JP2020029715A - Authentication system and authentication method - Google Patents

Abstract

To provide an authentication system and authentication method that can maintain operation based on a user's intention.SOLUTION: An authentication system 3 allows a vehicle 1 to operate when wireless communication authentication between a portable terminal 2 and the vehicle 1 is established. The authentication system 3 includes a measurement unit 30 that measures a measured value that corresponds to the distance between the vehicle 1 and portable terminal 2, a control unit 31 that controls authentication operation based on evaluation results of the detection function for illicit communication using the measured value, and a nullify unit 40 that nullifies the detection function of the control unit 31 for illicit communication when particular operation for the vehicle 1 is performed at the portable terminal 2.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an authentication system and an authentication method for performing authentication through wireless communication.

  Conventionally, for example, in a vehicle, an authentication system that performs authentication through wireless communication between a portable terminal carried by a user and an in-vehicle device mounted on the vehicle and controls the vehicle when the authentication is established is known. ing. As an authentication system, a smart collation system in which a portable terminal automatically responds to an ID from a vehicle to perform ID collation is well known.

  By the way, in this type of authentication system, for example, unauthorized communication using a repeater is concerned as an unauthorized communication that attempts to establish ID verification at a place that does not depend on a user who has a legitimate portable terminal. Unauthorized communication using a repeater is an act of relaying communication between an in-vehicle device and a portable terminal by, for example, a plurality of repeaters when a portable terminal is located far from a vehicle, and illegally establishing ID verification. is there. Therefore, there is a possibility that ID collation may be established where the user having the authorized portable terminal does not notice.

  For such unauthorized communication, Patent Literature 1 discloses a technique of measuring the distance between a vehicle and a portable terminal to detect the unauthorized communication. In this case, a ranging signal is transmitted and received between the vehicle-mounted device and the portable terminal, and the distance between the vehicle and the portable terminal is measured by analyzing the ranging signal. Therefore, when a repeater is interposed, the arrival time of the distance measurement signal becomes longer, and the measured distance becomes larger than the threshold. Therefore, illegal communication can be detected.

JP 2006-118887 A

  However, it is difficult to accurately discriminate between regular communication and illegal communication by a regular portable terminal. For example, when detecting unauthorized communication based on the distance between the vehicle and the portable terminal, if the communication environment is unstable, a distance different from the actual one will be measured, and it is determined that the communication is unauthorized despite the regular communication. It may be done. In this case, there is a problem that even a regular user cannot use the vehicle and feels inconvenience.

  An object of the present invention is to provide an authentication system and an authentication method that can ensure operation according to a user's intention.

  An authentication system for solving the above problem is an authentication system for performing authentication by wireless communication between a mobile terminal and a communication partner thereof, wherein the authentication system is arranged in at least one of the mobile terminal and the communication partner, and A measurement unit that measures a measurement value according to the distance between the terminal and the communication partner, and a control unit that controls the operation of the authentication based on a determination result of a function for detecting unauthorized communication using the measurement value. An invalidation unit that invalidates a function of detecting illegal communication by the control unit when a specific operation related to the communication partner is performed on the mobile terminal.

  According to this configuration, in the state where the specific operation related to the communication partner is performed in the mobile terminal, it is assumed that the user has an intention to operate the communication partner, and in this state, regardless of the determination result of the unauthorized communication. Complete authentication. Therefore, in the state where the specific operation is performed, it is possible to suppress the occurrence of the event that the authentication is not established despite the normal communication and the communication partner cannot operate. Therefore, it is possible to secure the operation according to the user's intention.

  In the authentication system, the specific operation preferably includes an operation for causing the mobile terminal to execute an operation of the communication partner. According to this configuration, the function of detecting unauthorized communication is invalidated by an explicit act of the user trying to activate the communication partner. This further contributes to ensuring operation according to the user's intention.

  In the authentication system, the mobile terminal is a high-performance mobile phone capable of short-range wireless communication with the communication partner, the mobile terminal includes an application related to the communication partner, the specific operation is the application Is preferably in the activated state. According to this configuration, when the application related to the communication partner is activated on the high-performance mobile phone, the authentication is established regardless of the determination result of the unauthorized communication. Therefore, when the application is running, it is possible to suppress occurrence of an event that authentication is not established despite normal communication and the communication partner cannot operate. Therefore, it contributes to securing operation according to the user's intention.

