JP2003036246A - User authentication method, communication system, and server - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enhance accuracy of a user authentication, to prevent the increase in the traffic involved in the user authentication, and to make the user authentication available even in a terminal having a small memory capacity like a cellular phone. SOLUTION: An IP server W holds voiceprint data corresponding to a user to whom its own server provides a service and an authentication program to perform user authentication. When a user of a mobile machine MS uses the mobile machine MS to receive the service provided by the IP server W, the IP server W transmits the voiceprint data and the authentication program held by its own server to the mobile machine MS. The mobile machine performs the user authentication in accordance with the voiceprint data and the like transmitted from the IP server W. When the user of the mobile machine MS changes the service content during enjoying the service, the downloading of voiceprint data and the authentication program will not be carried out if these data have already been downloaded to the mobile machine MS.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a user authentication method and a user authentication method for authenticating whether or not a user to whom a service is provided has a proper authority in a service via a network. The present invention relates to a communication system and a server suitable for use in.

[0002]

2. Description of the Related Art In recent years, as mobile devices such as mobile phones have become more sophisticated, mobile devices have been equipped with a WWW (World Wide Web) browser (hereinafter referred to as "WWW browser"). There are products on the market that allow browsing. By performing WWW browsing with such a mobile device, it is possible to receive various services from an information provider (hereinafter referred to as “IP”) on the Internet.

[0003] Among the services provided by IP, there are services provided only to contract users and those requiring confidentiality. Therefore, the IP that provides this type of service performs user authentication when providing the service from the viewpoint of preventing unauthorized use by a third party. The most commonly used user authentication method is a method using a password.

However, in the user authentication method using a password, there is a risk that the password will be leaked to a malicious third party. Therefore, using voiceprint data that cannot be forged,
The following two user authentication methods have been proposed.

A. User Authentication Method a This user authentication method is a method in which a user who receives a service registers his biometrics information in the IP in advance. Then, the user inputs his own voice to the terminal when receiving the service provision. In this way, the voice data corresponding to the voice input by the user is transmitted from the terminal to the IP, and the IP acquires voiceprint data based on the voice data transmitted from this terminal,
The user authentication is performed by comparing the voiceprint data with the voiceprint data stored in advance.

B. User Authentication Method b This user authentication method is a method in which the terminal used by the user stores his or her own voiceprint data and the user inputs his or her voice when receiving service provision. In this method, the voice input by the user is converted into voiceprint data by the terminal, and the terminal performs user authentication based on the voiceprint data.

[0007]

By the way, at present, it is general that there are a plurality of services provided by one IP. Therefore, while the user is receiving the service from the IP, the service to be provided may switch. In such a case, in order to ensure the accuracy of user authentication, it is necessary to re-authenticate the user every time the service is switched.

In the above-described user authentication method a, when such re-authentication is performed, every time re-authentication is required,
It is necessary to transmit a large amount of voice data from the terminal side to the IP side, and as a result, there is a problem that traffic in the network increases due to transmission and reception of voice data. Such an increase in traffic becomes a particularly serious problem in a mobile communication network with a low transmission rate.

On the other hand, when the above-mentioned user authentication method b is used, the processing involved in user authentication converges in the terminal,
The problem as described above does not occur. However, in order to realize this user authentication method b, it is necessary to constantly store user's voiceprint data and a program for performing user authentication based on the voiceprint data on the terminal side. There is a problem that the storage area is wasted. When the authentication program is different for each IP that provides a service, the terminal needs to always store the number of authentication programs corresponding to the number of IPs to which the user of the terminal receives the service. Therefore, there is a problem that it is practically impossible to realize this user authentication method in a mobile device such as a mobile phone that cannot increase the storage capacity.

The present invention has been made in view of the circumstances described above, and in the user authentication required when the IP provides a service to the user of the terminal, the accuracy of the user authentication is increased and the user authentication is improved. (EN) Provided are a user authentication method that prevents an increase in traffic associated with authentication and that can be used even when a terminal with a small storage capacity such as a mobile device is used, and a communication system and a server suitable for this method. The purpose is to

[0011]

In order to solve the problems described above, the present invention provides a mobile terminal accommodated in a network and a server which provides a service to the mobile terminal via the network, A user authentication method in a communication system, comprising: a server that owns voiceprint data of a user of the mobile terminal which provides a service and an authentication program for performing user authentication based on the voiceprint data. A service provision request process in which the mobile terminal transmits a service provision request to the server, a transmission process in which the server transmits the voiceprint data and the authentication program to the mobile terminal, and the mobile terminal in the transmission process. The voiceprint data and the authentication program sent from the server are received and stored in the storage unit of the terminal. And the user authentication of whether or not the user of the own terminal is a user having the proper authority, based on the voiceprint data and the authentication program stored in the downloading process by the mobile terminal. A user authentication method comprising: an authentication process that permits the user to enjoy a service only when the user authentication is successful.

According to this user authentication method, when the server provides the service to the user of the mobile terminal, the voiceprint data and the authentication program required for user authentication are downloaded from the server to the mobile terminal, and the mobile terminal User authentication is performed according to this voiceprint data and authentication program,
It is determined whether or not the user is allowed to enjoy the service.

Further, the present invention is a communication system having a mobile terminal accommodated in a network and a server for providing a service to the mobile terminal via the network, wherein the server is its own server. A voiceprint data of the user of the mobile terminal that provides the mobile terminal and an authentication program for performing user authentication based on the voiceprint data, and when providing a service to the mobile terminal, The mobile terminal has means for transmitting the voiceprint data and the authentication program to the mobile terminal, and the mobile terminal has a proper authority for the user of the own terminal based on the voiceprint data and the authentication program transmitted by the server. It has a means to authenticate whether it is a user and allow the user to enjoy the service only when this authentication is successful. To provide a communication system, characterized in that.

According to this communication system, when the server provides the service to the user of the mobile terminal, the voiceprint data and the authentication program necessary for user authentication are downloaded from the server to the mobile terminal, and the mobile terminal uses the voiceprint data and the authentication program. User authentication is performed according to the voiceprint data and the authentication program, and it is determined whether or not the user is allowed to enjoy the service.

Furthermore, the present invention is a server for providing a service to another communication terminal via a network, wherein the server is based on the voiceprint data and the voiceprint data of the user of the mobile terminal provided by the server. Storage means for storing an authentication program for performing user authentication, and transmitting the voiceprint data and the authentication program to the mobile terminal when the service is provided to the mobile terminal. And a transmission means for performing the same. According to such a server, when the server provides a service to the user of the mobile terminal, the voiceprint data and the authentication program are transmitted from the server to the mobile terminal.

[0016]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings. The present embodiment is realized by applying the present invention to a mobile communication network connected to the Internet.

[1.1] Configuration of Embodiment (A) Overall System Configuration FIG. 1 is a block diagram showing the configuration of a communication system 1 according to the present embodiment. As shown in the figure, the communication system 1 according to the present embodiment includes a plurality of mobile devices MS, a plurality of base stations BS, a mobile communication network MSN, and an internet IN.
It has an ET, a public digital network ISN, and a plurality of IP servers W that provide various membership-based services to users of mobile units MS by data communication via the Internet. It should be noted that, in FIG. 1, in order to prevent the drawing from being complicated, only a predetermined mobile device, base station and IP server among mobile devices MS, base stations BS and IP servers W accommodated in the communication system 1 are shown. Has been done.

In FIG. 1, the public digital network ISN is
It is a network for data communication such as ISDN (Integrated service digital network) and provides a voice call service to a telephone or the like accommodated in its own network.

The mobile communication network MSN is composed of a mobile packet communication network for providing a packet communication service to the mobile station MS and a mobile telephone network for providing a voice call service, and has a plurality of base stations BS. Besides, it has an exchange, a packet subscriber processing device, and the like, which are not shown. The mobile packet communication network forming the mobile communication network MSN is connected to the Internet IN via a gateway server (not shown).
The mobile device MS is connected to the ET, and can perform packet communication with the communication device (the IP server W in the case of FIG. 1) connected to the Internet INET via the mobile packet communication network. In addition, the mobile communication network MSN
The mobile telephone network that makes up the POI (Point of Inter
face)) and the mobile station MS can make a voice call with a communication device (IP server W in the case of FIG. 1) accommodated in the public digital network ISN. Is.

The mobile device MS is a portable electronic device such as a mobile phone, and is capable of data communication via the mobile communication network MSN shown in this figure and is also capable of performing voice communication. The mobile device MS receives various services from the IP server W through data communication via the mobile communication network MSN.

The IP server W is a computer system owned by IP, and is compatible with various pages of HTML.
(Hypertext Markup Language) format data (hereinafter,
In addition to "HTML data"), it holds various contents such as music contents and image contents as resources. A URL (Uniform Resource Locator) is set for each resource of these IP servers W, and HTTP (Hy
When receiving the GET request of the pertext transfer protocol, the IP server W receives the U included in the GET request.
Returns the resource corresponding to the RL to the Internet INET. The IP server W provides various services of membership system to the user of the mobile device MS by this HTTP communication.

