JP2012123552A - Authentication method, management device, and authentication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication method capable of increasing security in a device of which a use place is changed such as a mobile computer.SOLUTION: The authentication method includes: a position information transmission step in which a main device 1 transmits own identification information and position information to a management device 3; an area authentication step in which the management device 3 determines whether the main device 1 exists in an area shown by area information associated with the identification information of the main device 1 and stored, and transmits authentication information of a log-in device 7 to the main device 1 when it is determined to exist and does not transmit the information when it is determined not to exist; an authentication information transmission step in which the log-in device 7 transmits own authentication information to the main device 1 by short-range wireless communication; and a log-in device authentication step in which the main device 1 performs authentication by checking the authentication information received from the management device 3 against the authentication information received from the log-in device 7.

Description

  The present invention relates to an authentication method and an authentication system for improving the security of a device whose use place is moved, such as a mobile computer and a car navigation device.

  As a keyless entry system using short-range wireless communication, there is a locking / unlocking control system described in Patent Document 1 below. In this locking / unlocking control system, a mobile phone is provided with a Bluetooth unit for performing wireless data communication with a Bluetooth (registered trademark) unit provided in the locking / unlocking control device for controlling an electric lock device such as a door. ID information unique to the mobile phone is transmitted as authentication information to the locking / unlocking control device, and the locking / unlocking control device checks the authentication information registered in advance, and controls the locking / unlocking of the electric lock device based on the verification result. To do.

JP 2001-193324 A

  By the way, portable personal computers such as notebook personal computers (hereinafter, “personal computers” are abbreviated as “personal computers”), tablet personal computers, etc. are carried in hospitals and offices, and the Internet is used as necessary. There are cases where patient information and product information are obtained by accessing a hospital computer system or a company computer system via the computer. However, since the invention described in Patent Document 1 authenticates only with ID information unique to a mobile phone, even if this is applied to a mobile phone and a mobile computer, the mobile computer may be stolen or lost. May be obtained by a third party and the ID information may be analyzed, and there is a risk that the information on the visitor or product may be leaked by unauthorized access to the hospital computer system or the company computer system. There was a problem with security. Similarly, even in a car navigation device that is easily stolen, there is a problem in security with authentication using only ID information.

  The present invention solves the above-described problems, and an authentication method capable of improving security in a device where a place of use is moved, such as a mobile computer or a car navigation device, and a management that is directly used to implement the authentication method An object is to provide an apparatus and an authentication system.

  An authentication method of the present invention includes an identification information storage unit that stores its own identification information, a main body device capable of acquiring its own position information by GPS and capable of short-range wireless communication, and authentication information storing its own authentication information A storage device, a short-distance wireless communicable and portable login device; and area information associated with the identification information of the main body device; and storage area information associated with the identification information of the main body device. An authentication method using an area authentication information storage unit that stores authentication information, and a management device that can communicate with the main unit via a communication network, wherein the main unit is stored in the identification information storage unit. A stored position information transmission step for transmitting the stored identification information and position information acquired by GPS to the management apparatus; and an identification received by the management apparatus from the main unit. Based on the information and the position information, it is determined whether or not the main body device exists in the area indicated by the area information stored in the area authentication information storage unit in association with the identification information. If it is determined, the authentication information stored in the area authentication information storage unit in association with the identification information is transmitted to the main body device. If it is determined that the authentication information does not exist, the authentication information is not transmitted to the main body device. An area authentication step, an authentication information transmission step in which the login device transmits its own authentication information stored in the authentication information storage unit to the main body device by short-range wireless communication, and the main body device performs the management. Authentication is performed by comparing authentication information received from the device with authentication information received from the login device. If authentication is successful, a predetermined authentication success process is performed. Wherein the log device authentication step is not performed authentication success processing must succeed, characterized in that it comprises a.

  In the authentication method of the present invention, the main device detects that the short-range wireless communication with the login device has been disconnected, and automatically terminates the process started by the authentication success process. It may be included.

  In the authentication method of the present invention, the main body device is a car navigation device provided in a vehicle, the area information is information indicating a range from a final position, and the main body device performs predetermined end processing. At the time of execution, position information is acquired by GPS and transmitted as final position information to the management apparatus together with its own identification information stored in the identification information storage unit, and the management apparatus associates with the identification information of the main body apparatus A final position information acquisition step of storing the final position information in the area authentication information storage unit, wherein the management device is based on the identification information and the position information received from the main body device in the area authentication step. The position indicated by the position information is indicated by the final position information stored in the area authentication information storage unit in association with the identification information. If it is within the range indicated by the area information stored in the area authentication information storage unit in association with the identification information from the final position, it is determined that the main body device exists within the area, and within the range If it does not exist, it can be determined that it does not exist in the area.

  The management device of the present invention used directly in the implementation of the authentication method of the present invention can acquire its own location information by GPS, and authenticates by the authentication information of the login device received from the login device by short-range wireless communication. A management device capable of communicating with a main body device through a communication line network, storing area information in association with identification information of the main body device and logging in in association with identification information of the main body device Based on the area authentication information storage unit that stores the authentication information of the device and the identification information and position information of the main device received from the main device, the information is stored in the area authentication information storage unit in association with the identification information. It is determined whether or not the main body device is present in the area indicated by the area information. If it is determined that the main device exists, the area is associated with the identification information. The authentication information stored in the witness information storage unit, and transmitted to the main device, if it is determined nonexistent and, characterized in that it comprises an area authentication unit does not send authentication information to the main device.

  Another authentication method of the present invention includes an identification information storage unit that stores identification information of itself, a main body device that can acquire its position information by GPS and capable of short-range wireless communication, and stores its authentication information. An authentication information storage unit that is capable of short-range wireless communication and is portable, stores area information in association with identification information of the main unit, and associates with identification information of the main unit An authentication method using an area authentication information storage unit storing authentication information of a login device, and a management device capable of communicating with the login device via a communication network, wherein the main body device includes the identification information The identification information stored in the storage unit is transmitted to the login device by short-range wireless communication, and the login device receives the received identification information of the main device. The management apparatus transmits authentication information stored in the area authentication information storage unit in association with the received identification information of the main body apparatus to the login apparatus, and the login apparatus receives the received authentication information. An authentication information acquisition step of transmitting information to the main unit by short-range wireless communication and storing the authentication information received by the main unit; and the self-authentication information stored in the authentication information storage unit by the login device Authentication information transmission step that transmits the authentication information to the main body device by short-range wireless communication, the authentication information stored by the main body device in the authentication information acquisition step, and the authentication information received in the authentication information transmission step A login device authentication step for performing authentication, and the main body device is successfully authenticated in the login device authentication step Transmits the identification information stored in the identification information storage unit and the position information acquired by GPS to the login device by short-range wireless communication, and the login device receives the main device. Identification information and position information are transmitted to the management device, and if the main body device does not succeed in the login device authentication step, the identification information and the position information are transmitted to the login device. Based on the identification information and position information of the main body device received from the login device, the management device stores the position information transmission step in the area authentication information storage unit in association with the identification information, based on the identification information and the position information received from the login device. Determining whether or not the main body device is present in the area indicated by the area information, and transmitting the determination result to the login device. Transmits the determination result to the main body device by short-range wireless communication, and the main body device performs a predetermined authentication success process when the received determination result is a determination result that exists in the area, And an area authentication step in which the authentication success process is not performed if the determination result is not present.

  In the authentication method according to another aspect of the invention, the main body device detects that the short-range wireless communication with the login device has been disconnected, and automatically terminates the processing started by the successful authentication processing. Steps may be included.

  In the authentication method according to another aspect of the present invention, the main body device is a car navigation device provided in a vehicle, the area information is information indicating a range from a final position, and the main body device is When the end processing is executed, the GPS acquires position information by GPS, and transmits it as final position information to the login device by short-range wireless communication together with its own identification information stored in the identification information storage unit. The received identification information and final position information of the main device are transmitted to the management device, and the management device stores the final position information in the area authentication information storage unit in association with the identification information of the main device. An identification information of the main body device received from the login device by the management device in the area authentication step. Based on the position information, the position indicated by the position information corresponds to the identification information from the final position indicated by the final position information stored in the area authentication information storage unit in association with the identification information. In addition, if it is within the range indicated by the area information stored in the area authentication information storage unit, it is determined that the main device exists within the area, and if it does not exist within the range, it does not exist within the area. It can be determined.

  An authentication system according to the present invention includes a main body device capable of acquiring own position information by GPS and capable of short-range wireless communication, a portable login device capable of short-range wireless communication, and the main body device and a communication network. A management apparatus capable of communicating via the authentication apparatus, wherein the management apparatus stores area information in association with identification information of the main body apparatus and associates with identification information of the main body apparatus. Areas stored in the area authentication information storage unit in association with the identification information based on the area authentication information storage unit storing the authentication information of the login device and the identification information and position information received from the main body device It is determined whether or not the main device is present in the area indicated by the information. If it is determined that the main device is present, the area authentication information storage unit is associated with the identification information. Area authentication means for transmitting the stored authentication information to the main body apparatus and not determining that the authentication information is not transmitted to the main body apparatus when it is determined that the authentication information does not exist, and the login apparatus stores its own authentication information. An authentication information storage unit, and authentication information transmission means for transmitting the authentication information stored in the authentication information storage unit to the main body device by short-range wireless communication. An identification information storage unit that stores identification information; a self-identification information stored in the identification information storage unit; and a positional information transmission unit that transmits positional information acquired by GPS to the management device; If the authentication information received from the area authentication means of the device and the authentication information received from the authentication information transmission means of the login device are verified, and authentication is successful, It performs authentication success processing, to the log device authentication means does not perform the authentication success processing if the authentication is successful, comprising: a.

