JP2012073960A - Verification system and method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To verify a report on use information on a user from a servicer without invading user's privacy.SOLUTION: A terminal 100 includes transmission and reception means 106 of transmitting to a server 200 the remainder (examination value) obtained by dividing a numeral (purchase amount, etc.) that a servicer 300 and the terminal 100 share as information by a predetermined divisor. The server 200, on the other hand, receives a value (report value) obtained by subjecting the numeral that the servicer 300 and the terminal share as the information to predetermined processing by the servicer 300. Collation means 206 verifies that the predetermined processing is simple totaling based upon the examination value, and the remainder (collation value) obtained by dividing the report value by the predetermined divisor.

Description

  The present invention relates to a verification system and method, and more particularly, to a technique for verifying the validity of usage information such as a usage amount that is derived from a software installed on a computer to a website and consumed.

Patent Documents 1 to 3 are listed as publicly known documents describing techniques related to the present invention.
In Patent Document 1, a specific identification number is assigned to an accessor in order to aggregate the access status of a website, and accesses having the same identification number are aggregated from an access log, and a series of page access transitions of the accessor A technique for grasping the access status such as the status is disclosed.

  In patent document 2, in the process of counting questionnaire data, a random number is added from the answer data in the questionnaire answering device and sent to the server for the purpose of processing without knowing privacy information on the counting server side. A technique is disclosed in which, while disturbing the response contents, the server side subtracts the same random number to eliminate the disturbance.

  In Patent Literature 3, in the technical field of spell check of electronic dictionaries, a weight is determined for each alphabetic character, a weight is also determined for the position of the character in a word, a remainder is obtained by dividing by a predetermined prime number, It is disclosed to confirm the correctness of. Patent Document 3 is a precedent example of a technique that uses a remainder in order to efficiently check the integrity of information.

Japanese Patent Laid-Open No. 2005-189942 JP 2006-018053 A Japanese Patent Laid-Open No. 62-074153

  A so-called portal site or e-commerce site places a link in an application software program installed on a personal computer for attracting customers, and the vendor of the computer or application obtains affiliate revenue in return for the link placement. , Conventionally known.

  Affiliates such as those described above are usually determined according to the number of times a user browses those sites by following links arranged, the purchase amount purchased at those sites, and the like. Hereinafter, the number of times of browsing, the purchase amount, and the like, which are factors determining the affiliate amount, are referred to as “use information” in the present specification.

  Usage information is reported to vendors from portal site and e-commerce site servicers, but vendors have no means of verifying the correctness of the reports, and they had no choice but to look back on the reports.

  In order to verify the legitimacy of the report from the servicer, the vendor also obtains the usage count for each service of each user (for example, Patent Document 1), and collates the total value with the report from the servicer. Is also possible. However, in this case, since the privacy information of the user is obtained, strict management is required. Therefore, there is a risk of increasing management costs.

  Of course, when acquiring the usage information for each service of each user, there is a method in which disturbance is caused by a random variable and the disturbance is deleted later (for example, Patent Document 2). This method increases the confidentiality of the communication path between the user and the vendor side server, but the vendor side eventually obtains the user's privacy information, and the problem that requires strict management remains unchanged.

  In the first place, in particular, since the purchase amount and the like is information having a very sensitive nature, it is considered rare that a license can be obtained based on an appropriate judgment of the user.

  In view of the above circumstances, an object of the present invention is to provide a verification system and method capable of verifying a report of user usage information without impairing the privacy of the user.

  In order to achieve the above object, the present invention provides, as a first aspect, a verification system in which a terminal and a server are communicably connected, and the terminal is a numerical value shared by a servicer and the terminal. And a transmission / reception means for sending a remainder obtained by dividing the value by a predetermined method to the server, wherein the servicer performs a predetermined process on a numerical value shared by a plurality of the servicers and the terminal. Based on the report value receiving means for receiving a value, the remainder received from the terminal, and the remainder obtained by dividing the value received by the report value receiving means by the predetermined method, the predetermined processing is simplified. The present invention provides a verification system comprising: verification means for verifying that the sum is obtained.

  In order to achieve the above object, according to a second aspect of the present invention, there is provided a verification method using a system in which a terminal and a server are communicatively connected, wherein the server includes a plurality of numerical values and a servicer. In response to a numerical value that is shared with the terminal, the servicer receives a report value that is a value obtained by performing a predetermined process, and the terminal uses a numerical value that is shared by the servicer and the terminal in advance. Sending the remainder divided by a predetermined method to the server, and the server performs the predetermined processing based on the remainder received from the terminal and the remainder obtained by dividing the report value by the predetermined method. A verification method characterized by verifying that is a simple sum is provided.

  ADVANTAGE OF THE INVENTION According to this invention, it becomes possible to provide the verification system and method which can verify a user's utilization information report, without impairing a user's privacy.