The IP server W also stores a voiceprint data database 25 (hereinafter, “database” is referred to as “DB”) that stores voiceprint data corresponding to a user (user of mobile unit MS) whose server provides a membership service. Abbreviated)
have. FIG. 2 is a diagram showing the stored contents of the voiceprint data DB 25. As shown in the figure, in the voice print data DB 25 according to the present embodiment, the keyword voice print data of the user and the free word voice print data (hereinafter, both voice prints) are associated with the user ID for uniquely identifying each user. If there is no particular need to specify the data, it is simply referred to as “voiceprint data”).

Here, the keyword voiceprint data is voiceprint data corresponding to a voice generated when a user determines a keyword (that is, a character string) read aloud, and the character string corresponding to the keyword and the voiceprint data. It includes error data indicating the error range of. The free word voiceprint data is a voiceprint model corresponding to the Japanese syllabary, which is extracted from the voice generated when the user reads a predetermined document aloud. These voiceprint data are stored in the mobile device M.
When the user of S receives the service of the IP server W, the user of S uses the mobile station MS to register in advance with the IP server W. Note that each of these voiceprint data has a size of only about 5 kbytes, and has a very small data amount as compared with voice data.

Further, the IP server W uses the voiceprint data DB 2
Mobile station MS based on the voiceprint data stored in
Has an authentication program for user authentication. Here, the following authentication programs are held by the IP server W. i) Keyword Authentication Program This authentication program is a program for performing user authentication based on the keyword voiceprint data described above. ii) Free word authentication program This authentication program forms randomly input voice data and the above-mentioned free word voiceprint data.
It is a program for user authentication by comparing with a voiceprint model of sound.

Each of these authentication programs has a program ID for identifying each, and the IP server W
Can identify each program by this program ID. In addition, these certification programs
Each has a data amount of about 5 kbytes. In the following, both authentication programs are simply referred to as “authentication program” unless it is necessary to specify them. Moreover, the method of user authentication by the keyword and the method of user authentication by the free word, which are performed when these programs are executed, are already known methods, and therefore detailed description thereof will be omitted.

When providing various services to the user of the mobile station MS, the IP server W transmits the voiceprint data and the authentication program to the mobile station MS. Then, the mobile device MS authenticates the user based on the voiceprint data and the authentication program transmitted from the IP server W, and permits the user to enjoy the service only when the user authentication is successful.

In addition, the user of the mobile station MS can use the IP server W
The service to be provided may be changed while the service is being provided. In such a case, the control unit 11 of the mobile device MS transmits, to the IP server W, the program ID corresponding to the authentication program already downloaded by the own device. In this case, the system control unit 21 of the IP server W does not send the authentication program and voiceprint data for the mobile station MS again, and the mobile station MS
Send an authentication request for. Then, the mobile device MS
When this authentication request is received, the user authentication is performed, and only when this user authentication is successful, the user is permitted to enjoy the service. As described above, since the authentication program and voiceprint data are not transmitted many times, it is possible to effectively prevent an increase in traffic in the mobile communication network MSN.

(B) Configuration of Mobile Station MS FIG. 3 is a diagram showing the configuration of the mobile station MS according to this embodiment. As shown in the figure, the mobile unit MS includes a control unit 11
, Transmission / reception unit 12, instruction input unit 13, and liquid crystal display unit 1
4, a sound collection unit 15, an A / D and D / A conversion unit 16,
It has a voice output unit 17 and a voice encoding / decoding unit 18.

The transmitting / receiving unit 12 performs wireless communication with the base station BS of the mobile communication network MSN. Liquid crystal display 14
Is composed of a display device such as a liquid crystal panel, and displays various information under the control of the control unit 11.

The instruction input unit 13 includes various buttons such as a PB (push button) and cursor keys, and when the user performs an input operation, supplies operation data corresponding to the input operation to the control unit 11. The control unit 11
A user's input command is determined from this operation data, and control corresponding to the command is performed.

The sound collecting unit 15 is composed of a microphone, and outputs a voice signal corresponding to the input voice to A / D and D.
It is supplied to the / A conversion unit 16. The A / D and D / A converter 16 converts the audio signal supplied from the sound collector 15 into an A / D signal.
It is D-converted and sent to the voice encoding / decoding unit 18 and the control unit 11. Further, the A / D and D / A conversion unit 16 D / A converts the audio data supplied from the audio encoding / decoding unit 18, and supplies the audio data to the audio output unit 17 as an audio signal.

The audio output unit 17 is composed of a speaker or the like, and outputs the audio signal supplied from the A / D and D / A conversion unit 16. The audio encoding / decoding unit 18 encodes the audio data supplied from the control unit 11 according to an encoding algorithm such as CELP, supplies the encoded audio data to the transmitting / receiving unit 12, and the encoded audio data sent from the transmitting / receiving unit 12. Is decoded by a decoding algorithm corresponding to the encoding algorithm and supplied to the A / D and D / A conversion unit 16.

The control unit 11 includes a CPU, ROM, RAM,
It has an EEPROM or the like and controls each unit of the mobile unit MS. In the ROM, various programs are stored in addition to various control information for controlling the mobile device MS. RAM
Functions as a work area of the CPU, and the CPU realizes the following functions by executing various programs stored in the ROM.

Function a. Hands-free function This function is a function of recognizing a user's input command based on the voice data supplied from the A / D and D / A conversion unit 16 and executing a process corresponding to the input command. Such a function is a function obtained by executing a handsfree program stored in the ROM. The control unit 11 accepts the audio data sent from the A / D and D / A conversion unit 16 only when the hands-free function is executed, and in other states, the A / D
The voice data sent from the D / A converter 16 is not accepted. In this case, all the audio data sent from the A / D and D / A conversion unit 16 is accepted by the audio encoding / decoding unit 18.

Function b. Browsing function This function performs data communication by HTTP with various communication devices connected to the Internet via the mobile packet communication network of the mobile communication network MSN,
Is a function for performing processing (that is, display processing, etc.) corresponding to the data returned via the mobile packet communication network. This function is based on WWW (Wo
rld Wide Web) browser (hereinafter referred to as “WWW browser”), which can be used together with the above-mentioned hands-free function. Specifically, when the WWW browser is executed and the image corresponding to the HTML data received via the mobile packet communication network is displayed on the liquid crystal display unit 14, the voice corresponding to the input command by the user (for example, (Voice such as “transmission”) is input to the sound collection unit 15, and voice data corresponding to the voice is A
When sent from the / D and D / A conversion unit 16, the control unit 11 recognizes the input command corresponding to the sent voice data, and executes processing such as sending a GET request according to the command. To do.

Function c. Voice call function This function is a function for realizing a voice call through the mobile communication network MSN, and performs various communication controls in calling and disconnecting or in a voice call.

In addition to the functions described above, the CPU is
It executes various applications stored in the EEPROM. For example, if the user of the mobile device MS uses the IP server W
When the authentication program and the voice print data are transmitted from the IP server W when receiving the various services provided by, the transmitted authentication program and the voice print data are stored in this EEPROM. The CPU is this E
Run the authentication program stored in EPROM,
User authentication is performed based on the voice print data stored in the EEPROM. Further, the authentication program and the like stored in this EEPROM can be deleted according to a user's instruction.

(C) Configuration of IP Server W FIG. 4 is a diagram showing the configuration of the IP server W. As shown in the figure, the IP server W according to the present embodiment includes a system control unit 21 and a packet interface unit 22.
(Hereinafter, “interface” is abbreviated as “I / F”), the table storage unit 23, and the voice print data generation unit 24.
And the voiceprint data DB 25 and the call I / F unit 26 described above.
And an IVR (Interactive Voice Response) 17.

The packet I / F unit 22 mediates the transfer of data between the Internet INET and the system control unit 21. Specifically, the packet I / F unit 22 sends the data sent from the Internet INET to the system control unit 21, and sends the data sent from the system control unit 21 to the Internet INET.

The system controller 21 is, for example, a CPU
(Central Processing Unit), ROM (Read Only Mem)
ory), a RAM (Random Access Memory), and a hard disk (not shown). The ROM stores the telephone number of the IP server W and various control applications for controlling each unit of the IP server W. Further, the hard disk stores a program for returning a resource in response to an HTTP GET request received from the Internet INET, various resources of the device itself, and the above-described two authentication programs. ing. The CPU executes the programs stored in the ROM and the hard disk to execute the IP
The RAM is used as a work area of the CPU by controlling each unit of the server W. The authentication program stored in the hard disk as described above is
Mobile station MS when providing services to other users
Is transmitted to the CP of the system control unit 21.
It's not what U does. The voiceprint data DB 25 described above may be stored in the hard disk of the system control unit 21, or a DB server may be provided separately. However, in FIG. 1 and FIG. 4, the voiceprint data DB 25 is illustrated as being provided separately from the hard disk of the system control unit 21.

The table management unit 23 stores a user management table TBL1. FIG. 5 is a diagram showing the contents of the user management table TBL1. As shown in the figure, the user management table TBL according to the present embodiment.
1 stores a password, a service ID, and personal information including the name, address, telephone number, etc. of the user in association with the user ID of each user.