  In the authentication system of the present invention, the main body device includes an automatic ending unit that detects that the short-range wireless communication with the login device has been disconnected, and ends the processing started by the authentication success processing. It is good as well.

  In the authentication system of the present invention, the main body device is a car navigation device provided in a vehicle, the area information is information indicating a range from a final position, and the main body device performs a predetermined end process. At the time of execution, it is provided with final position information transmitting means for acquiring position information by GPS and transmitting it as final position information to the management apparatus together with its own identification information stored in the identification information storage unit, Corresponding to the identification information of the main body device, the final position information storage means for storing the final position information received from the main body device in the area authentication information storage section, the area authentication means of the management device, Based on the identification information and the position information received from the device, the position indicated by the position information is associated with the identification information and the area authentication information description. If it exists within the range indicated by the area information stored in the area authentication information storage unit in association with the identification information from the final position indicated by the final position information stored in the unit, the main body It is determined that the device exists in the area, and if it does not exist in the range, it is determined that the device does not exist in the area.

  Another authentication system of the present invention includes a main body device capable of acquiring its own position information by GPS and capable of short-range wireless communication, a portable login device capable of short-range wireless communication, and communication with the login device. A management apparatus capable of communicating via a line network, wherein the management apparatus stores area information in association with identification information of the main body apparatus and corresponds to identification information of the main body apparatus In addition, the authentication information stored in the area authentication information storage unit in association with the identification information of the main body device received from the login device, the area authentication information storage unit that stores the authentication information of the login device, Based on the authentication information prior transmission means to be transmitted to the login device, and the identification information and position information of the main body device received from the login device, the identification information Area determination means for determining whether or not the main body device exists in the area indicated by the area information stored in the area authentication information storage unit in association with each other and transmitting the determination result to the login device An authentication information storage unit in which the login device stores its authentication information, identification information mediating means for transmitting the identification information of the main device received from the main device to the management device, and Authentication information mediating means for transmitting authentication information received from the management device to the main body device by short-range wireless communication; and self-authentication information stored in the authentication information storage unit for the main body device by short-range wireless communication Authentication information transmission means to be transmitted to the main body apparatus, and identification information and position information of the main body apparatus received from the main body apparatus are transmitted to the area determination means of the management apparatus. And a determination result mediating means for transmitting the determination result received from the management device to the main body device by short-range wireless communication, and the main body device stores an identification information storage unit storing its own identification information; The identification information transmitting means for transmitting the identification information stored in the identification information storage unit to the identification information mediating means of the login device by short-range wireless communication, and the authentication information mediating means of the login device. Authentication information storage means for storing received authentication information, login apparatus for performing authentication by comparing authentication information stored by the authentication information storage means with authentication information received by the authentication information transmission means of the login apparatus When authentication is successful in the authentication unit and the login device authentication unit, self-identification information stored in the identification information storage unit, and G Position information transmission means for transmitting the position information acquired by PS to the position information mediation means of the login device by short-range wireless communication, and the determination result received from the determination result mediation means of the login device is within the area And an area authentication unit that performs a predetermined authentication success process when it is determined to be present in the area and does not perform the authentication success process when it is not the determination result that exists in the area. .

  In the authentication system according to another aspect of the invention, the main device detects that the short-range wireless communication with the login device has been disconnected, and automatically terminates the processing started by the authentication success processing. Means may be provided.

  In another authentication system of the present invention, the main body device is a car navigation device provided in a vehicle, the area information is information indicating a range from a final position, and the main body device Final position information transmission means for acquiring position information by GPS at the time of execution of termination processing and transmitting the position information to the login device by short-range wireless communication together with its own identification information stored in the identification information storage unit as final position information The log-in device includes final position information mediating means for transmitting the received identification information and final position information of the main body device to the management device, and the management device is associated with the identification information of the main body device. A final location information storage unit for storing the final location information received from the login device in the area authentication storage unit; The determination means stores the position indicated by the position information in the area authentication information storage unit in association with the identification information based on the identification information and the position information of the main device received from the login device. If the main unit is within the area from the final position indicated by the final position information within the range indicated by the area information stored in the area authentication information storage unit in association with the identification information. It can be determined that it exists and if it does not exist within the range, it can be determined that it does not exist within the area.

  According to the authentication method or the authentication system of the present invention, there are two authentications: whether the main body device is in an appropriate area, and whether the authentication information is transmitted from the login device to the main body device by short-range wireless communication. Since double authentication is performed, security is improved.

  Further, according to the management device of the present invention, when it is determined that the main body device is present in an appropriate area based on the identification information and the position information received from the main body device, the management device is associated with the identification information of the main body device. The authentication information of the login device is transmitted to the main device, but is not transmitted when it is determined that it does not exist. Therefore, if the main body device is not in an appropriate area, authentication based on authentication information is not possible, that is, double authentication of authentication based on area and authentication based on authentication information is performed, so that security is improved.

It is a schematic block diagram of the authentication system which concerns on 1st Embodiment. It is a figure which shows the block diagram and connection relationship of the main body apparatus which concerns on 1st Embodiment, an application management system, and a login apparatus. It is a figure which shows the flow of the user registration process and application use registration process which concern on 1st Embodiment. It is a figure which shows the flow of the application setting registration process which concerns on 1st Embodiment. It is a figure which shows the data structure in the management apparatus which concerns on 1st Embodiment, a main body apparatus, and a login apparatus. It is a figure which shows the flow of the authentication process which concerns on 1st Embodiment. It is a figure which shows the block block diagram and connection relation of the main body apparatus which concerns on 2nd Embodiment, an application management system, and a login apparatus. It is a figure which shows schematic structure and the flow of a process of the authentication system which concerns on 2nd Embodiment. It is a figure which shows the block block diagram and connection relation of the main body apparatus which concerns on 3rd Embodiment, an application management system, and a login apparatus. It is a figure which shows the flow of a process in the authentication system which concerns on 3rd Embodiment.

  Hereinafter, first to third embodiments of the present invention will be described with reference to the drawings.

  [First Embodiment] As shown in FIGS. 1 and 2, an authentication system 10 according to a first embodiment includes a main body device 1 that is a tablet personal computer, one or more login devices 7 that are mobile phones, and a computer system. It is comprised from the management apparatus 3 which is. In the present embodiment, there are two login devices 7, and when distinguishing, the login devices 7 a and 7 b are separated from the reference numerals. The authentication method according to the first embodiment is an authentication method used when logging in to the medical information system S from the main device 1 via the Internet, and is a user who is qualified to log in to the medical information system S (here, a doctor) ) Exist (two in this case), and each user carries the login device 7 respectively. The medical information system S is a computer system connected to the Internet and includes a database of patient information.

  The main unit 1 has an antenna 11 and a wireless RF transmission / reception unit 12 that communicates with other devices via a communication network such as the Internet, and an antenna 13 that has a short distance according to the Bluetooth (registered trademark) standard. A short-range wireless communication module 14 that performs wireless communication; a GPS receiver 16 that has an antenna 15 and receives a GPS signal from a GPS (Global Positioning System) satellite; a speaker 17 that outputs sound; A display 18 composed of a liquid crystal display, an input unit 19 composed of a touch switch (touch panel) formed on the display 18, a memory 20 composed of a semiconductor memory, etc., and a control unit 21 composed of a CPU, etc. In addition to being able to connect to the Internet, it is possible to acquire its own position information by GPS and to perform near field communication. The control unit 21 is connected to the wireless RF transmission / reception unit 12, the short-range wireless communication module 14, the GPS reception unit 16, the speaker 17, the display 18, the input unit 19, and the memory 20, and controls them. By operating according to the above, in cooperation with the wireless RF transmission / reception unit 12, the short-range wireless communication module 14, the GPS reception unit 16, etc., it functions as a position information transmission unit, a login device authentication unit, and an automatic termination unit. The memory 20 is provided with an identification information storage unit 22 (see FIG. 5) for storing a body key, which will be described later, as its own identification information, and stores a device ID.

