based on P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service using device, aggregate value ΣQ (of count data Q (k) relating to transaction identification information T (1) to T (N) means for determining the consistency between the total value ΣQ (k) and the value corresponding to the count data Q (N) transmitted from the service using device by calculating k)
A product r _k V _s (product of element data on transaction identification information T (1) to T (N) and random numbers based on P pieces of combined aggregate data ΣS _j (k) and coefficient data a _ij transmitted from the service using device. k) for each s, the total value Σr _k V _s (k) for each s and each of the product r _{k + 1} W _t (k) of confirmation information and random numbers for transaction identification information T (1) to T (N + 1) It means for transmitting the aggregate value _{Σr k + 1 W t (k} ) and calculates the total value _{Σr k + 1 W t (k} ) for k for each t,
Means for illegally determining whether or not the total value Σr _k V _s (k) and the total value ΣX _u (k) transmitted from the service using device are inconsistent;
Program to function as.

Images