Here, the password stored in the user management table TBL1 is a password issued by the IP when the user of the IP and the mobile station MS makes a service provision contract. What is the service ID?
The IP server W is an ID for uniquely identifying each service provided to the user of the mobile device MS.
There are a number of service IDs corresponding to the types of services provided by the server W to the user of the mobile device MS.
Therefore, when there are a plurality of services provided by the IP server W, there are a plurality of service IDs, and if there is only one service provided by the IP server W, there is only one service ID. In addition, this user management table TBL1
In the above, the service ID stored in association with each user ID is only the service ID corresponding to the service for which each user has a service provision contract with the IP. For example, in the case shown in FIG. 5, the user ID “U # 0
It means that the user corresponding to “02” has a service providing contract corresponding to the service IDs “service 1” and “service 2” among the services provided by the IP.

Under the control of the system control unit 21, the voice print data generation unit 24 generates voice print data based on the voice data sent from the system control unit 21, and stores the generated voice print data in the voice print data DB 25. Store.

The call I / F unit 26 is a public digital network IS.
It has a function as an interface with N and is connected to a line with which the IP of the public digital network ISN is contracted. That is, when an incoming call is made to the telephone number of the line contracted for IP via the public digital network ISN, the call I / F unit 26 accepts the incoming call,
After that, the data transmitted via the public digital network ISN is supplied to the IVR 27, and the data transmitted from the IVR 27 is transmitted to the public digital network ISN.

The IVR 27 is a device that, when an incoming call is made to the call I / F section 26, automatically responds to the incoming call. Specifically, when an incoming call is made to the call I / F unit 16, the IVR 27 returns voice data corresponding to the voice guidance to the call I / F unit 26 under the control of the system control unit 21. In this way, the voice data returned by the IVR 27 is transmitted by the call I / F unit 26 via the public digital network ISN.
Sent to the originator. Then, as a result of this reply, some voice data is transmitted from the caller and the call I / F unit 2
When the IVR 27 receives the voice data, the IVR 27 sends the voice data to the system control unit 21 and also sends the next voice data (that is, voice data corresponding to the next voice guidance) to the call I / F unit 26.

In this embodiment, the IVR 27 is
Specifically, it plays the following roles. That is, as described above, in order for the user of the mobile device MS to receive the service of the IP server W, membership registration is performed and voiceprint data is transferred to the IP.
It is necessary to register with the server W. In such cases,
The user of the mobile station MS uses the mobile station MS to
Make a call to the telephone number with which you subscribe. As a result, IV
When the user of the mobile device MS reads aloud a keyword or the like according to the voice guidance returned from the R27 and the voice data corresponding to the voice generated when the voice is read is transmitted, the IVR27 controls the voice data by the system. Send to section 21. In this way, when the voice data is sent from the IVR 27, the system control unit 21 sends the voice data to the voiceprint data generation unit 24, and the voiceprint data generation unit 24 is sent from the system control unit 21. The voice print data is generated based on the voice data and stored in the voice print data DB 25. The operation at this time will be described later in detail.

[1.2] Operation of the Embodiment Hereinafter, regarding the operation of the present embodiment, (a) an operation when registering voiceprint data, and (b) an operation when receiving a service from the IP server W. The description will be made in order.

(A) Operation when registering voice print data When the user of the mobile device MS receives the service of the IP server W, first, the user uses the mobile device MS to make a homepage of the IP server W. It is necessary to access to, apply for membership registration, and register voiceprint data to the IP server W. Therefore, the user operates the instruction input unit 13 of the mobile unit MS to input that browsing is to be performed.

Then, in the mobile unit MS, the control unit 1
In accordance with the input to the instruction input unit 13, 1 reads the WWW browser and performs packet registration with the above-described packet subscriber processing device of the mobile communication network MSN (mobile packet communication network). The packet registration is a registration procedure for the mobile station MS to exchange packets with the mobile communication network MSN. When the packet registration is performed in this way, the mobile station MS determines the mobile communication network MSN described above.
It becomes possible to perform packet communication via the.

After that, the user of the mobile station MS makes the mobile station M
When an input operation for designating the URL of the home page of the IP server W is performed on the instruction input unit 13 of S, the communication system 1 executes the process shown in the data sequence of FIG.

First, the mobile station MS uses the U specified by the user.
The GET request D1 including the RL is transmitted to the mobile communication network MSN. In this way, the GE transmitted from the mobile station MS
The T request D1 is transferred to the Internet INET by the gateway server of the mobile communication network MSN described above,
It is received by the packet I / F unit 22 of the IP server W. As a result, the system control unit 21 of the IP server W
The HTML data D2 corresponding to the home page is sent back to the Internet INET.

On the other hand, in this manner, the HTML data D2 corresponding to the home page returned from the IP server W
When is received by the transmitting / receiving unit 12 of the mobile device MS, an image corresponding to the home page of the IP server W is displayed on the liquid crystal display unit 14 as shown in FIG. 7. In this state, the user of the mobile device MS makes the instruction input unit 13
On the other hand, for example, when an input operation for selecting the button "registration application" is performed, the control unit 11 causes "an application for registration" by the anchor tag in the HTML data D2.
GET request D including the URL associated with the button
3 is transmitted to the mobile communication network MSN via the transmission / reception unit 12. Regarding the anchor tag of HTML data,
Since this is a technique that has been conventionally used, its details are omitted.

In this way, the GET request D3 transmitted from the mobile station MS is transmitted to the packet I / F unit 2 of the IP server W.
2, the system control unit 21 of the IP server W returns the HTML data D4. This HTML
The data D4 is HTML data corresponding to a page for applying for membership registration.

On the other hand, when the HTML data D4 corresponding to the application page transmitted from the IP server W is received, the liquid crystal display unit 14 of the mobile unit MS displays a page for application for membership registration as shown in FIG. Is displayed. As shown in the figure, at this time, the IP that the user can receive using the mobile device MS is displayed on the liquid crystal display unit 14 of the mobile device MS.
In addition to a list of services of the server W and check boxes for selecting each service, an input box for inputting personal information such as a user's name, address, and telephone number, a box for inputting a keyword, and "confirm" Button is displayed.

In this state, the user of the mobile station MS checks the check box corresponding to the service provided from the IP server W, inputs the personal information and the keyword, and selects the "confirm" button. When the operation is performed, the mobile station MS transmits a GET request D5 including the selected service and a character string corresponding to the keyword or personal information input by the user, as well as information designating the service selected by the user. To do.

On the other hand, when this GET request D5 is received,
The system control unit 21 of the IP server W pays out the user ID and the password to the user, stores the user ID and the password in the user management table TBL1 of the own device, and stores the personal information included in the GET request D5 to the user. It is stored in the user management table TBL1 in association with the ID.

At this time, the system control unit 21 stores the service ID corresponding to the service included in the GET request D5 and the personal information included in the GET request D5 in the user management table TBL1. . For example, when the service IDs "service 1" and "service 2" correspond to "□□ service" and "△△ service", respectively, the user corresponds to "□□ service" and "△△ service". When the check box is checked, the system control unit 21 stores the service IDs "service 1" and "service 2" in the user management table TBL1.

In this way, the user management table TB
When the storage of various information in L1 is completed, the system control unit 21 gives the user ID paid out to the user.
And the character string corresponding to the keyword added to the GET request D5 are associated with each other and stored in the voiceprint data DB 25. In addition, at this time, the system control unit 21 pays out a registration number for uniquely identifying the user when performing registration with the user to obtain the user ID of the user.
It is stored in the RAM in association with. The system control unit 21 then uses the telephone number for registering the voiceprint data for user authentication, that is, the call I / F unit 26 of the IP server W.
HT in which a character string corresponding to the telephone number of the public digital network ISN line to which is connected is specified by an anchor tag
ML data D6 is returned. At this time, for the HTML data D6, the system control unit 21 of the IP server W
The user ID and registration number issued to the user are described, and the user is notified of these pieces of information.

On the other hand, H returned by the IP server W
When the TML data D6 is received, as shown in FIG. 9, the liquid crystal display unit 14 of the mobile unit MS displays a character string such as "Please call the following telephone numbers to register voiceprint data." In addition to displaying the telephone number of the IVR27 of the IP server W, a document for obtaining a voiceprint model necessary to generate a voiceprint model for the Japanese syllabary of free word voiceprint data, a user ID, and a registration number are displayed. It In this state, when the user performs an input operation to select the telephone number on the instruction input unit 13, the control unit 11 of the mobile device MS causes the HTML data D6 corresponding to the page.
Is stored in the RAM and the state is maintained until the call ends.

Next, the control unit 11 calls the telephone number designated by the anchor tag associated with the character string (that is, the telephone number of the IVR27 of the IP server W), and again the liquid crystal. The image shown in FIG. 9 is displayed on the display unit 14. As a result, in the communication system 1, the process shown in FIG. 10 is executed, and the user of the mobile device MS makes various inputs according to the voice guidance corresponding to the voice data transmitted from the IP server W during the process. Will be done.

First, when the IVR 27 of the IP server W receives an incoming call to the call I / F section 26, the IVR 27 responds to the voice such as "Please enter your registration number." The returned voice data Dv1 is returned. When the user of the mobile unit MS inputs the registration number displayed on the liquid crystal display unit 14 into the instruction input unit 13 according to the voice guidance, the PB (push button) corresponding to the input registration number is input from the instruction input unit 13. ) The signal indicates that the control unit 11
The control section 11 transmits the PB signal sent by the instruction input section 13 to the mobile communication network MSN via the transmission / reception section 12 as the data Dv2.