  Each login device 7 has an antenna 71 and a wireless RF transmission / reception unit 72 that communicates with other devices via a communication line network such as the Internet or a telephone line, and an antenna 73 that is Bluetooth (registered trademark). A short-range wireless communication module 74 that performs short-range wireless communication according to the standard, a microphone 75 for inputting a transmission sound, a speaker 77 for outputting sound, a display 78 including a liquid crystal display, and the like An input unit 79 composed of a key or the like, a memory 80 composed of a semiconductor memory, etc., and a control unit 81 composed of a CPU or the like are provided, and can be connected to the Internet and can perform near field communication. The control unit 81 is connected to the wireless RF transmission / reception unit 72, the short-range wireless communication module 74, the microphone 75, the speaker 77, the display 78, the input unit 79, and the memory 80 to control them, and operates according to a login application described later. Thus, in cooperation with the short-range wireless communication module 74, it functions as an authentication information transmitting unit. The memory 80 is provided with an authentication information storage unit 82 (see FIG. 5) that stores a login key, which will be described later, as its own authentication information.

  The management device 3 includes a user management system 4 and an application management system 5 each composed of a general-purpose personal computer connected to the Internet. The application management system 5 includes a communication unit 51 that is connected to the Internet and communicates with other devices, a display 52 that includes a liquid crystal display, an input unit 53 that includes a keyboard and a mouse, a semiconductor memory, A storage unit 54 composed of a hard disk device or the like and a control unit 55 composed of a CPU or the like are provided, and can communicate with the main unit 1 via the Internet. The control unit 55 is connected to the display 52, the input unit 53, and the storage unit 54 to control them, and functions as an area authentication unit by cooperating with the communication unit 51 and the storage unit 54. The storage unit 54 is provided with an area authentication information storage unit 56 (see FIG. 5) for storing area information described later and authentication information of the login device 7, and a main body application installed in the main body device 1 and each login. A login application installed in the device 7 is stored. The main body application is an application (application program) that serves as an entrance to the medical information system S.

  Although not shown, the user management system 4 also includes a communication unit that is connected to the Internet and communicates with other devices, a display that includes a liquid crystal display, a keyboard, a mouse, and the like, as with the application management system 5. An input unit configured, a storage unit including a semiconductor memory and a hard disk device, and a control unit including a CPU and the like are provided. The user management system 4 and the application management system 5 are connected to each other via a LAN.

  The registration personal computer 6 is a general-purpose personal computer used by a manager who manages users (hereinafter referred to as “use manager”) to perform user registration and application setting registration, which will be described later. Similar to the system 5, a communication unit connected to the Internet to communicate with other devices, a display composed of a liquid crystal display, an input unit composed of a keyboard, a mouse, etc., a semiconductor memory, a hard disk device, etc. And a control unit including a CPU and the like, and can communicate with the user management system 4 and the application management system 5 via the Internet.

  Next, user registration, application use registration, and application setting registration (area registration and user registration), which are pre-registration performed prior to using the authentication method of the present embodiment, are based on FIGS. I will explain.

  <User Registration> The user administrator accesses the user management system 4 from the registration personal computer 6 via the Internet to perform user registration for the first time. User information such as name and address is input and transmitted to the user management system 4 to apply for use (S101). In the present embodiment, the user is a medical corporation that manages a plurality of hospitals (Hospital A and Hospital B). Then, the user management system 4 issues a user ID and password (denoted as “Pass” in the figure), and stores (registers) it together with user information in the storage unit. Then, the user management system 4 transmits and displays a user registration completion notification including the issued user ID and password, and an application download guide for downloading the main body application and the login application on the registration personal computer 6 (S102). ).

  <Main App Use Registration> The use administrator accesses the app management system 5 from the main device 1 and inputs the user ID and password according to the app download guide for downloading the main app to perform initial login (S103). ). Then, the input user ID and password and the device ID stored in advance in the main device 1 are transmitted from the main device 1 to the app management system 5, and the app management system 5 receives the received user ID and password. Is registered in the user management system 4, and if it is registered, a body key composed of a plurality of alphanumeric characters, symbols, etc. is issued as identification information of the body device 1, and A main body name, which is the name of the main body key, is issued, and the main body key, the main body application, and the main body name are transmitted to the main body device 1 (S104). The main body device 1 installs the main body application and stores the main body key in the identification information storage unit 22. The main body device 1 displays the received main body name on the display 18 so as to be changeable, and the usage manager changes the main body name as necessary. The main body device 1 stores the main body name (when changed, the main body name after the change) in association with the main body key in the identification information storage unit 22, and when the main body name is changed, the main body device 1 is changed. Is transmitted to the application management system 5. The application management system 5 associates the received user ID, the issued main body key, the main body name (the main body name after the change when changed) and the received device ID with each other in the storage unit 54. Remember. Thereby, the user ID stored in the user management system 4 and the main body key stored in the application management system 5 are associated (linked).

  The reason why the main body key is issued separately without using the device ID of the main body device 1 as the main body key is that there is not always one main body key for the main body device 1. For example, since the accessible range in the medical information system S differs between a doctor and a nurse, a main body application for doctors and a main body application for nurses are prepared, and when they are downloaded respectively, A main body key for the main body application for the doctor and a main body key for the main body application for the nurse are provided. That is, the main body key is given for each main body application downloaded to the main body device 1. However, since the same main body key is not given to different main body devices 1 and the main body device 1 is specified by the main body key, the main body key can be said to be identification information of the main body device 1. In this embodiment, there is only one main body application downloaded to the main body device 1, and the main body key is “H001”. Note that the device ID may be used as the main body key as long as the number of main body applications downloaded to the main body device 1 is limited to one and the device ID is different for each main body device 1.

  In addition, since the main body key is composed of a plurality of alphanumeric characters and is difficult to remember, and it is desirable to set it as an internal code for security, in this embodiment, the main body name is given as the front-facing name of the main body key. The main body name is initially determined by the application management system 5 side. For example, the main body application for doctors is “doctor”, and the nurse is “nurse”. In addition, it can be changed on the screen of the main unit 1. In the present embodiment, the number of main body devices 1 is one. However, an embodiment including a plurality of main body devices 1 may be used. In such a case, the main body name is a doctor main body application of the first main body device 1. “001 for doctor” and “doctor's 002” for the doctor main body application of the second main body device 1 may have different main body names for each main body device 1, but the first main body device The same main body name “for doctor” can be assigned to the doctor main body app in both the first main body device 1 and the second main body device 1. That is, the same body name may be given to different body keys. However, different body names cannot be assigned to the same body key. Further, as described later, when the area where the main body application can be used is determined, the main body name and the area are associated with each other, and therefore, the usable area of the main body application having the same main body name is the same area. Therefore, when the usable area is different for each main device 1, a different main body name is used for each main device 1. In the present embodiment, the main body name is “for doctor”.

  <Login application usage registration> The usage manager notifies each user of the user ID and password, and an application download guide for downloading the login application. 5 and input a user ID and a password according to the application download guide to perform initial login (S105). Then, the input user ID and password and the device ID stored in advance in the login device 7 are transmitted from the login device 7 to the application management system 5, and the application management system 5 receives the received user ID and password. Is registered in the user management system 4, and if registered, a user information input screen is transmitted to the login device 7. Note that “send screen” means “send data (eg, HTML file) for displaying a screen”. When the user inputs the user name and the department to which the user belongs as the user information on the input screen displayed on the login device 7, the login device 7 transmits the input user information to the application management system 5 for application management. The system 5 issues a login key composed of a plurality of alphanumeric characters and symbols as identification information of the login device 7 and transmits the login key and the login application to the login device 7 (S106). In this embodiment, it is assumed that the user can be identified by the user name and the department to which the user belongs. The login device 7 installs a login application and stores the login key in the authentication information storage unit 82. The application management system 5 stores the received user ID, the issued login key, the received user information, and the device ID in the area authentication information storage unit 56 in association with each other. Accordingly, the user ID stored in the user management system 4 is associated with the login key stored in the application management system 5. In this embodiment, the login keys of the login applications installed in the login devices 7a and 7b are “L001” and “L002”, respectively, and the user information of the login devices 7a and 7b is “Taro XX, Surgery”, respectively. , “XX Hanako, Internal Medicine”.

  The reason why the login key is issued separately without using the device ID of the login device 7 as the login key is that there is not necessarily one login key for the login device 7. In the present embodiment, each user uses a separate login device 7 (that is, the user and the login device 7 have a one-to-one relationship), but a plurality of users may use the same login device 7. Yes, for example, a doctor and a nurse use the same login device 7, but login applications are prepared separately for the doctor and the nurse, and when the login application is downloaded, the main unit described above Similarly to the case of 1, the login key of the doctor login application and the login key of the nurse login application are given. That is, the login key is given for each login application downloaded to the login device 7. However, the same login key is not given to different login devices 7. In addition, if the login application downloaded to the login device 7 is limited to one and the device ID is different for each login device 7, the device ID may be used as a login key.

  For example, when a plurality of users use the same login application of the same login device 7 such as when the same login device 7 is shared by a plurality of doctors, the user information of each of the plurality of users is logged in. The application management system 5 stores the plurality of pieces of user information in association with one login key. Conversely, a single user can use a plurality of login devices 7, and in such a case, the same user information is stored for a plurality of login keys.