It is a figure which shows schematic structure of the whole embodiment by this invention. It is a figure which shows the example of a screen display of the launcher of this embodiment. It is a block diagram which shows the function structure of this embodiment. It is a figure which shows the example of the memory content of the test value memory | storage means of this embodiment. It is a figure which shows the example (a) of the transmission instruction | indication list of this embodiment, and the example (b) of a test value list | wrist. It is a timing chart which shows the flow of processing of this embodiment.

  Embodiments according to the present invention will be described below with reference to the drawings. In the following embodiment, the usage information of the user to be verified is premised on a “purchase amount” in which a user purchases a product on a Web site that the user has followed the application link. However, the present invention is not limited to this illustrative example. The same applies to “number of uses”. In addition to “purchase amount” and “number of uses”, for example, “viewing program” and “purchased product” can be handled in the same manner. In this case, the viewing program is converted into a G code, and the purchased product is converted into a JAN code.

FIG. 1 shows a schematic configuration of the entire embodiment.
As shown in FIG. 1, the entire system including the usage information verification system 1 (illustrated in FIG. 3) according to the present embodiment includes a plurality of terminals 100, a server 200, and a plurality of terminals via a network such as the Internet. Servicer-side servers 300 (hereinafter simply referred to as “servicer 300”) are connected to be communicable with each other.

  There may be a plurality of terminals 100, each of which is installed with launcher software (hereinafter referred to as “launcher 122”) provided by a vendor managing the server 200.

  The launcher 122 is arranged in a desktop environment with a link for starting application software and the like, and assists the user in starting the application software to increase the speed. Some of these links start a browser with a URI (Uniform Resource Indicator) as an argument.

FIG. 2 shows a screen display example of the launcher of this embodiment.
FIG. 2 shows a screen example in which a cursor 121 and a launcher 122 are drawn on a desktop screen 120 generated by a certain terminal 100. The launcher 122 provides a link 124 to a service provided by the servicer 300. In addition, a search input field 123 may be provided to provide a user with a quick access function to the search engine.

  The user is guided to a service provided by the servicer 300 by purchase means 101 (described later with reference to FIG. 3) using the link 124 and the search input field 123 as an interface. The usage information of each service is held by each terminal 100, but the servicer 300 side can grasp the usage information for its service for each user by access analysis or the like.

  The servicer 300 reports to the server 200 the total amount of usage information ascertained at the end of the month or at the end of the fiscal year. In the present embodiment, as the usage information, the purchase amount is taken as an example, and it is efficiently verified whether or not the total purchase amount reported by a certain servicer is highly reliable data.

FIG. 3 shows a functional configuration of the present embodiment.
The usage information verification system 1 according to the present embodiment illustrated in FIG. 3 includes each block included in the terminal 100 and each block included in the server 200. Each of these blocks is a functional block configured by a software program that executes predetermined information processing using a general-purpose computer.

  The terminal 100 includes a purchase unit 101, a purchase amount storage unit 102, a purchase amount acquisition unit 103, a test value calculation update unit 104, a test value storage unit 105, and a transmission / reception unit 106 for each terminal.

  The purchase unit 101 is a unit that allows a user to access a service provided by the servicer 300 and purchase a product or service using the search input field 123 or the link 124 of the launcher 122 as an interface. The purchase price of the product purchased by the purchase means 101 is stored in the purchase price storage means 102.

  The purchase price storage unit 102 stores the purchase price of the product purchased by the purchase unit 101. The purchase amount is stored for each service (eg, x yen for service A and y yen for service B).

  Note that the purchase amount is information on commercial transactions, and is recorded in the servicer 300 one by one. The same applies to purchased products that can be converted to JAN codes and viewing programs that can be converted to G codes. That is, usage information is shared between the servicer and the terminal.

  The purchase price storage means 102 is on the terminal 100, and the stored information itself is not reported to the server 200 as it is. In addition, storing raw purchase amounts over a long period of time increases the security risk, so the stored content may be discarded after the purchase amount is sent to the test value calculation update means 104.

  The purchase amount acquisition unit 103 temporarily acquires the purchase amount stored from the purchase amount storage unit 102. If the acquired purchase price information is used for calculation of the test value in the subsequent stage and then immediately discarded, the confidentiality can be improved.

The test value calculation update means 104 calculates a remainder obtained by dividing the purchase price acquired by the purchase price acquisition means 103 by a predetermined method determined in advance (test value calculation processing). This remainder is referred to as “test value” in the present embodiment.
Example: In the case of a purchase amount of 345 yen, if the modulo is 9, the test value is 3.

  Further, the test value calculation update unit 104 updates the test value storage unit 105 with the calculated test value. The test value storage unit 105 stores the result of the test value calculation process.