Next, when the data Dv2 is received by the call I / F unit 26 of the IP server W via the mobile communication network MSN, the IVR 27 supplies the data Dv2 to the system control unit 21 and at the same time, transmits the data Dv2. Mobile communication network Dv3
Send to SN. On the other hand, when the system control unit 21 receives the data Dv2 from the IVR 27, the system control unit 21 receives the data Dv2.
According to the above, the registration number is specified, and the user ID stored in the RAM is read in association with the registration number.

On the other hand, the mobile station MS that has received the data Dv3
In, a voice is output from the voice output unit 17 such as "Your keyword voiceprint data will be registered. Since you will be registering 5 times now, please try the first time." When the user of the mobile device MS reads aloud the keyword specified by himself / herself according to this guidance, a sound corresponding to the keyword is collected in the sound collecting unit 15 of the mobile device MS, and the sound corresponding to the sound is collected from the sound collecting unit 15. Signal is A / D
Also, it is supplied to the D / A conversion unit 16, A / D converted and supplied to the audio encoding / decoding unit 18 as audio data. In this way, the voice data supplied to the voice encoding / decoding unit 18 is encoded and transmitted as data Dv4 via the transmitting / receiving unit 12 to the mobile telephone network of the mobile communication network MSN.

Next, when the data Dv4 is received by the call I / F unit 26 of the IP server W, the IVR 27 sends the data Dv4 to the system control unit 21 and sends the data Dv5 to the public digital network ISN. Send out. In this way, when the data Dv4 is sent to the system control unit 21, the system control unit 21 sends the data Dv4 to the voiceprint data generation unit 24. Voiceprint data generation unit 24
Is the data D sent from this system control unit 21.
Keyword voiceprint data is generated based on v4, and the generated voiceprint data is stored in the voiceprint data DB 25 at a position corresponding to the user ID of the user.

On the other hand, the data D transmitted from the IP server
In the mobile station MS that has received v5, based on the transmitted voice data, from the voice output unit 17, for example,
The voice such as "Please have a second time" is output. According to this voice, when the user of the mobile unit MS reads aloud the keyword,
In the mobile device MS, the data Dv6 corresponding to the voice collected by the sound collector 15 is transmitted to the mobile communication network MSN by the transmitter / receiver 12. Then, in the IP server W, when the data Dv6 is received, the same processing as described above is performed, and the voiceprint data generation unit 24 generates voiceprint data.

The above series of processing is continued until the generation of the keyword voiceprint data of 5 times is completed, and when the keyword voiceprint data of 5 times is acquired, the voiceprint data generation unit 24.
Calculates error data of the voiceprint data based on the stored keyword voiceprint data of five times, and stores the error data in the voiceprint data DB 25 in association with the user ID of the user.

Next, the IVR 27 of the IP server W transmits the data Dv7 to the mobile communication network MSN. When this data Dv7 is received, the mobile unit MS outputs, from the voice output unit 17, for example, "Next, register free word voiceprint data. Read aloud the free word document and hang up." The voice corresponding to the guidance is output.

Then, when the user of the mobile unit MS follows the guidance and reads aloud the free word document displayed on the liquid crystal display unit 14, the data Dv8 corresponding to the voice collected by the sound collecting unit 15 is obtained. It is transmitted via the transmission / reception unit 12. In this way, the data Dv8 transmitted from the mobile station MS is received by the IVR 27 of the IP server W and supplied to the system control unit 21. Then, the system control unit 21 sends the data Dv8 supplied from the IVR 27 to the voiceprint data generation unit 24, and the voiceprint data generation unit 24 generates freeword voiceprint data based on this data Dv8, and the voiceprint data. DB25
To store.

When this series of processing is completed and the user performs an input operation to hang up the telephone, the mobile stations MS and I
The call connection between the P server W is disconnected, and the voice print data DB2
Registration of voiceprint data for 5 is completed.

Regarding the operation at this time, the mobile unit M
It goes without saying that the handsfree function of S may be used to make an input to the mobile device MS. However,
Even in this case, the operation of the communication system 1 does not change, and the description thereof will be omitted.

(B) Operation when receiving service from IP server W The operation when receiving service from the IP server W of the communication system 1 according to this embodiment will be described below with reference to the drawings. . In the following explanation,
In order to make the explanation more concrete, the voice print data DB 2
5 and the contents of the user management table TBL1 are the same as those shown in FIGS. 2 and 5, and the user ID issued by the IP server W to the user of the mobile station MS is “U”.
# 001 ", service ID corresponding to" △△ service "
Will be described as "service 1". Further, as described above, when the authentication program has been downloaded to the mobile device MS, the control unit 11 of the mobile device MS receives the service and the program ID corresponding to the authentication program stored in the device itself. Will be transmitted to the IP server W, but in the following description, it is assumed that no authentication program has been downloaded to the mobile station MS.

First, the IP server W without any manual input
The user who wants to receive the service of
An input operation for executing the hands-free function is performed on the S instruction input unit 13. Then, the control unit 1 of the mobile unit MS
In 1, the hands-free program is read from the ROM and executed. In this state, the control unit 1
1 can recognize the user's input command according to the voice collected by the sound collection unit 15, and can execute the process corresponding to the input command.

In this state, the WWW issued by the user
When the sound for activating the browser is collected by the sound collecting unit 15, the control unit 11 recognizes the input command based on the sound data corresponding to the sound collected by the sound collecting unit 15, The WWW browser is read from the ROM, executed, and the packet is registered in the mobile communication network MSN.

After that, when the user utters a voice designating the URL corresponding to the home page of the IP server W, the voice corresponding to the uttered voice is collected by the sound collecting unit 15, and the control unit 11 moves. Packet registration is performed for the communication network MSN. As a result, in the communication system 1, the processing shown in FIG. 11 is executed.

In this process, first, the control unit 11 of the mobile unit MS sends the U specified by the user via the transmission / reception unit 12.
The GET request Da1 including the RL is transmitted. In this way, the GET request Da1 transmitted from the mobile station MS is transmitted to the IP
When received by the packet I / F unit 22 of the server W,
The system control unit 22 is an HTML compatible with homepage.
Data Da2 is returned.

When this HTML data Da2 is received,
The control unit 11 of the mobile device MS, according to the data Da2,
The image shown in FIG. 7 described above is displayed on the liquid crystal display unit 14. In this state, for example, the user issued "△△
A voice prompting you to select the "Service" menu
5, the control unit 11 of the mobile unit MS displays the HTM.
In the L data Da2, the URL associated with the “ΔΔ service” is extracted by the anchor tag, and the U
The GET request Da3 including the RL is transmitted to the mobile communication network MSN.

On the other hand, the system controller 21 of the IP server W
When the packet I / F unit 22 receives the GET request Da3 transmitted from the mobile station MS, the GET request Da3
The service ID corresponding to the service (that is, the “ΔΔ service”) indicated by the URL added to the request Da3 is stored in the RAM, and the HTML data Da is also stored.
Reply 4 to Internet INET.

Next, when the HTML data Da4 is received by the transmission / reception unit 12 of the mobile station MS, the control unit 11
Causes the liquid crystal display unit 14 to display an image corresponding to the HTML data Da4. At this time, the liquid crystal display unit 14
A box for allowing the user of the mobile station MS to enter a user ID and password, for example, "User I
An image prompting you to enter these information is displayed, such as "Enter D and password." In this state,
When the user of the mobile device MS inputs a user ID “U # 001” and a password, for example, “ΔΔΔΔ” into the instruction input unit 13 and performs an input operation to make a decision,
The control unit 11 of the mobile device MS transmits the GET request Da5 to which the user ID "U # 001" and the password "ΔΔΔΔ" input by the user are added to the mobile communication network MSN.

At this time, the EEP of the control unit 11 has already been
When the keyword authentication program and the keyword voiceprint data are stored in the ROM, the control unit 11 controls the GET.
A program ID corresponding to the keyword authentication program is added to the request Da5. However, in this case, the download of the keyword authentication program for the mobile station MS has not been completed, so the control unit 11 controls the G
The ET request Da5 is transmitted without adding the program ID. At this time, the user ID and password may be input based on the words spoken by the user. However, it is desirable to input directly to the instruction input unit 13 for security reasons.

On the other hand, when the GET request Da5 is received, the system control unit 21 of the IP server W receives the GET.
Based on the user ID “U # 001” and the password “ΔΔΔΔ” added to the request, it is determined whether the user of the mobile device MS is a member of the service (step Sa
1). Specifically, the system control unit 21 extracts the user ID added to the GET request Da5, and the user ID / password pair corresponding to the user ID / password pair is stored in the user management table TBL1. It is determined whether or not When it is determined to be “No” in step Sa1, the system control unit 21 ends the process without providing the service to the user of the mobile device MS.

On the other hand, in the present case, as shown in FIG. 5, the user ID "U # 0" is stored in the user management table TBL1.
01 ”and the password“ ΔΔΔΔ ”exist as the same set of user ID and password. As a result, in step Sa1, the system control unit 21 returns “Yes”.
The system control unit 21 determines whether the service ID stored in the user management table TBL1 in association with the user ID corresponds to the “ΔΔ service” (that is, the service ID is “ Service 1 "
Or not) is determined (step Sa2). As a result of this determination, when the service ID does not correspond to the “ΔΔ service” (step Sa2 “No”), the control unit 11 performs the process without providing the service to the user of the mobile device MS. finish.