  <Application Setting Registration> As shown in FIG. 4, the user manager accesses the service management site of the user management system 4 from the registration personal computer 6 via the Internet, and inputs the assigned user ID and password. Log in (S201). Then, the user management system 4 determines whether or not the received user ID and password are registered, and if so, the setting management screen is displayed on the application management system 5 on the registration personal computer 6. The application management system 5 sends a setting management screen to the registration personal computer 6 (S202). The setting management screen is configured so that area registration and user registration can be selected.

  <Area registration> When the usage administrator selects area registration on the setting management screen, the registration PC 6 displays a usage range setting screen (S203). The usage range setting screen is configured so that a map is displayed, and the usage administrator can define an area range by drawing a circle on the map, and can also define an area name for the area in which the range has been defined. ing. The usage range setting screen displays the main body name registered in the application management system 5 in association with the user ID input in step S201 (in the case of a plurality of lists), and for the main body name, The area name of the area that can use the main body application represented by the main body name can be associated. In this embodiment, since only one main body name “for doctor” is displayed, the usage manager selects the main body name, and specifies the area name of the area where the main body application to which the main body name is assigned can be used. By selecting, the operation of associating the main body name with the area name is performed. When the usage manager performs a predetermined confirmation operation, the registration personal computer 6 informs the application management system 5 of the area range information (latitude and longitude of the center point of the circle and the radius of the circle) determined by the usage manager. The area name and the main body name associated with the area name are transmitted (S204), and the application management system 5 corresponds the received area name and the range information to the received main body name as area information. The information is stored in the area authentication information storage unit 56 in association with the attached main body key. In this embodiment, the area where the main body application with the main body name “for doctor” can be used is two area names “A hospital” and “B hospital”, and “A hospital” is a circle including the site of A hospital, “B hospital” is a circle including the site of B hospital. Note that the area is set wider in consideration of the GPS error.

  <User Registration> When the user administrator selects user registration on the setting management screen, the registration personal computer 6 displays a user setting screen (S205). In the user setting screen, the main body name registered in the application management system 5 in association with the user ID input in step S201 is displayed (in the case of a plurality, a list is displayed). It is configured to be able to input user information (user name and department to which the user can use the main body application). In this embodiment, since only one main body name “for doctor” is displayed, the usage manager selects the main body name, and the user information of the user who can use the main body application with the main body name is displayed. input. In this embodiment, “Taro, Surgery” and “XX Hanako, Internal Medicine” are input as user information. When the user manager performs a predetermined confirmation operation, the registration personal computer 6 transmits to the application management system 5 the main body name selected by the user manager and the user information input for the main body name. In step S206, the application management system 5 stores the user information in the area authentication information storage unit 56 in association with the main body key associated with the received main body name. Here, as described above, the application management system 5 stores the login key and user information in association with each other in the area authentication information storage unit 56. Accordingly, the area authentication information storage unit 56 stores the main body key and the login key in association with each other via the user information as shown by the broken line arrow in FIG. In the example of FIG. 5, the user information “Taro, Surgery”, “XX Hanako, Internal Medicine” is stored in association with the main body key “H001”, and the login key is stored via the user information. “L001” and “L002” are stored.

  By the above pre-registration, information and applications are stored in the user management system 4, the application management system 5, the main device 1, and the login device 7 as shown in FIG.

  An authentication method using the authentication system 10 configured as described above will be described with reference to FIG. A user who wants to access the medical information system S (here, doctor “Taro XXX”) carries his / her login device 7a and activates the main body application in the main body device 1 (S301). Then, the main body device 1 operates according to the activated main body application, calculates its own position based on the GPS signal, and acquires position information (here, latitude and longitude) indicating its own position. The position information, the main body key of the activated main body application (here, “H001”) and the device ID stored in the identification information storage unit 22 and the device ID are transmitted to the application management system 5 (S302 position information). Send step).

  The application management system 5 that has received the position information, the main body key, and the device ID from the main body device 1 records the transmission source, the received content, the reception date and time as log information, and performs area determination (S303). In the area determination, the application management system 5 determines that the position indicated by the received position information is a range indicated by the range information of the area information stored in the area authentication information storage unit 56 in association with the received main body key. If it is within the range, the main device 1 is present in the area, and if it is not within the range, it is determined that the main device 1 is not present in the area. Here, the range information associated with the main body key “H001” is the range information of the area “A hospital” and the range information of the area “B hospital”. It is determined whether or not it exists in “B hospital”.

  If the application management system 5 determines that the main device 1 does not exist in “A hospital” or “B hospital”, the application management system 5 is out of the usage range, and therefore does not transmit a login key to the main device 1. Then, information indicating that it is out of the use range is transmitted (S304), the transmission destination (including the main body key), the transmission content, the transmission date and time, etc. are recorded as log information. The main device 1 displays that the area is not available based on the received information and does not log in to the medical information system S (S305).

  On the other hand, when the application management system 5 determines that the main device 1 is present in the hospital A or B hospital, the application management system 5 is within the range of use, so as a login key and user information that can be used in the main device 1, The login key and user information stored in the area authentication information storage unit 56 in association with the received main body key are transmitted to the main body device 1 (S306 area authentication step). Here, the login key “L001” and the user information “XX Taro, Surgery” corresponding to the login key, and the user information “XX Hanako, Internal Medicine” corresponding to the login key “L002” and the login key. Is sent. The application management system 5 records the transmission destination, transmission content, transmission date and time, etc. as log information. The main device 1 receives the login key and the user information from the application management system 5 and stores them in the memory 20 (S307).

  The main body device 1 broadcasts a search signal by Bluetooth according to the main body application when the main body application is activated and the user is not logged in to the medical information system. Here, when the login device 7 which is a Bluetooth device exists in the short-range wireless communication range by Bluetooth (usually about 10 m) in a state where the login application is activated, the login device 7 detects the search signal from the main body device 1. And transmits information for establishing a connection by short-range wireless communication to the main unit 1 according to the login application. The main device 1 that has received this information from the login device 7 returns information for establishing a connection by short-range wireless communication to the login device 7, and the connection by short-range wireless communication is established by the exchange of such information. That is, the main device 1 and the login device 1 recognize each other at the application level and establish a connection (establish connection on the application).

  Here, since the user starts the main body application in the main body apparatus 1 with the login device 7a being carried, when the user starts the login application in the login apparatus 7a, the login device 7a As described above, the connection is established with the main body device 1, and the login key (here, “L001”) and the device ID stored in the authentication information storage unit 82 are stored in the main body device 1. Transmission is performed by short-range wireless communication (S402 authentication information transmission step). For example, in the login device 7b that is not within the short-range wireless communication range from the main device 1, even if the login app is activated (S403), the login app is not recognized by the main device, and the login key is not transmitted to the main device 1. .

  When receiving the login key by the short-range wireless communication, the main device 1 performs authentication by comparing the login key with the login key stored in step S307. That is, it is determined whether or not there is a match with the login key in the login key stored in step S307 (S308). If there is a match, the authentication is successful, and a process for displaying a user authentication screen on the display 18 is performed as a predetermined authentication success process (S309 login device authentication step). On the other hand, if there is no match, the authentication is unsuccessful, the authentication success process is not performed, and the process returns to step S308.

  Here, the main device 1 receives the login key “L001” from the login device 7a, and the login keys stored in the main device 1 are “L001” and “L002”. Is displayed. The main device 1 displays the user information stored in association with the matched login key on the user authentication screen in a selectable manner. Here, since the user information associated with the login key “L001” is only “XX Taro, Surgery”, only “XXX Taro, Surgery” is displayed. When a plurality of users share 7a, a plurality of pieces of user information associated with the login key “L001” are displayed in a selectable manner. When the login application is started in the login device 7b in a state where the login device 7b exists in the short-range wireless communication range from the main device 1 while the main device 1 is broadcasting the search signal, the main device 1 and the login device 7B, a login key “L002” is transmitted to the main device 1, and “XX Hanako, Internal Medicine” is displayed.

  When the user performs an operation of selecting the displayed user information, the main device 1 logs into the medical information system S (S310) and displays the home page of the medical information system S. At this timing, main device 1 stops broadcasting the search signal. The user can access information in the medical information system S via the homepage. For example, the patient information can be retrieved and displayed on the main body device 1 by inputting new information from the main body device 1 to the medical information system S. Processing such as updating patient information can be performed. The main body device 1 transmits information such as selected user information and selection date and time to the application management system 5 together with the main body key, and the application management system 5 records the received information as log information.

  The main body device 1 periodically (every extremely short time) monitors whether the connection state with the login device 7a is maintained by the short-range wireless communication module 14 (S311). Then, as shown by the broken line arrow in FIG. 6, when the user leaves the main body device 1 or the like, the login device 7 a moves out of the short-range wireless communication range with respect to the main body device 1. When it is detected that the connection state is disconnected (communication disconnection), the main body device 1 ends the connection state to the medical information system S. That is, automatic logout is performed from the medical information system S (S312). Therefore, the process (information search process, information update process, etc.) performed by accessing the medical information system S, which has been started by the above-described successful authentication process (display of the user authentication screen), is terminated (automatic termination step). ). Even if the user performs a predetermined end operation on the main device 1, the main device 1 ends the connection state to the medical information system S (that is, logs out from the medical information system S). The main body device 1 transmits logout information such as the logout date and time to the application management system 5 together with the main body key in both cases of automatic logout and logout by user operation. The application management system 5 records the received logout information as log information. When the main device 1 logs out from the medical information system, it resumes the search signal broadcast.