The predetermined method defined in advance is a constant value, and a plurality of them are prepared instead of one. Therefore, a plurality of test values are calculated instead of one.
Example: If the modulus is 9, 13, 23,..., 3, 7, 0,... Are stored in the test value storage means 105 as 345 yen test values.

FIG. 4 shows an example of stored contents of the test value storage means 105.
As shown in FIG. 4, there are a plurality of predetermined methods such as 3, 5, 7, 11, 13,..., And the remainder obtained by dividing the purchase amount of each service by each method is recorded as a test value. The number of test value matrices to be stored is determined in accordance with the timing at which the verification according to the present embodiment is desired. FIG. 4 shows a test value matrix up to the minimum necessary last month and the middle of this month when verification is performed once a month.

When a new purchase price is acquired by the purchase price acquisition means 103, the test value calculation update means 104 updates the test value, but the sum of the stored test value and the new purchase price is stored in the memory. The remainder divided by the method corresponding to the test value is a new test value.
Example: In the case of an additional purchase of 456 yen, the test value of method 9 is updated to 0.
(3 + 456 = 459, 459 mod 9 = 0)

  As shown in FIG. 4, the test value corresponds to a period such as a week or a month, and may be stored for a plurality of periods until it is transmitted by the transmission / reception means 106 described later.

  The transmission / reception unit 106 transmits a test value list based on the stored contents stored in the test value storage unit 105 to the server 200. On the other hand, a transmission instruction list that is a list of test values to be transmitted is received from the server 200. The transmission / reception means 106 generates a test value list from the matrix of test values for each service and each law stored in the test value storage means 105 according to the transmission instruction list, and periodically transmits it to the server 200.

FIG. 5 shows an example of a transmission instruction list and a test value list.
The transmission instruction list shown in FIG. 5 is an instruction content list indicating that the test values of moduli 11 and 23 should be transmitted for September 2010 for all services. The test value list for this is a list of test values of the moduli 11 and 23 of each service (FIG. 5B).

  There may be a plurality of methods to be included in the transmission instruction list, but a method of a predetermined number or more is ignored, and only a test value corresponding to a method of less than the constant number is actually used. Other test values corresponding to this period are discarded at this timing. Although there is a possibility of retransmission due to a communication error or the like, since it is discarded at this timing, it becomes impossible to send a test value that does not correspond to the originally received law.

  For example, the test value storage means 105 stores the test values “3, 7, 0” of the period A corresponding to the law of “11, 13, 23” and “11 and 23” of the period A. In response to the transmission instruction, “3, 0” is transmitted. At this timing, the test value “7” is discarded. If the transmittable test value is determined to be 1 or less, only “3” is transmitted.

  The server 200 includes transmission / reception means 201, total test value calculation means 202, report value reception means 203, collation value calculation means 204, transmission instruction list determination means 205, and collation means 206.

  The transmission / reception unit 201 transmits the transmission instruction list determined by the transmission instruction list determination unit 205 to each terminal 100. In addition, the test value list transmitted from each terminal 100 is received.

  The transmission instruction list determining means 205 determines and creates a transmission instruction list by randomly selecting a method equal to or less than the number of transmittable test values from among a plurality of predetermined methods along with the period to be verified. The determined transmission instruction list is transmitted to each terminal 100 by the transmission / reception means 201 and used for calculation of a collation value to be described later.

The total test value calculation unit 202 calculates a remainder obtained by dividing the test value for each service received by the transmission / reception unit 201 for all terminals and then dividing by the method selected in the transmission instruction list.
For example, when a transmission instruction list in which the method 9 is selected is sent to all four terminals 100 and test values of 3, 0, 5, and 7 are received from each terminal, the total test value is 6 (3 + 0 + 5 + 7 = 15 , 15 mod 9 = 6).

  On the other hand, the report value receiving unit 203 receives a report of user usage information from the servicer 300. In the present embodiment, the report of user usage information is (should be) the total purchase price of all users for each service (simple total usage information). Here, the report of the usage information from the servicer 300 is preferably prior to the transmission of the transmission instruction list to the user terminal 100.

  The matching value calculation unit 204 calculates a matching value based on the report value for each service received from the servicer 300 and the method included in the transmission instruction list determined by the transmission instruction list determination unit 205. Similar to the test value, the verification value is a remainder obtained by dividing the report value by the method included in the transmission instruction list. When there are a plurality of moduli, a plurality of matching values are calculated.

  The matching unit 206 compares the total test value for each service calculated by the total test value calculation unit 202 with the verification value for each service calculated by the verification value calculation unit 204. If they do not match, the user's usage information report (report value) may be incorrect or misrepresented.

FIG. 6 shows a processing flow of the present embodiment.
The usage information verification system 1 is preferably configured to transmit a report value from the servicer 300 before the terminal 100 transmits the test value list. First, the servicer 300 transmits a report of the user's usage information (total purchase price (report value)) to the server 200 (step S101).