On the other hand, when the result of the judgment in step Sa2 is "Yes", the system control section 21 judges that the G
It is determined whether or not a program ID corresponding to the keyword authentication program is added to the ET request Da5 (step Sa3). Then, as a result of this determination, when it is determined that the keyword authentication program has been downloaded (step Sa3 “Yes”), the system control unit 21 of the IP server W does not transmit the keyword authentication program and the like to the mobile device MS. The authentication request Da60 is transmitted, and the control unit 11 of the mobile station MS transmits the authentication request Da60.
According to the above, user authentication described later is performed.

However, in this case, the GET request Da5
Has no program ID added (step S
a3 “No”). Therefore, the system control unit 21 reads out the keyword voiceprint data corresponding to the user ID and returns it as data Da6 to the Internet INET. At this time, the system control unit 21 determines that the data Da
6, the free word voice print data and the URL for downloading the free word authentication program are added and transmitted.

In this way, when the data Da6 returned from the IP server W is received, the control unit 1 of the mobile station MS
1 extracts the keyword voiceprint data and the keyword authentication program included in the data Da6,
Write to M. At this time, the control unit 11 extracts the URL added to the data Da6 and writes it in the RAM. Then, the control unit 11 reads out the authentication program stored in the EEPROM and authenticates the user by the keyword (step Sa4).

At this step Sa4, the control unit 11
Executes the following processing. Step i: The control unit 11 causes the liquid crystal display unit 14 to
For example, a message such as "Please read the keyword aloud." Is displayed. Step ii: The user of the mobile device MS reads the keyword aloud according to the display in the step i, and the voice data corresponding to the read voice is A / D and D / A converter 16.
Then, the control unit 11 performs user authentication based on the voice data and the voice data transmitted from the A / D and D / A conversion unit 16 according to the authentication program. Step iii: As a result of the authentication in ii), the control unit 11 determines whether or not this user authentication has succeeded. Then, when this user authentication fails, the control unit 21 of the mobile device MS ends the process without allowing the user to enjoy the service. On the other hand, when the user authentication is successful, the control unit 11 transmits the GET request Da7 including the URL stored in the RAM to the mobile communication network MSN. At this time, when the free word authentication program is stored in the EEPROM, the control unit 11 causes the G
A program ID corresponding to the free word authentication program is added to the ET request Da7 and transmitted.

In this way, when the GET request Da7 transmitted from the mobile station MS is received, the system control unit 21 of the IP server W determines whether or not the program ID is added to the GET request Da7 ( Step Sa
5). When the result of the determination in step Sa5 is “Yes”, the system control unit 21
The HTML data Da80 corresponding to the “ΔΔ service” providing page is returned to the Internet INET.

On the other hand, in this case, no program ID is added to the GET request Da7 (step Sa5 "N
o ”). Therefore, the system control unit 21 reads the free word voice print data associated with the user ID corresponding to the user of the mobile device MS in the voice print data DB 25, and the voice print data and the free word authentication program are referred to as “Δ”. "H" corresponding to the "Service" provision page
Along with the TML data, the data Da8 is returned to the Internet INET.

In this way, when the data Da8 returned from the IP server W is received, the control unit 11 of the mobile station MS executes the free word voiceprint data added to this data Da8 and the free word authentication program. EE
The image corresponding to the “ΔΔ service” provision page added to the data Da8 is displayed while being stored in the PROM. In this state, the user of the mobile station MS
It becomes possible to receive "△△ service" by using the hands-free function.

After that, in a state where the user is provided with the “ΔΔ service”, when a certain time elapses,
The control unit 11 of the mobile station MS performs the user authentication by the free word by reading and executing the free word authentication program stored in the EEPROM (step Sa6).

More specifically, the control unit 11 monitors the voice data sent from the A / D and D / A conversion unit 16, and some voice that the user utters to use the hands-free function. Voice data corresponding to A / D and D / A
When sent from the conversion unit 16, a voiceprint model for each sound is generated based on the voice data. And the mobile device M
The control unit 11 of S compares the generated voiceprint model for each sound with the voiceprint model of the Japanese syllabary that forms the free word voiceprint data, and performs user authentication.

In the present embodiment, the explanation is given assuming that the user is performing the WWW browsing by using the hands-free function. Therefore, when performing user authentication by this free word, the special user It is not necessary to prompt someone to speak out. However, when performing WWW browsing without using the hands-free function, it is necessary to prompt the user to speak.

Therefore, in such a case, the control unit 11 of the mobile unit MS according to the present embodiment utters, for example, "Free word authentication is performed on the liquid crystal display unit 14, so a voice is output to the sound collection unit. Please, etc. "is displayed. As a result, the voice uttered by the user is collected by the sound collection unit 15, and user authentication is performed by a free word based on the collected voice.

Further, while the user is receiving the service of the IP server W, the service being received may be changed. In such a case, in the communication system 1 according to the present embodiment, the same processing as the processing from the transmission of the data Da4 to the transmission of the data Da8 described above is repeated. Specifically, when the GET request Da3 corresponding to another service is transmitted from the mobile device MS, the IP server W
The system control unit 22 returns the HTML data Da4 corresponding to the page for inputting the user ID and password in response to the GET request. And mobile device MS
When the user inputs an ID and password to the instruction input unit 13 and performs an input operation to the effect that a decision is made,
The control unit 11 of the mobile device MS transmits the GET request Da5 to be transmitted.
Not only user ID and password for EEPR
Program ID of the authentication program stored in OM
Is added and transmitted.

As a result, in the system controller 21 of the IP server W, the determination in step Sa3 is "Yes."
Then, the system control unit 21 returns an authentication request Da60 to which the URL corresponding to the service providing page is added to the mobile station MS. In this way, when the authentication request Da60 is received, the control unit 11 of the mobile device MS reads the keyword authentication program stored in the EEPROM and performs the user authentication by the keyword (step Sa4).

Then, when the user authentication is successful, the control unit 11 extracts the URL added to the user authentication request and returns E to the GET request Da7 including the URL.
Mobile communication network MS with a program ID corresponding to the free word authentication program stored in EPROM
Send to N. As a result, in the system control unit 21 of the IP server W, the determination in step Sa5 is “Y”.
es ”.

Then, after that, if the user continues to receive the provision of the service, the mobile station MS authenticates the user by the free word at regular time intervals (step Sa6). When the service is requested to be provided, the same processing as described above is executed.

In this way, in this embodiment,
When the IP server provides various services to the user of the mobile device MS, the voiceprint data and the authentication program are transmitted from the IP server to the mobile device. Therefore, it is possible to increase the accuracy of user authentication without increasing the storage capacity of the memory provided in the mobile device.

Further, in this embodiment, both the voiceprint data and the authentication program transmitted from the IP server via the mobile communication network have a data amount of about 5 kbytes. Therefore, it is possible to prevent an increase in traffic generated in the mobile communication network as compared with the case of transmitting voice data having a large amount of data.

Further, the mobile station MS according to this embodiment is
It has a hands-free function and can be configured to perform various operations in a hands-free manner. For this reason,
The user of the mobile device can perform various input operations without performing complicated input operations on the instruction input unit. In addition, in user authentication by free word performed while enjoying the service, the user input instruction It becomes possible to authenticate the user by using the voice.

Further, in the present embodiment, user authentication is performed by a free word at fixed time intervals based on the voice data corresponding to the voice collected by the sound collecting unit of the mobile device, and this user authentication fails. In that case, the mobile device cannot receive the service. Therefore, even if the mobile device MS is stolen by a third party while the service of the IP server is being provided, it is possible to effectively prevent the third party from enjoying the service. It will be possible.

In the present embodiment, the case where the mobile station MS such as a mobile phone is targeted as a target for receiving the service of the IP server W has been described as an example.
The target of receiving the service of the P server W may be a PDA, a notebook computer, or the like.

In the present embodiment, the IP server W
Is connected to the public digital network ISN, and is configured to make a voice call with the mobile station MS via the public digital network ISN. However, the IP server W may be configured to be directly connected to the mobile communication network MSN and to perform a voice call with the mobile device MS via the mobile communication network MSN.

In this embodiment, the user can arbitrarily set the keyword voice print data, but it is of course possible to use a predetermined keyword.

In this embodiment, both the user authentication by the keyword and the user authentication by the free word are used together. However, the configuration may be such that only one of the user authentications is used. In this case, the voiceprint data DB 25 of the IP server W may store only one of the keyword voiceprint data and the free word voiceprint data, and the authentication program may store only one of the authentication programs. Good. Then, the mobile device MS authenticates the user based on either one of the authentication programs downloaded from the IP server W, and repeats the user authentication based on the authentication program or the like even while the service is being provided.