  In the state where the main body application is activated, the main body device 1 acquires position information by GPS periodically (here, every time a predetermined time has elapsed since the activation of the main body application), and transmits it to the application management system 5 together with the main body key. Then, the application management system 5 performs area determination as in step S303. When the application management system 5 determines that the main device 1 is in the proper area, the application management system 5 transmits the login key and the user information as in step S306, and determines that the main device 1 is not in the proper area. In this case, as in step S304, the login key and the user information are not transmitted, but information indicating that it is out of the usage range is transmitted to the main body device 1. When receiving the login key and user information, the main device 1 stores them in the memory 20 (updates when the login key and user information are already stored), and is out of the usage range. Is received, the login key and the user information stored in the memory 20 are deleted, if any. Therefore, when the main body device 1 is taken out of an appropriate area while the main body application is activated, the login key in the main body device 1 is erased after a predetermined time, and then the login key is received from the login device 7. Even if sent, authentication will not succeed. When the main device 1 returns to the appropriate area, the login key and user information are transmitted and stored again. The predetermined time is a short time such as 10 minutes.

  When the application management system 5 determines that the main device 1 is in an appropriate area, the login key and the user information are transmitted only when the contents have changed from the previously transmitted login key and user information. It is good to do. Further, until the process started by the authentication success process is ended (here, logout from the medical information system S), the main body device 1 does not store the position information and the main key even if the predetermined time has elapsed. The transmission to the application management system 5 may not be performed, and the login key and user information stored in the memory 20 may not be updated or deleted. In either case, the burden on the main device 1 is reduced.

  When the user performs a predetermined main body application end operation, the main body device 1 deletes the key and user information stored in the memory 20 and ends the main body application.

  By operating as described above, in the authentication system 10, if the main device 1 does not exist in a predetermined area (Hospital A or Hospital B), the login key is not transmitted to the main device 1. If the login key that matches the login key transmitted to 1 is not transmitted from the login device 7 to the main body device 1 by short-range wireless communication, the user authentication screen is not displayed and the medical information system S can be accessed. Can not. Therefore, when the main device 1 is stolen or taken out of the proper area, the medical information system S cannot be accessed, and even if the main device 1 is in the proper area, the proper login device 7 is The medical information system S cannot be accessed unless it is in the vicinity of the device 1. As described above, whether the main device 1 is present in the appropriate area and whether the proper authentication information (login key) is transmitted from the login device 7 to the main device 1 by the short-range wireless communication (that is, the proper information is displayed). If the double authentication of the authentication (whether the login device 7 exists in the vicinity of the main device 1) is not successful, the predetermined authentication success process is not performed, so that the security is improved.

  In addition, since the management device 3 existing as the backyard, not the main device 1 itself, performs area authentication based on the position information transmitted from the main device 1, the main device 1 is stolen or the like and the area from the unauthorized user When authentication is requested, authentication is stopped on the management device 3 side by notification from the user or the use manager, or the location of the main device 1 is known on the management device 3 side by log information. To prevent fraud.

  Further, when the user leaves the main unit 1, the medical information system S automatically logs out by disconnecting the short-range wireless communication between the login device 7 carried by the user and the main unit 1. Even if a person leaves the main unit 1 without logging out, the medical information system S can be prevented from being accessed by the unauthorized user from the main unit 1.

  [Second Embodiment] Next, an authentication system 10B according to a second embodiment will be described with reference to FIGS. In the second embodiment, the same components as those in the first embodiment are denoted by the same reference numerals, and the description thereof is omitted. The authentication system 10B includes a main body device 1B, a management device 3, and one or more login devices 7. The main body device 1B is a car navigation device (car navigation system) that is mounted on a vehicle and can be connected to the Internet. The usage administrator in the second embodiment is one of the users.

  The management device 3 in the second embodiment includes a user management system 4 and an application management system 5 configured in the same manner as in the first embodiment, and a login device 7 in the second embodiment also in the same manner as in the first embodiment. It is configured. The control unit 55 of the application management system 5 also functions as a final position information storage unit in cooperation with the communication unit 51 and the storage unit 54.

  The main unit 1B has an antenna 11B and performs a short-distance wireless communication based on the Bluetooth standard by having a wireless RF transmission / reception unit 12B that communicates with other devices via a communication network such as the Internet and an antenna 13B. From a short-range wireless communication module 14B, a GPS receiver 16B having an antenna 15B for receiving GPS signals, a speaker 17B, a display 18B made up of a liquid crystal display, etc., a touch switch formed on the display 18B, etc. An input unit 19B configured, a memory 20B composed of a semiconductor memory, a map information storage unit 23 to which a storage medium such as a DVD storing map information is mounted, and a control unit 21B composed of a CPU or the like are provided. . The control unit 21B is connected to the wireless RF transmission / reception unit 12B, the short-range wireless communication module 14B, the GPS reception unit 16B, the speaker 17B, the display 18B, the input unit 19B, the memory 20B, and the map information storage unit 23. By operating according to the main body application, the location information transmission means, the login device authentication means, and the final location information transmission in cooperation with the wireless RF transmission / reception unit 12B, the short-range wireless communication module 14B, the GPS reception unit 16B, etc. It functions as a means and an automatic end means. The memory 20B is provided with an identification information storage unit and stores a device ID.

  The control unit 21B is connected to an accessory power source 24 and a backup power source 25 provided in the vehicle. The accessory power supply 24 is turned on when the vehicle key is turned to an ACC (accessory) or ON position, a predetermined power button provided on the vehicle is turned on, etc., and supplies power to the main unit 1B. The backup power supply 25 is turned on when the accessory power supply 24 is turned off, for example, when the vehicle key is turned to the OFF position, the power button is turned off, etc. The power supply necessary for processing is performed.

  In the same manner as in the first embodiment, the user performs user registration from the registration personal computer 6 to obtain a user ID, and uses the user ID to log in the main body application use registration in the main body apparatus 1B and log in in the login apparatus 7. Register application usage. Thereby, the main body application is installed in the main body device 1B and the main body key is stored, and the login apparatus 7 is installed and stored in the login key, and the area authentication information storage unit 56 of the application management system 5 is stored. The user information is stored in association with the login key (in the second embodiment, only the user name is used). The main body application is a program for starting and ending the car navigation program installed in the main apparatus 1B, and only one main application is installed for each main apparatus 1B.

  Further, the user performs application setting registration (area registration and user registration) from the registration personal computer 6 in the same manner as in the first embodiment. However, in area registration in the second embodiment, no map is displayed on the use range setting screen, and only distance can be input as area information. Thereby, in the area authentication information storage unit 56 of the application management system 5, user information is stored in association with the main body key, and the main body key and the login key are associated with each other via the user information. Area information is stored in association with the main body key. A plurality of login devices 7 can be used for one main device 1B, and a plurality of users of one login device 7 can be used. There is one area information for one main device 1B.

  Next, the authentication method of the second embodiment will be described while omitting the same parts as in the first embodiment as appropriate.

  The user carries the login device 7 and turns on the accessory power supply 24 of the vehicle. When the accessory power supply 24 is turned on, the main body device 1B starts the main body application, acquires position information indicating its own position based on the GPS signal according to the main body application, and uses the position information and the main body key as the application information. The information is transmitted to the management system 5 (see step (1) in FIG. 8).

  The application management system 5 stores the reception date and time, received content, etc. as log information, and the position indicated by the received position information is within the range indicated by the area information stored in association with the received main body key. Whether or not the area is determined. In the second embodiment, the area information is information indicating a range from the final position of the main device 1B, and the application management system 5 determines that the main device 1B is within the range indicated by the area information from the final position ( In other words, if it is within the range of the circle centered on the final position and having the radius indicated by the area information as a radius), the area is determined to be within the area indicated by the area information from the final position. It is determined that it is not within. In the first area determination, since the final position information is not stored, it is determined that all are in the area. If the application management system 5 determines that the main device 1 does not exist in the area, the app management system 5 does not transmit a login key to the main device 1B, and stores position information, determination date and time, determination results, and the like as log information. On the other hand, if the application management system 5 determines that the main device 1B exists in the area, the application management system 5 stores all the login keys and user information stored in association with the received main device key in the main device 1B. The information is transmitted (see area authentication step (1) in FIG. 8), and the transmission date and time, transmission contents, etc. are stored as log information. The main device 1B receives the login key and the user information from the application management system 5, and stores them in the memory 20B.

  When the user activates the login application in the login device 7, as in the first embodiment, the login device 7 establishes a connection with the main device 1B, and a login key is connected to the main device 1B by short-range wireless communication. Transmit (see step (2) in FIG. 8).