  On the other hand, the terminal 100 acquires the purchase price every time the purchase price is updated (step S102), and updates and stores the verification value based on the acquired purchase price (step S103). The method for calculating the test value is a plurality of predetermined constant values.

  The server 200 determines a transmission instruction list at an arbitrary timing such as a weekend or the end of the month (step S104). A verification value is calculated from the report value transmitted to the servicer 300 by the method included in the determined transmission instruction list (step S105). Step S105 may be performed even after receiving the test value list.

The determined transmission instruction list is transmitted to all terminals 100. Each terminal 100 generates a test value list based on the received transmission instruction list (step S106). As described above, the generation mode is obtained by acquiring the test value from the test value storage means 105 using a predetermined number or less of the plurality of methods included in the transmission instruction list, as described above. .
Each terminal 100 transmits the generated test value list to the server 200 (step S107).

  The server 200 receives the test value list from all the terminals 100 (step S108), and calculates the total test value (step S109). Then, the collation value calculated in step S105 is collated with the total test value calculated in step S109 (step S110). As a result of the verification, it is verified that any processing has not been performed on the report value provided by the servicer 300. In other words, it is detected that some processing is being performed.

  According to the above-described embodiment, the test value is calculated by a method of calculating the remainder with a low computer load, so that the verification can be performed efficiently. In addition, sensitive information such as purchase amount and usage information is lost in the process of calculating the surplus. Therefore, the user's privacy is not impaired.

  If it is known what the method for obtaining the test value is, it is easy for the servicer to misrepresent it so that it cannot be detected. For example, if it is known that the modulo is 9, the reported value can be declared less than a multiple of 9 yen. However, if there are multiple law candidates and you do not know the law that is actually used in advance, it is a misrepresentation in the least common multiple unit. For example, if it is “3, 5, 7”, it is necessary to declare the number less than an integral multiple of 105. If the candidate for the law is “3, 5, 7, 11, 13, 17, 19, 23, 29”, it is necessary to report an integer multiple of 3,234,846,615, which is practically impossible. It is.

  Conversely, if the candidate for the law is “3, 5, 7, 11, 13, 17, 19, 23, 29” and all test values are received from the user, the purchase price of the user can be calculated. Therefore, the number of test values actually transmitted must be small, and the absolute value of the modulo must not be too large.

  Further, if the report of the usage information from the servicer 300 is made prior to the transmission of the transmission instruction list to the user terminal 100, the servicer obtains the terminal or the like, analyzes the transmission instruction list, and transmits the transmission during the period. If you know what the law is directed to, you can deter spoofing.

DESCRIPTION OF SYMBOLS 1 Usage information verification system 100 Terminal 101 Purchase means 102 Purchase amount storage means 103 Purchase amount acquisition means 104 Test value calculation update means 105 Test value storage means 106 Transmission / reception means 200 Server 201 Transmission / reception means 202 Total verification value calculation means 203 Report value reception means 204 collation value calculation means 205 transmission instruction list determination means 206 collation means

Claims (6)

A verification system in which a terminal and a server are communicably connected,
The terminal
Transmission / reception means for sending a remainder obtained by dividing a numerical value shared by a servicer and the terminal by a predetermined method to the server;
The server
Report value receiving means for receiving a value that the servicer has performed a predetermined process on a numerical value shared by a plurality of the servicers and the terminal;
Verification means for verifying that the predetermined processing is a simple sum based on the remainder received from the terminal and the remainder obtained by dividing the value received by the report value receiving means by the predetermined method; The verification system characterized by comprising.   The verification system according to claim 1, wherein there are a plurality of the predetermined laws. The server
Sending to the terminal a transmission instruction list of an instruction to transmit only the remainder according to a randomly determined law among the plurality of predetermined laws,
The terminal
The verification system according to claim 2, wherein the random remainder determined in the transmission instruction list is sent to the server.   4. The verification system according to claim 3, wherein reception by the report value receiving means precedes transmission of the instruction list.   The transmission / reception means selects only a predetermined number from a small number of the randomly determined methods included in the transmission instruction list, and sends a remainder of the selected method to the server. The verification system according to claim 3 or 4, characterized by the above-mentioned. A verification method using a system in which a terminal and a server are connected so as to communicate with each other,
The server receives a report value that is a value that the servicer has performed a predetermined process on a numerical value that is a plurality of numerical values and information is shared between the servicer and the terminal,
The terminal sends a remainder obtained by dividing a numerical value shared by the servicer and the terminal by a predetermined method to the server,
The server verifies that the predetermined processing is a simple sum based on the remainder received from the terminal and the remainder obtained by dividing the report value by the predetermined method. ,Method of verification.

Images