In the present embodiment, when registering the voiceprint data of the user in the IP server W, the user uses the mobile station MS to access the registration application page of the IP server W, and access this page. It is configured to apply for registration above. However, it goes without saying that the registration may be performed by another method. For example, a telephone or the like is used to call the IP having the IP server W in advance to inform the operator of various information, listen to the telephone number of the IVR 27, and call the telephone number to obtain voiceprint data. You may register. The application form may be transmitted by fax or the like, and the IP side may return the document in which the telephone number of IVR27 is described by fax. In addition, at the time of this registration, in this embodiment, the mobile station MS is configured to cancel the packet registration once and then make a call via the public digital network ISN. However, the mobile station MS and the mobile communication network MS
Needless to say, when N is a multilink-capable one, the IP server W may be called without canceling the packet registration. In short, mobile device M
The voiceprint data of the user S is the voiceprint data D of the IP server W.
Any method can be used as long as it can be stored in B25.

[1.3] Modified Example <Modified Example 1-1> In this embodiment, when the voiceprint data and the authentication program have already been downloaded, the mobile station MS sends the program ID of the authentication program to the IP server W. The IP server W is configured to determine whether or not the download of the authentication program or the like to the mobile device MS is completed based on the transmitted program ID. However, the method of the IP server determining whether or not the authentication program for the mobile station MS has already been downloaded may naturally be another method. For example, the user ID corresponding to the user of the mobile station MS who has already downloaded the authentication program or the like on the IP server side.
Has a table for storing the IP server W
May determine based on this table whether or not the authentication program or the like for the mobile device MS has been downloaded. In this case, the user ID stored in the table may be deleted when the user logs off from the IP server W or when a predetermined time has elapsed. With such a configuration, the mobile device M
When the user of S receives the service of the IP server W again, the authentication program and the voice print data are transmitted again from the IP server W. Therefore, the user
The user can be surely authenticated even if these data are deleted from the EEPROM by inputting to the instruction input unit 13 an input to delete the authentication program or the like stored in the PROM. .

[2] Second Embodiment FIG. 12 is a diagram showing the configuration of the communication system 100 according to the present embodiment. In addition, in the figure, the same symbols are attached to the same facilities as those in FIG. 1 described above.
Here, the communication system 100 according to the present embodiment is for receiving various services provided by the IP server W by using the car navigation device NB installed in the vehicle.

The car navigation device NB is installed in the vehicle, acquires the position information of the vehicle in which the car navigation device NB is installed by a gyroscope, and displays it. In addition, the car navigation device NB is connected to the mobile device MS2 to display the IP server W. Receive various services provided by.

FIG. 13 is a diagram showing the configuration of the car navigation device NB according to this embodiment. As shown in the figure, the car navigation device NB according to the present embodiment
Has a control unit 31, a mobile device connection I / F unit 32, a position information calculation unit 33, a user I / F unit 34, and a data bus 35 interconnecting these units.

The mobile unit connection I / F unit 32 uses, for example, RS
It is an I / F such as 232C or USB, and connects the car navigation device NB to the mobile device MS2, and mediates exchange of data with the connected mobile device MS2.
By connecting the mobile device MS2 via the mobile device connection I / F unit 32, the car navigation device NB can perform packet communication via the mobile communication network MSN.

The position information calculation unit 33 has a GPS signal receiving device, a gyro, and the like, and generates position information corresponding to the current position of the vehicle in which the own device is installed. Then, the generated position information is supplied to the control unit 31. The user I / F unit 34 includes an operation panel that receives user input operations, a display panel that displays various types of information, and the like.

The control section 31 includes a CPU, ROM, RAM,
It has an EEPROM or the like and controls each part of the car navigation device NB. The ROM has a CD-
In addition to the program for reading the map information from the CD-ROM housed in the ROM drive and giving directions to the driver of the vehicle, the mobile unit MS2 connected via the mobile unit connection I / F unit 32 is also displayed. It is used as a communication interface, acquires desired data from various communication devices (eg, IP server W) connected to the Internet via the mobile communication network MSN, and displays an image corresponding to the acquired data. The WWW browser for is stored. The CPU executes various processes by executing the programs stored in the ROM.

The mobile station MS2 is a portable communication terminal that performs packet communication via the mobile communication packet network MPN as in the first embodiment. FIG. 14 is a diagram showing the configuration of the mobile device MS2 according to the present embodiment. In FIG. 14, the same parts as those in FIG. 3 described above are denoted by the same reference numerals.

As shown in the figure, the mobile station MS2 according to the present embodiment is the mobile station M according to the first embodiment described above.
In addition to each unit of S, an external device connection I / F unit 19 is provided. The external device connection I / F unit 19 connects the mobile device MS2 to an external device such as the car navigation device NB, and mediates exchange of data with the connected external device.

Here, in the present embodiment, the mobile station MS
2 is an IP by connecting the mobile device MS2 alone or by connecting the mobile device MS2 to the car navigation device NB.
Various services are provided from the server W. In order to realize such a function, a program for realizing the following two modes is stored as a control program stored in the ROM of the control unit 11. i) Single mode This mode is a mode in which communication is carried out independently via the mobile communication network MSN. Mobile unit MS2 is normally set to this mode.

Ii) Dependent mode This mode is a mode set when an external device is connected via the external device connection I / F unit 19, and the mobile device M is used as a communication interface of the connected external device.
This is a mode for S2 to function. In this mode, the mobile station MS2 cannot independently perform communication via the mobile communication network MSN, and can perform communication via the mobile communication network MSN only under the control of the connected external device. It becomes possible to Further, in this mode, the mobile device MS2 can also function as a user I / F of the external device (for example, the car navigation device NB) connected thereto by using the above-mentioned hands-free function. Specifically, when the handsfree function of the mobile device MS2 is executed in this mode, the control unit 11 of the mobile device MS2 issues an input command of the user based on the voice collected by the sound collection unit 15. It recognizes and supplies an operation signal corresponding to the input command to the external device connected via the external device connection I / F unit 19.

Further, in this embodiment, a voice synthesizing function is further added to the above-mentioned hands-free function of the mobile unit MS2. Specifically, when the mobile device MS2 receives HTML data while executing the handsfree function, it synthesizes a voice based on the text data included in the HTML data and outputs the synthesized voice from the voice output unit 17. That is, the mobile device MS2 has a function of reading the text included in the HTML data when the HTML data is received.

For example, in the state where the HTM is connected to the car navigation device NB,
Upon receiving the L data, the control unit 11 receives the received H data.
The process for reading the text in the TML data is executed, and the HT is sent to the car navigation device NB.
Send ML data. The voice output unit 1 of the mobile device MS2
If the output of the speaker constituting 7 is small and the user speaks mobile unit MS2 from the vicinity of his / her ear, if the synthesized voice cannot be heard, the voice output unit 17 outputs the external sound. A jack for connecting a speaker may be provided and the synthesized voice may be output via an external speaker connected via this jack.

Next, the communication system 1 having such a configuration
The operation of 00 will be described. The operation of registering the voiceprint data of the user of the mobile device MS2 in the IP server W is exactly the same as that of the first embodiment described above, and thus the description thereof is omitted, and the mobile device MS2 and the car navigation device NB are omitted. Only the operation of connecting and receiving the service provided by the IP server W will be described. Further, in the following description, in order to make the description more specific, the contents of the voiceprint data DB 25 and the user management table TBL1 are the same as those shown in FIGS. 2 and 5. In addition, the user ID issued by the IP server W to the user of the mobile device MS2 is “U # 00”.
It is assumed that the service IDs corresponding to “1” and “ΔΔ service” are “service 1”, and that no authentication program has been downloaded to the mobile device MS2.

First, when the user of the mobile device MS2 gets into the vehicle with his / her own mobile device MS2 and connects the mobile device MS2 to the car navigation device NB, the mobile device MS2
Switches from the stand-alone mode to the subordinate mode and acts as a communication interface of the car navigation device NB.

At this time, the driver also performs an input operation on the instruction input unit 13 of the mobile unit MS2 to execute the handsfree program, so that the handsfree function of the mobile unit MS2 can be used. At this point, the mobile device MS
2 is based on the sound collected by the sound collecting unit 15,
In addition to recognizing a user's input command and sending an operation signal corresponding to the input command to the car navigation device NB via the external device connection I / F unit 19, the mobile communication network MSN
The voice synthesis is performed based on the HTML data received via, and the text existing in the HTML data can be read aloud.

In this state, the driver who has started driving the vehicle wants to receive the "ΔΔ service" of the IP server W, and the user activates the WWW browser toward the sound collection unit 15 of the mobile unit MS2. When a voice to that effect is uttered, the sound is collected by the sound collector 15, and a sound signal corresponding to the sound is sent to the A / D and D / A converter 16. Then, the control unit 11 of the mobile device MS2 recognizes the input command of the user based on the voice data sent from the A / D and D / A conversion unit 16 and outputs an operation signal corresponding to the input command to the outside. It is sent to the car navigation device NB via the device connection I / F unit 19.

On the other hand, when this operation signal is sent, the control unit 31 of the car navigation device NB reads and executes the WWW browser according to the operation signal, and performs packet registration with the mobile communication network MSN. . afterwards,
URL corresponding to the home page of the IP server W by the user
When a voice indicating that the voice is designated is uttered, a voice corresponding to the uttered voice is collected by the sound collection unit 15, and the control unit 11 performs packet registration with the mobile communication network MSN. As a result, the processing shown in FIG. 15 is executed in the communication system 100.