  When the main unit 1B receives the login key, the main unit 1B authenticates the login unit 7 by comparing the login key with the login key stored in the memory 20B. If the authentication is successful, a process for displaying a user authentication screen is performed as a predetermined authentication success process (login device authentication step). User information corresponding to the login key is displayed on the user authentication screen, and when the user performs an operation of selecting the displayed user information, the main body device 1B starts a car navigation program and performs vehicle guidance processing. Thus, the user can receive vehicle guidance. On the other hand, if the authentication is not successful, the process for displaying the user authentication screen is not performed, and the user cannot receive vehicle guidance. The main device 1B transmits the execution date and time of the login device authentication step, the authentication result, the login key used for authentication, the selected user information, and the like to the application management system 5, and the application management system 5 sends the information. Store as log information.

  The main body device 1B periodically monitors whether or not the connection state with the login device 7 is maintained. When the main body device 1B detects that the connection state is disconnected, the process started by the authentication success process, that is, the vehicle guidance The process is terminated (automatic termination step), and an operation lock is performed so that an operation by the user is not accepted. This operation lock is released when a connection is established again between the login device 7 and the main device 1B, an appropriate login key is transmitted from the login device 7, and the login device 7 is successfully authenticated.

  Further, when the accessory power source 24 is turned off, the main body device 1B is operated by the backup power source 25 to end the vehicle guidance process and perform an end process for deleting the stored login key and user information. As the position information, position information indicating its own position is acquired based on the GPS signal, and is transmitted to the application management system 5 together with the main body key (see (3) in FIG. 8). That is, the termination process that triggers transmission of the final position information in the main body device 1B is a process that terminates the vehicle guidance process based on the accessory power supply 24OFF and erases the login key and the user information.

  The application management system 5 stores the reception date and time of the final position information, the received content, etc. as log information, and stores the received final position information in the main body key in the area authentication information storage unit 56 that matches the received main body key. The information is stored in the area authentication information storage unit 56 in association (final position information acquisition step). And it uses for the next area determination.

  By operating as described above, in the second embodiment, if the main device 1B does not exist within the predetermined range from the final position, the login key is not transmitted from the management device 3 to the main device 1B, and further, the main device If the login key that matches the login key transmitted to 1B is not transmitted from the login device 7 to the main body device 1B by short-range wireless communication, the user authentication screen is not displayed and the vehicle guidance process is not started. Therefore, when the main device 1B is stolen and taken out of an appropriate area, it cannot be used as a car navigation system, and even if the main device 1B is in an appropriate area, the login device 7 transfers to the main device 1B. If a proper login key is not sent, it cannot be used as a car navigation system. That is, if the double authentication is not successful, the main device 1B cannot be used as a car navigation system, so that the security is improved.

  In addition, since the management device 3 that exists as a backyard instead of the main device 1B itself performs area authentication based on the position information transmitted from the main device 1B, the main device 1B is stolen and the When authentication is requested, fraudulent acts can be prevented as in the first embodiment.

  [Third Embodiment] Next, an authentication system 10C according to a third embodiment will be described with reference to FIGS. In the third embodiment, the same components as those in the first embodiment are denoted by the same reference numerals, and the description thereof is omitted. The authentication system 10C includes a main body device 1C, a management device 3, and one or more login devices 7. The main unit 1C is a car navigation device that is mounted on a vehicle and cannot be connected to the Internet. The usage manager in the third embodiment is one of the users.

  The management device 3 in the third embodiment includes a user management system 4 and an application management system 5 configured in the same manner as in the first embodiment. The control unit 55 of the application management system 5 functions as an authentication information advance transmission unit, an area determination unit, and a final position information storage unit in cooperation with the communication unit 51 and the storage unit 54. The application management system 5 also receives and receives information from the login device 7, the received content, the transmission date and time of information to the login device 7, the transmitted content, the determination date and time of area determination, and the determination result, as in the second embodiment. Etc. are stored as log information.

  Also, the login device 7 in the third embodiment is configured in the same manner as in the first embodiment. The control unit 81 of the login device 7 cooperates with the wireless RF transmission / reception unit 72, the short-range wireless communication module 74, and the like, so that the identification information mediating means, the authentication information mediating means, the authentication information transmitting means, and the location information mediating means. , Function as determination result mediating means and final position information mediating means.

  The main unit 1C includes an antenna 13C and a short-range wireless communication module 14C that performs short-range wireless communication according to the Bluetooth standard, a GPS receiver 16C that has an antenna 15C and receives a GPS signal, a speaker 17C, and a liquid crystal A display 18C including a display device, an input unit 19C including a touch switch formed on the display 18C, a memory 20C including a semiconductor memory, and a storage medium such as a DVD storing map information are mounted. A map information storage unit 23C and a control unit 21C including a CPU or the like are provided. The control unit 21C is connected to and controls the short-range wireless communication module 14C, the GPS receiving unit 16C, the speaker 17C, the display 18C, the input unit 19C, the memory 20C, and the map information storage unit 23C, and operates according to the main body application. Thus, in cooperation with the short-range wireless communication module 14C, the GPS receiver 16C, etc., the identification information transmission means, the authentication information storage means, the login device authentication means, the position information transmission means, the area authentication means, the automatic termination means, And it functions as a final position information transmission means. The memory 20C is provided with an identification information storage unit and stores a device ID. The control unit 21C is connected to an accessory power supply 24C and a backup power supply 25C similar to the accessory power supply 24 and the backup power supply 25 of the second embodiment, respectively.

  A main body application is installed in the main body device 1C in advance, and a main body key is stored in the identification information storage unit. The main body application is a program for starting and ending the car navigation program installed in the main apparatus 1C, and only one main application is installed for each main apparatus 1B. The body name is not used.

  As in the first embodiment, the user performs user registration from the registration personal computer 6 to acquire a user ID, and performs login application use registration in the login device 7 using the user ID. As a result, the login application is installed in the login device 7 and the login key is stored, and the user information associated with the login key is stored in the area authentication information storage unit 56 of the application management system 5 (third implementation). In the form, only the user name is stored.)

  The user inputs the user ID and password in the registration personal computer 6 to access the application management system 5, and the main body key described in the instruction manual of the main body application and the area information as the second embodiment. Similarly, area registration is performed by inputting a distance. Further, user registration is performed by inputting a main body key and user information of a user who can use the main body device 1C having the main body key. Thereby, in the area authentication information storage unit of the application management system 5, user information is stored in association with the login key, and the main body key and the login key are associated with each other via the user information. Area information is stored in association with the key. A plurality of login devices 7 can be used for one main device 1C, and a plurality of users of one login device 7 can be used. There is one area information for one main device 1C.

  Next, the authentication method of 3rd Embodiment is demonstrated based on FIG. Communication between the main unit 1C and the login device 7 in the following description is performed by short-range wireless communication, and communication between the login device 7 and the application management system 5 of the management device 3 is performed via the Internet. . In the third embodiment, since the main device 1C cannot connect to the Internet, the login device 7 mediates information exchange with the app management system 5 with the main device 1C.

  First, the user stores a login key and user information in the main device 1C as a preparation stage for authentication. Specifically, the user brings the login device 7 into the short-range wireless communication range with the main body device 1C, activates the main body application in the main body device 1C, and activates the login application in the login device 7 to establish a connection. Establish and perform a predetermined authentication information acquisition operation on the screen of the login application. The login device 7C requests the main body device 1C to transmit the main body key, the main body device 1C transmits the main body key to the login device 7C (S501), and the login device 7 transmits the received main body key to the application management system 5. (S502). Then, the application management system 5 transmits all login keys and user information associated with the main body key in the area authentication information storage unit 56 to the login device 7 (S503). The login device 7 transmits the received login key and user information to the main device 1C (S504), and the main device 1C stores the received login key and user information in the memory 20C (authentication information acquisition step). This authentication information acquisition step may be performed before the first authentication and when the login device 7 is changed and the login key that can be used by the main device 1C is changed, and does not need to be performed every time at the time of authentication.

  When the user wants the main body device 1 </ b> C to guide the vehicle, the accessory power supply 24 </ b> C is turned on to start the main body application, and the login device 7 starts the login application. Then, as in the first embodiment, the login device 7 establishes a connection with the main device 1C, transmits a login key to the main device 1C (S505 authentication information transmission step), and the main device 1C receives the received login. Authentication is performed by comparing the key with the login key stored in the authentication information acquisition step (login device authentication step). If there is a match, the authentication is successful, and the main device 1C acquires position information indicating its own position based on the GPS signal, and transmits the position information and the main body key to the login device 7 ( In step S506, the login device 7 transmits the position information and the main body key to the application management system 5 (S507). If there is no match, the authentication is unsuccessful. Key is not transmitted (position information transmission step).

  The application management system 5 performs area determination as to whether or not the position indicated by the received position information is within the range indicated by the area information stored in association with the received main body key as in the second embodiment. Do the same. In the first area determination, since the final position information is not stored, it is determined that all are in the area. The application management system 5 transmits a determination result (determination information) as to whether or not it is in the area to the login device 7 (S508), and the login device 7 transmits the determination result to the main device 1C (S509). If the received determination result is not a determination result indicating that the user is within the area, the main apparatus 1C does not display the user authentication screen as an unsuccessful authentication, but if the determination result indicates that the user is within the area. Displays a user authentication screen as successful authentication, and displays user information corresponding to the login key authenticated in the login device authentication step on the user authentication screen (area authentication step). When the user performs an operation of selecting the displayed user information, the main apparatus 1C starts the car navigation program and starts the vehicle guidance process, so that the user can receive the vehicle guidance.