First, the control unit 31 of the car navigation device NB determines the UR specified by the user via the mobile unit MS2.
The GET request Db1 including L is transmitted. In this way, when the GET request Db1 transmitted from the mobile device MS2 is received, the system control unit 22 of the IP server W returns the HTML data Db2 corresponding to the home page.

This HTML data Db2 is the mobile device MS2.
When received by the transmitting / receiving unit 11 of the mobile device MS2, the control unit 11 of the mobile device MS2 synthesizes the voice signal corresponding to the text existing in the HTML data Db2 and outputs the voice output unit 17.
And the HTML data Db2 is sent to the car navigation device NB. In this way, the mobile device M
When the HTML data Db2 is sent from S2, the control unit 31 of the car navigation device NB causes the data D
In accordance with b2, the image shown in FIG.
It is displayed on the liquid crystal display section of the section 34.

In this state, for example, when a voice uttered by the user to select the menu "ΔΔ service" is collected by the sound collector 15, the controller 11 of the mobile unit MS2.
Sends an operation signal corresponding to the voice to the car navigation device NB. As a result, the control unit 31 of the car navigation device NB extracts the URL associated with the “ΔΔ service” in the HTML data Db2, and transmits the GET request Db3 including the URL via the mobile device MS2 for mobile communication. Send to network MSN.

On the other hand, the system control unit 21 of the IP server W
Is the GET request Db3 transmitted from the mobile device MS2.
Is received, the service ID corresponding to the service (that is, “ΔΔ service”) indicated by the URL added to the GET request Db3 is stored in the RAM, and the HTML data Db4 is sent to the Internet INE.
Reply to T.

Next, when this HTML data Db4 is received by the transmission / reception unit 12 of the mobile station MS2, the control unit 1
Reference numeral 1 synthesizes a voice signal corresponding to the text existing in the HTML data Db4 and sends the synthesized voice signal to the voice output unit 17, and also sends the HTML data Db4 to the car navigation device NB. At this time, the EEP of the control unit 11 has already been
When the keyword authentication program and the keyword voiceprint data are stored in the ROM, the control unit 11 adds the program ID corresponding to the keyword authentication program to the HTML data Db4 sent to the car navigation device NB. However, in this case, since the download of the keyword authentication program for the mobile device MS2 has not been completed, the control unit 11 controls the HTML data Db.
No program ID is added to 4.

On the other hand, when the HTML data Db4 is sent, the user I / F of the car navigation system NB is sent.
On the liquid crystal display unit of the unit 34, a character string such as "Enter user ID and password" is displayed together with a box for allowing the user of the mobile device MS2 to input the user ID and password. .

In this state, the user inputs the user ID "U # 001" and, for example, the password "ΔΔΔΔ" to the user I / F unit 34 of the car navigation system NB to make a decision. When you do the input operation to do so,
The control unit 11 of the mobile device MS2 inputs the user ID “U # 001” and the password “ΔΔΔΔ” input by the user.
The GET request Db5 added with is sent to the mobile device MS2,
The GET request Db5 is transmitted to the mobile communication network MSN by the mobile device MS2.

On the other hand, when receiving the GET request Db5, the system control unit 21 of the IP server W receives the GET.
The user ID “U # 001” and the password “ΔΔΔΔ” added to the request are extracted, and the user ID / password pair corresponding to the user ID / password pair is stored in the user management table TBL1. By determining whether or not the user of the mobile device MS2 is a member of the service, it is determined (step Sb1).

Then, as a result of this determination, if the same set as the set of the user ID and the password added to the GET request Db5 does not exist, the system control unit 21 terminates the process (step Sb1 "No"). If it exists (step Sb1 “Yes”), the system control unit 21 determines that the service ID stored in the user management table TBL1 in association with the user ID corresponds to the “ΔΔ service”. It is determined whether or not there is (step Sb2). If the result of this determination is “No”, the control unit 11 ends the processing, and if “Yes”, then the GET
It is determined whether the program ID corresponding to the keyword authentication program is added to the request Db5 (step Sb3). Then, as a result of this determination, when it is determined that the keyword authentication program has been downloaded (step Sb3 “Yes”), the system control unit 21 of the IP server W does not transmit the keyword authentication program and the like to the mobile device MS2. Send the authentication request Db60,
The control unit 11 of the mobile device MS2 performs user authentication described later according to the authentication request Db60.

However, in the present case, the GET request Db5.
Has no program ID added (step S
b3 "No"). Therefore, the system control unit 21 reads out the keyword voiceprint data corresponding to the user ID and returns it as the data Db6. At this time, the system control unit 21 adds the URL for downloading the free word voiceprint data and the free word authentication program to the data Db6 and returns it.

In this way, when the data Db6 returned from the IP server W is received, the control unit 11 of the mobile station MS2 stores the keyword voiceprint data and the keyword authentication program included in the data Db6 in the EEPROM. , URL in RAM. Then, the control unit 11 reads out the authentication program stored in the EEPROM and performs user authentication by the keyword (step Sb4). Note that the processing in the control unit 11 at this time is the same as that in the above-described first embodiment, so description thereof will be omitted.

When the user authentication in step Sb4 fails, the controller 11 of the mobile station MS2
When the process ends without allowing the user to enjoy the service and the user authentication is successful, the control unit 11
Sends a user authentication success notification Db7 to the car navigation device NB. At this time, the control unit 11 adds the URL stored in the RAM to the user authentication success notification.

In this way, when the user authentication success notification Db7 is sent from the mobile device MS2, the control unit 31 of the car navigation device NB receives the notification via the mobile device MS2.
The GET request Db8 including the URL added to the notification Db7 is transmitted to the mobile communication network MSN. At this time, E
When the free word authentication program is stored in the EPROM, the control unit 11 adds the program ID corresponding to the free word authentication program to the GET request Db8 and transmits it.

Next, the system controller 21 of the IP server W
Determines whether a program ID is added to the GET request Db8 (step Sb5). And
If the result of determination in step Sb5 is "Yes", the system control unit 21 indicates "[Delta] [Delta] service".
The HTML data Db90 corresponding to the provision page of is sent back to the Internet INET.

On the other hand, in this case, no program ID is added to the GET request Db8 (step Sb5 "N
o ”). Therefore, the system control unit 21 reads out the free word voice print data associated with the user ID corresponding to the user of the mobile device MS2 in the voice print data DB 25. Then, the system control unit 21 sends the voiceprint data and the free word authentication program together with the HTML data corresponding to the provided page of the “ΔΔ service” to the Internet INET as the data Db9.

In this way, when the data Db9 returned from the IP server W is received, the control unit 11 of the mobile station MS2 receives the HTM added to the data Db9.
A synthesizes voice data according to the text on the L data
This data D is sent to the / D and D / A converter 16 and
b9 is sent to the car navigation device NB. The control unit 31 of the car navigation device NB extracts the free word voiceprint data and the free word authentication program from the data Db9 sent from the mobile device MS2, and EEPRO.
The image corresponding to the provision page of “ΔΔ service” added to the data Db9 while being stored in M is displayed.

In this state, the user can use the hands-free function to receive the "ΔΔ service". After that, in a state where the user is provided with the “ΔΔ service”, the control unit 11 of the mobile station MS2 reads out and executes the free word authentication program stored in the EEPROM when a certain period of time elapses. Thus, the user authentication by the free word is performed (step Sb6). As for the voice authentication by the free word, the same process as the process performed by the control unit 11 of the mobile device MS2 according to the first embodiment described above is the same as the control unit 3 of the car navigation device NB.
Since it is only performed in step 1, details are omitted.

Further, while the user is receiving the service of the IP server W, the service being received may be changed. In such a case, in the communication system 100 according to the present embodiment, the same processing as the processing from the transmission of the data Db4 to the transmission of the data Db9 described above is repeated. Specifically, when the GET request Db3 corresponding to another service is transmitted from the mobile device MS2, the system control unit 22 of the IP server W responds to the GET request Db3 transmitted from the mobile device MS2 by the user. The HTML data Db4 corresponding to the page for inputting the ID and password is returned. When the HTML data Db4 is received, the control unit 11 of the mobile device MS2 receives the program ID of the keyword authentication program stored in the EEPROM.
Is read and added to the HTML data Db4,
Send to the car navigation device NB.

As a result, the user I / F unit 34 of the car navigation system NB displays a screen for inputting the user ID and password. Then, the control unit 31 of the car navigation device NB transmits not only the user ID and password input by the user in response to the GET request Db5 but also the program ID transmitted from the mobile device MS2.

As a result, in the system controller 21 of the IP server W, the determination in step Sb3 is "Yes."
s ”, and the system control unit 21 determines that the mobile device MS2
, The URL corresponding to the service provision page
The authentication request Db60 added with is returned. In this way, when the authentication request Db60 is received, the control unit 11 of the mobile device MS2 reads the keyword authentication program stored in the EEPROM and performs user authentication by the keyword (step Sb4).

When the user authentication is successful, the control section 11 sends a user authentication success notification Db7 to the car navigation device NB. Then, the control unit 31 of the car navigation device NB responds to the GET request Db8 transmitted to the mobile communication network MSN via the mobile device MS2.
Mobile communication network M by adding a program ID corresponding to the free word authentication program stored in the EEPROM
Send to SN. As a result, in the system controller 21 of the IP server W, the determination in step Sb5 becomes "Yes".

After that, if the user continues to receive the provision of the service, the mobile station MS2 authenticates the user by the free word at regular time intervals (step Sb6), and the user performs another authentication. When the service is requested to be provided, the same processing as described above is executed.

As described above, according to this embodiment, it is possible to connect the car navigation device and the mobile device and receive the service of the IP server. In addition, in the present embodiment, a voice synthesis function is added to the hands-free function of the mobile device, and when the service is provided, the hands-free function of the mobile device is used to perform an input operation while the IP server is used. The text included in the data sent from is read aloud. For this reason, even when the user of the mobile device is driving, it is possible to receive the provision of the IP server without moving the viewpoint, and it is possible to prevent the risk of occurring due to the movement of the viewpoint. It will be possible.

In this embodiment, the mobile unit MS
The car navigation device NB connected to the server 2 is used to receive the service of the IP server W. However, the car navigation device NB may be configured to receive the service of the IP server W by itself. In this case, the car navigation device NB needs to have a function of communicating with the mobile communication network MSN.

[0148]

As described above, according to the present invention, in the user authentication required when the IP provides the service to the user of the terminal, the accuracy of the user authentication is increased and the user authentication is involved. It can be used even when a terminal having a small storage capacity such as a portable terminal is used while preventing an increase in traffic.

[Brief description of drawings]

FIG. 1 is a block diagram showing a configuration of a communication system 1 according to a first embodiment.

FIG. 2 is a diagram showing stored contents of a voiceprint data DB 25 according to the same embodiment.

FIG. 3 is a diagram showing a configuration of a mobile device MS according to the same embodiment.

FIG. 4 is a diagram showing a configuration of an IP server W according to the same embodiment.

FIG. 5 is a user management table TB according to the embodiment.
It is a figure which shows the content of L1.

FIG. 6 is a diagram showing data transfer performed in the communication system 1 according to the same embodiment.

FIG. 7 is a diagram showing an example of an image displayed on the liquid crystal display unit 14 of the mobile device MS according to the same embodiment.

FIG. 8 is a diagram showing an example of an image displayed on the liquid crystal display unit 14 of the mobile device MS according to the same embodiment.

FIG. 9 is a diagram showing an example of an image displayed on the liquid crystal display unit 14 of the mobile device MS according to the same embodiment.

FIG. 10 is a diagram showing data exchange performed in the communication system 1 according to the same embodiment.

FIG. 11 is a diagram showing processing performed in the communication system 1 according to the same embodiment.

FIG. 12 is a communication system 100 according to the second embodiment.
It is a figure showing the composition of.

FIG. 13 is a diagram showing a configuration of a car navigation device NB according to the same embodiment.

FIG. 14 is a diagram showing a configuration of a mobile device MS2 according to the same embodiment.

FIG. 15 is a diagram showing data transfer performed in the communication system 100 according to the same embodiment.

[Explanation of symbols]

1, 100 ... Communication system, MS, MS2 ...
Mobile unit, 11 ... control unit, 12 ... transmission / reception unit,
13 ... Instruction input section, 14 ... Liquid crystal display section,
15 ... Sound collection unit, 16 ... A / D and D / A conversion unit, 17 ... Voice output unit, 18 ... Voice encoding / decoding unit, 19 ... External device connection I / Part F, W
..IP server, 21 ... System control unit, 22
... packet I / F section, 23 ... table storage section, 24 ... voiceprint data generation section, 25 ... voiceprint data DB, 26 ... communication I / F section, 27 ... I
VR, MSN ... Mobile communication network, ISN ... Public digital network, INET ... Internet, NB
... Car navigation device, 31 ... Control unit,
32 ... Mobile device connection I / F unit, 33 ... Position information calculation unit, 34 ... User I / F unit.

   ─────────────────────────────────────────────────── ─── Continued front page    F term (reference) 5B085 AA08 AE27 BG07 CE08                 5J104 AA07 BA04 KA01 KA18 PA01                       PA07                 5K067 AA32 BB02 BB21 DD17 EE02                       EE10 EE16 FF02 HH22 HH24                       HH32

Claims (13)

[Claims] 1. A mobile terminal accommodated in a network, a server that provides a service to the mobile terminal via the network, wherein the server itself provides voiceprint data of a user of the mobile terminal and the server. A user authentication method in a communication system, comprising: a server having an authentication program for performing user authentication based on voiceprint data, wherein the mobile terminal transmits a service providing request to the server. A request step, a transmission step in which the server transmits the voiceprint data and the authentication program to the mobile terminal, the mobile terminal receives the voiceprint data and the authentication program transmitted from the server in the transmission step, A downloading process stored in a storage unit of the own terminal; Stored in degree, on the basis of the voiceprint data and the authentication program,
A user authentication of whether or not the user of the own terminal is a user having a legitimate authority, and an authentication process for permitting the user to enjoy the service only when the user authentication is successful. User authentication method to use. 2. A voice data transmitting process in which the mobile terminal transmits voice data corresponding to a voice generated by a user of the mobile terminal to the server, the process being performed prior to the service providing request process, The server stores a voice print data generation process in which the server generates voice print data of the user based on the voice data transmitted in the voice data transmission process, and voice print data generated in the voice print data generation process. 2. The user authentication method according to claim 1, further comprising a voiceprint data storing step. 3. The mobile terminal recognizes an input command designated by the user in response to a voice uttered by the user, and executes various processes based on the input command. User authentication method described. 4. The process performed prior to the service providing request process, wherein the mobile terminal determines whether or not the authentication program and the voice print data are stored in the storage unit of the mobile terminal. The mobile terminal further comprises a determination step, and when the mobile terminal determines in the determination step that the voiceprint data and the authentication program are stored in the storage unit of the mobile terminal, the mobile terminal determines the voiceprint. The data and the downloaded information indicating that the authentication program has been downloaded are added to the service providing request and transmitted, and in the transmitting process, the server provides the service providing request transmitted from the mobile terminal. If the downloaded information is added to the voiceprint data and the authentication program, While transmitting the authentication request without transmitting to the terminal, when the downloaded information is not added to the service provision request, the voiceprint data and the authentication program are transmitted to the mobile terminal, In the downloading process, the mobile terminal stores the voiceprint data and the authentication program in a storage unit of the own terminal only when the data transmitted from the server is the voiceprint data and the authentication program. The user authentication method according to claim 1. 5. The user authentication method according to claim 1, wherein the authentication process is repeated while the user receives the service of the server. 6. The free word voiceprint data composed of a voiceprint model corresponding to each sound uttered by the user to the server, which is a step after the authentication step, and the freeword. A freeword transmission request process requesting transmission of a freeword authentication program for user authentication based on voiceprint data; a freeword transmission process in which the server transmits freeword voiceprint data and a freeword authentication program; The mobile terminal receives the free word voice print data and the free word authentication program transmitted from the server in the free word voice print data transmission process,
The method further includes a free word downloading step of storing the free word and a free word authenticating step of repeatedly performing user authentication based on the free word voice print data and the free word authenticating program stored in the free word downloading step by the mobile terminal. Then, in the transmitting process, the server transmits keyword voiceprint data generated based on a voice generated when a user utters a predetermined keyword, and a keyword authentication program for performing user authentication based on the keyword voiceprint data. The user authentication method according to claim 1, further comprising: 7. The user authentication method according to claim 1, wherein the mobile terminal is installed in a vehicle. 8. The user authentication method according to claim 1, wherein the network is a mobile communication network. 9. A communication system comprising: a mobile terminal accommodated in a network; and a server that provides a service to the mobile terminal via the network, wherein the server provides the service. A voiceprint data of the user of the mobile terminal and an authentication program for performing user authentication based on the voiceprint data are held, and when providing the service to the mobile terminal, the voiceprint data for the mobile terminal is stored. The mobile terminal has means for transmitting the authentication program to the mobile terminal, and the mobile terminal is a user of the own terminal, based on the voiceprint data and the authentication program transmitted by the server, is a user having a proper authority? It is characterized by having means for authenticating whether or not the user is allowed to enjoy the service only when the authentication is successful. Communication system that. 10. A server that provides a service to another communication terminal via a network, wherein the server performs user authentication based on the voiceprint data of the user of the mobile terminal that provides the service and the voiceprint data. Storage means for storing an authentication program for performing the transmission, and transmission means for transmitting the voiceprint data and the authentication program to the mobile terminal when the service is provided to the mobile terminal. A server comprising: 11. A voiceprint data generation unit for generating voiceprint data of the user based on voice data corresponding to a voice generated by the user of the mobile terminal, which is transmitted from the mobile terminal, and stores the voiceprint data in the storage unit. The server according to claim 10, further comprising: 12. When providing a service to a user of the mobile terminal, the mobile terminal further comprises determination means for determining whether or not the transmission of the voiceprint data and the authentication program to the mobile terminal has been completed, The transmission means transmits the voiceprint data and the authentication program to the mobile terminal only when the determination means determines that the transmission of the voiceprint data and the authentication program to the mobile terminal has not been completed. The server according to claim 10, wherein the server. 13. The voiceprint data stored in the storage means includes keyword voiceprint data generated based on a voice generated when a user utters a predetermined keyword, and voiceprints corresponding to respective sounds uttered by the user. 11. The server according to claim 10, wherein there is free word voiceprint data composed of a model.