  Similarly to the second embodiment, when detecting disconnection of the connection state with the login device 7, the main body device 1 </ b> C ends the vehicle guidance process (automatic end step) and performs operation lock. This operation lock is released under the same conditions as in the second embodiment.

  In addition, when the accessory power supply 24C is turned off, the main body device 1C is operated by the backup power supply 25C, performs a termination process to end the vehicle guidance process, and indicates a position indicating its own position based on a GPS signal as final position information. The information is acquired and transmitted to the login device 7 together with the main body key (S510). The login device 7 transmits the final position information to the application management system 5 (S511), and the application management system 5 receives the received final position. The information is stored in the area authentication information storage unit 56 in association with the main body key in the area authentication information storage unit 56 that matches the received main body key (final position information acquisition step). And it uses for the next area determination. That is, the end process that triggers the transmission of the final position information in the main body device 1C is a process that ends the vehicle guidance process based on the disconnection of the accessory power supply 24. The main unit 1C does not delete the login key and user information stored in the memory 20C, and updates the login key and user information stored in the memory 20C when the authentication information acquisition step is performed next. To do. This is because it is not necessary to perform an authentication information acquisition step every time authentication is performed, and authentication is performed quickly.

  By operating as described above, in the third embodiment, if the login key that matches the login key transmitted to the main apparatus 1C is not transmitted from the login apparatus 7 to the main apparatus 1C by short-range wireless communication, Even if the position information is not transmitted from the apparatus 1C and the position information is transmitted from the main apparatus 1C, if the main apparatus 1C does not exist within the predetermined range from the final position, the user authentication screen is not displayed, The navigation program is not started. That is, as in the second embodiment, authentication that a proper login key is transmitted from the login device 7 to the main unit 1C and dual authentication of area authentication that the main unit 1C exists in an appropriate area are used. If it is not successful, the main body device 1B cannot be used as a car navigation system, so that security is improved.

  Moreover, since the management apparatus 3 which exists as a backyard performs area determination based on the positional information transmitted from the main body apparatus 1C as in the second embodiment, fraud can be prevented.

  [Modification] A modification will be described below.

  In the first to third embodiments, the main body application is not limited to an application program, but may be an OS level module or routine. The same applies to the login application.

  In the first to third embodiments, instead of establishing the connection on the application described above, the main devices 1, 1B, 1C (hereinafter referred to as “main device 1 etc.”) and each login device 7 are preliminarily connected to Bluetooth. It is good also as performing pairing operation. The pairing operation on Bluetooth is well known and will not be described in detail, but is performed as follows, for example. (1) The user makes the login device 7 searchable (discoverable) by performing a predetermined operation on the login device 7. (2) The user performs a search (discovery) operation on the main device 1 or the like. As a result, the main device 1 or the like broadcasts a search signal. (3) A Bluetooth device (including the login device 7) in a searchable state within a short-range wireless communication range (short-range wireless communication range) receives the search signal and receives information about itself (such as the main unit 1) ( Device ID etc.). As a result, information on Bluetooth devices in a searchable state within the short-range wireless communication range is displayed in a list on the main device 1 or the like, and the user selects the login device 7 from the list. (4) The user inputs the same passkey (PIN) to the main device 1 and the login device 7. By performing the above pairing operation, the main body device 1 and each of the login devices 7 automatically when they enter a range in which short-distance wireless communication can be performed with each other (short-range wireless communication range) from the next time. A connection is established.

  Each of the first to third embodiments may include a plurality of main body devices 1 and the like. The above-described connection establishment on the application can avoid the trouble of performing a pairing operation on Bluetooth in advance between the main body device 1 and the like and the login device 7 in a form having a plurality of such main body devices 1 and the like. Is advantageous.

  In the first embodiment, the main device 1 and the management device 3 can communicate with each other via the Internet. However, the main device 1 and the management device 3 may communicate with each other not through the Internet but through another communication network such as an intranet.

  As the main device 1 of the first embodiment, a PDA (personal digital assistant), a smartphone, or the like can be employed in addition to a mobile computer. Further, as the login device 7, a smartphone, a mobile computer, a PDA, or the like can be adopted in addition to a mobile phone.

  As the registration personal computer 6 of the first embodiment, the main device 1 or the login device 7 can also be used.

  In the first embodiment, when authentication is successful, an application program installed in the main device 1 can be started, rather than being accessible to an external computer system such as the medical information system S. May be. That is, the present invention is not limited to an authentication method for accessing an external computer system, but can also be applied to an authentication method for starting an application program in the main device 1.

  In the first embodiment, the user information is input to the main body name in the user registration, thereby associating the login key with the main body name or the main body key via the user information. The login key can be displayed in the user name, and the user name is entered with the login key instead of the user information in the user registration, so that the body name and the login key are associated with each other without user information. Also good. In addition, a configuration in which the main body name is not used can be used. In such a case, the main body device 1 can display the main body key, and the user information (not using the user information) is associated with the main body key in the user registration. You can enter a login key.

  Also in the second embodiment, as in the third embodiment, the main body application and the main body key are installed in the main body device 1B in advance, and the main body key is used together with the user ID from the main body device 1B or the registration personal computer 6 to the application management system 5. It is good also as transmitting and registering. Further, it is assumed that the main body application is installed in the main body apparatus 1B in advance, and when the use registration of the main body application is performed in the main body apparatus 1B, the main body key is transmitted and stored in the main body apparatus 1B. .

  In the second and third embodiments, when the main body devices 1B and 1C detect that the connection state with the login device 7 is disconnected, the authentication is started by a successful authentication process (in the embodiment, a user authentication screen display process). In other words, the automatic logout function for terminating the vehicle guidance process by the car navigation program is provided, but the automatic logout function may not be provided. This is because it may be inconvenient if the car navigation device is automatically logged out each time the user leaves the vehicle.

  In the second and third embodiments, in order to start the vehicle guidance quickly, the authentication success process may be a process of starting the car navigation program and starting the vehicle guidance without using the user authentication screen display process. . That is, if authentication is successful, the vehicle guidance may be received without user selection. Similarly, in the first embodiment, as the authentication success process, the homepage display process of the medical information system S may be performed instead of the user authentication screen display process.

DESCRIPTION OF SYMBOLS 1, 1B, 1C ... Main body apparatus 3 ... Management apparatus 5 ... Application management system 7 ... Login apparatus 10, 10B, 10C ... Authentication system 22 ... Identification information storage part 56 ... Area authentication information storage part 82 ... Authentication information storage part

Claims (13)

A main body device that includes an identification information storage unit that stores its own identification information, can acquire its own position information by GPS, and is capable of short-range wireless communication;
An authentication information storage unit storing self-authentication information, a login device capable of short-range wireless communication and portable;
An area authentication information storage unit that stores area information in association with the identification information of the main body device and stores authentication information of the login device in association with the identification information of the main body device; A management device capable of communicating via
An authentication method using
A position information transmission step in which the main body apparatus transmits its own identification information stored in the identification information storage unit and position information acquired by GPS to the management apparatus;
In the area indicated by the area information stored in the area authentication information storage unit in association with the identification information based on the identification information and the position information received from the main body device by the management device, the main body It is determined whether or not the device exists, and when it is determined that the device exists, the authentication information stored in the area authentication information storage unit in association with the identification information is transmitted to the main device and determined not to exist. If so, an area authentication step in which authentication information is not transmitted to the main device, and
An authentication information transmission step in which the login device transmits its own authentication information stored in the authentication information storage unit to the main body device by short-range wireless communication;
The main body device performs authentication by comparing the authentication information received from the management device with the authentication information received from the login device. If the authentication is successful, a predetermined authentication success process is performed and the authentication is successful. Otherwise, a login device authentication step that does not perform the authentication success process;
An authentication method comprising: An automatic end step of detecting that the short-range wireless communication with the login device has been disconnected by the main body device, and ending the processing started by the authentication success processing;
The authentication method according to claim 2, further comprising: The main body device is a car navigation device provided in a vehicle,
The area information is information indicating a range from the final position,
The main body apparatus acquires position information by GPS at the time of executing a predetermined end process, and transmits it as final position information to the management apparatus together with its own identification information stored in the identification information storage unit, and the management apparatus A final position information acquisition step of storing the final position information in the area authentication information storage unit in association with the identification information of the main body device,
Based on the identification information and the position information received from the main body device in the area authentication step, the management device associates the position indicated by the position information with the identification information in the area authentication information storage unit. If the main unit is within the range indicated by the area information stored in the area authentication information storage unit in association with the identification information from the final position indicated by the stored final position information, 3. The authentication method according to claim 1 or 2, wherein it is determined that the area does not exist in the area if it is determined that the area does not exist in the area. It is a management device that can acquire its own location information by GPS and can communicate with the main body device that authenticates with the authentication information of the login device received from the login device by short-range wireless communication via a communication line network. And
An area authentication information storage unit that stores area information in association with identification information of the main body device and stores authentication information of the login device in association with identification information of the main body device;
Based on the identification information and position information of the main device received from the main device, the main device is included in the area indicated by the area information stored in the area authentication information storage unit in association with the identification information. When it is determined that the authentication information is present, the authentication information stored in the area authentication information storage unit in association with the identification information is transmitted to the main device, and is determined not to exist. An area authentication unit that does not transmit authentication information to the main unit;
A management apparatus comprising: A main body device that includes an identification information storage unit that stores its own identification information, can acquire its own position information by GPS, and is capable of short-range wireless communication;
An authentication information storage unit storing self-authentication information, a login device capable of short-range wireless communication and portable;
An area authentication information storage unit that stores area information in association with identification information of the main body device and stores authentication information of the login device in association with identification information of the main body device; and the login device and a communication line network A management device capable of communicating via
An authentication method using
The main body device transmits its own identification information stored in the identification information storage unit to the login device by short-range wireless communication, and the login device receives the received identification information of the main body device as the management device. The management apparatus transmits the authentication information stored in the area authentication information storage unit in association with the received identification information of the main body apparatus to the login apparatus, and the login apparatus receives the authentication information. Transmitting authentication information to the main unit by short-range wireless communication, and storing authentication information received by the main unit; and
An authentication information transmission step in which the login device transmits its own authentication information stored in the authentication information storage unit to the main body device by short-range wireless communication;
A login device authentication step in which the main unit performs authentication by comparing the authentication information stored in the authentication information acquisition step with the authentication information received in the authentication information transmission step;
When the main unit is successfully authenticated in the login device authentication step, the identification information stored in the identification information storage unit and the position information acquired by GPS are transmitted by the short-range wireless communication. The login device transmits the received identification information and location information of the main device to the management device, and the main device is not successfully authenticated in the login device authentication step. In this case, a position information transmitting step that does not transmit the self identification information and the position information to the login device;
In the area indicated by the area information stored in the area authentication information storage unit in association with the identification information based on the identification information and position information of the main body device received from the login device by the management device And determining whether or not the main body device is present, and transmitting the determination result to the login device, wherein the login device transmits the determination result to the main body device by short-range wireless communication, If the received determination result is a determination result indicating that it exists in the area, a predetermined authentication success process is performed, and if it is not a determination result indicating that the determination result exists in the area, the area authentication that does not perform the authentication success process Steps,
An authentication method comprising: An automatic end step of detecting that the short-range wireless communication with the login device has been disconnected by the main body device, and ending the processing started by the authentication success processing;
The authentication method according to claim 5, further comprising: The main body device is a car navigation device provided in a vehicle,
The area information is information indicating a range from the final position,
The main body apparatus acquires position information by GPS at the time of executing a predetermined end process, and transmits it as final position information to the login apparatus by short-range wireless communication together with its own identification information stored in the identification information storage unit Then, the login device transmits the received identification information and final position information of the main device to the management device, and the management device associates the final position information with the identification information of the main device and performs the area authentication. A final position information acquisition step to be stored in the information storage unit,
Based on the identification information and location information of the main device received from the login device in the area authentication step, the management device associates the location indicated by the location information with the identification information in the area authentication. From the final position indicated by the final position information stored in the information storage unit, within the range indicated by the area information stored in the area authentication information storage unit in association with the identification information, the The authentication method according to claim 5 or 6, wherein it is determined that the main device exists in the area, and if it does not exist in the range, it is determined that the main device does not exist in the area. A main unit capable of acquiring own position information by GPS and capable of short-range wireless communication;
A login device capable of short-range wireless communication and portable;
A management device capable of communicating with the main unit via a communication network;
An authentication system comprising:
The management device is
An area authentication information storage unit that stores area information in association with identification information of the main body device and stores authentication information of the login device in association with identification information of the main body device;
Based on the identification information and position information received from the main unit, whether the main unit exists in the area indicated by the area information stored in the area authentication information storage unit in association with the identification information. If it is determined that the authentication information stored in the area authentication information storage unit is associated with the identification information, the authentication information stored in the area authentication information storage unit is transmitted to the main device. An area authentication means that does not transmit to the main unit,
With
The login device is
An authentication information storage unit storing its own authentication information;
Authentication information transmitting means for transmitting the authentication information stored in the authentication information storage unit to the main unit by short-range wireless communication;
With
The main unit is
An identification information storage unit that stores the identification information of itself;
Position information transmission means for transmitting the identification information stored in the identification information storage unit and the position information acquired by GPS to the management device;
Authentication is performed by comparing authentication information received from the area authentication unit of the management device with authentication information received from the authentication information transmission unit of the login device. If authentication is successful, predetermined authentication success processing And login device authentication means that does not perform the authentication success process if the authentication is not successful,
An authentication system comprising:   9. The apparatus according to claim 8, further comprising an automatic ending unit that detects that the short-range wireless communication with the login device has been disconnected, and terminates the process started by the authentication success process. Authentication system. The main body device is a car navigation device provided in a vehicle,
The area information is information indicating a range from the final position,
Final position information transmission means for the main body apparatus to acquire position information by GPS at the time of execution of a predetermined end process and transmit it to the management apparatus as final position information together with its own identification information stored in the identification information storage unit With
The management device includes a final position information storage unit that stores the final position information received from the main device in the area authentication information storage unit in association with the identification information of the main device.
The area indicated by the position information is stored in the area authentication information storage unit in association with the identification information based on the identification information and the position information received from the main unit by the area authentication means of the management device. If the main unit is within the range indicated by the area information stored in the area authentication information storage unit in association with the identification information from the final position indicated by the final position information being 10. The authentication system according to claim 8, wherein the authentication system is determined to exist within the area, and is determined not to exist within the area unless it exists within the range. A main unit capable of acquiring own position information by GPS and capable of short-range wireless communication;
A login device capable of short-range wireless communication and portable;
A management device capable of communicating with the login device via a communication network;
An authentication system comprising:
The management device is
An area authentication information storage unit that stores area information in association with identification information of the main body device and stores authentication information of the login device in association with identification information of the main body device;
Authentication information pre-sending means for transmitting the authentication information stored in the area authentication information storage unit in association with the identification information of the main body device received from the login device to the login device;
Based on the identification information and position information of the main body device received from the login device, the main body device is located in the area indicated by the area information stored in the area authentication information storage unit in association with the identification information. Area determination means for determining whether or not there is, and transmitting the determination result to the login device;
With
The login device is
An authentication information storage unit storing its own authentication information;
Identification information mediating means for transmitting the identification information of the main device received from the main device to the management device;
Authentication information mediating means for transmitting authentication information received from the management device to the main body device by short-range wireless communication;
Authentication information transmitting means for transmitting the authentication information stored in the authentication information storage unit to the main unit by short-range wireless communication;
Position information mediating means for transmitting the identification information and position information of the main body device received from the main body device to the area determining means of the management device;
A determination result mediating means for transmitting the determination result received from the management device to the main unit by short-range wireless communication;
With
The main unit is
An identification information storage unit that stores the identification information of itself;
Identification information transmitting means for transmitting the identification information stored in the identification information storage unit to the identification information mediating means of the login device by short-range wireless communication;
Authentication information storage means for storing authentication information received from the authentication information mediation means of the login device;
Login device authentication means for performing authentication by comparing authentication information stored by the authentication information storage means and authentication information received by the authentication information transmission means of the login device;
When authentication is successful in the login device authentication means, the self-identification information stored in the identification information storage unit and the position information acquired by the GPS are transmitted to the position information of the login device by short-range wireless communication. Position information transmitting means for transmitting to the mediating means;
If the determination result received from the determination result mediation means of the login device is a determination result indicating that it exists in the area, if a predetermined authentication success process is performed, and if it is not a determination result indicating that it exists in the area, Area authentication means that does not perform authentication success processing;
An authentication system comprising:   12. The apparatus according to claim 11, further comprising automatic termination means for detecting that the short-range wireless communication with the login device has been disconnected, and terminating the processing started by the authentication success processing. Authentication system. The main body device is a car navigation device provided in a vehicle,
The area information is information indicating a range from the final position,
The main body apparatus acquires position information by GPS at the time of executing a predetermined end process, and transmits it as final position information to the login apparatus by short-range wireless communication together with its own identification information stored in the identification information storage unit A final position information transmitting means for
The login device includes final position information mediating means for transmitting the received identification information and final position information of the main device to the management device,
The management device includes a final location information storage unit that stores the final location information received from the login device in association with the identification information of the main device in the area authentication storage unit,
Based on the identification information and position information of the main device received by the area determination unit of the management apparatus from the login device, the position indicated by the position information is associated with the identification information and the area authentication information. The main body as long as it exists within the range indicated by the area information stored in the area authentication information storage unit in association with the identification information from the final position indicated by the final position information stored in the storage unit The authentication system according to claim 11 or 12, wherein it is determined that the device exists in the area, and if it does not exist in the range, it is determined that the device does not exist in the area.

Images