  An authentication method for solving the above-mentioned problem is to determine whether a measured value based on a distance between a mobile terminal and a communication partner is appropriate or not, and to judge a result of an unauthorized communication detection function using the measured value. Based on the control of the wireless authentication between the mobile terminal and the communication partner, and when a specific operation related to the communication partner is executed in the mobile terminal, disable the unauthorized communication detection function Become

  ADVANTAGE OF THE INVENTION The authentication system and the authentication method of this invention enable ensuring operation | movement according to a user's intention.

FIG. 1 is a block diagram showing a configuration of an authentication system. The figure which shows the specific operation about a portable terminal. FIG. 4 is a flowchart showing a flow of authentication in the authentication system. FIG. 11 is a diagram illustrating a specific operation on an electronic key according to another embodiment.

Hereinafter, an embodiment of an authentication system and an authentication method will be described with reference to FIGS.
As shown in FIG. 1, the vehicle 1 as a communication partner includes an authentication system 3 that authenticates the validity of the mobile terminal 2 through wireless communication. The mobile terminal 2 is preferably a high-performance mobile phone having a telephone function and capable of communicating with the vehicle 1 using short-range wireless communication. The authentication system 3 of the present example is a key operation free system (short-range wireless verification system) that executes ID verification by short-range wireless communication triggered by communication from the vehicle 1. The short-range wireless communication is preferably, for example, Bluetooth (registered trademark).

  The vehicle 1 includes a verification ECU (Electronic Control Unit) 4 that performs ID verification, a body ECU 5 that manages a power supply of onboard electrical components, and an engine ECU 7 that controls the engine 6. These ECUs are connected through a communication line 8 in the vehicle. The communication line 8 includes, for example, a CAN (Controller Area Network) or a LIN (Local Interconnect Network).

  The electronic key ID and key unique key of the portable terminal 2 registered in the vehicle 1 are written and stored in the memory 9 of the verification ECU 4. In the authentication system 3, a series of ID verifications are automatically performed by mutual communication between the verification ECU 4 and the portable terminal 2, and the door lock is unlocked and unlocked and the engine is started on condition that the ID verification is established. Is allowed.

  The body ECU 5 controls the operation of a door lock mechanism 11 as a mechanical part for locking and unlocking the vehicle door 10. The vehicle door 10 is provided with an exterior door handle 12 for opening and closing the vehicle door 10. The exterior door handle 12 is provided with a touch sensor 13 that detects a user's touch operation on the exterior door handle 12 as a trigger for unlocking the door, for example. The door handle 12 outside the vehicle is provided with a lock button 14 that is operated, for example, when locking the door. The body ECU 5 controls the operation of the door lock mechanism 11 based on the detection signals of the touch sensor 13 and the lock button 14.

  The engine ECU 7 controls transition of the power supply of the engine 6 of the vehicle 1. The vehicle 1 is provided with an engine switch 15 for operating the power transition of the engine 6. The engine switch 15 is preferably, for example, a push-type switch. The engine ECU 7 controls the transition of the engine 6 by operating the engine switch 15 under a predetermined condition. Note that the predetermined conditions here are that ID verification is established, that the mobile terminal 2 is located in the vehicle interior, that a brake pedal (not shown) of the vehicle 1 is depressed, One transmission is in the parking range and combinations thereof.

  The vehicle 1 includes a vehicle communication unit 16 for performing short-range wireless communication with the mobile terminal 2. In the short-range wireless communication of the present example, the mobile terminal 2 is a master, and the vehicle 1 is a slave. The vehicle communication unit 16 periodically transmits an advertisement message to an area near the vehicle 1.

  The mobile terminal 2 includes a terminal control unit 20 that controls the operation of the mobile terminal 2, a network communication module 21 that performs network communication in the mobile terminal 2, and a short-range wireless communication module 22 that performs short-range wireless communication in the mobile terminal 2. Is provided.

  In order to establish a communication connection (Bluetooth connection) between the mobile terminal 2 and the vehicle 1, for example, one of the mobile terminal 2 and the vehicle 1 is set to a discoverable state, and a discovery operation is performed from the other. When both of them approach each other to a position where the mobile terminal 2 can receive the advertisement message, one of the devices in the discoverable state is presented to the other device performing the discovery operation. Then, a device is selected as a connection partner, and thereafter, the same authentication key is input to both devices, and when the exchange of the authentication key is completed, the pairing is completed. It is not necessary to input the authentication key from the next communication connection between the vehicle 1 and the mobile terminal 2 that have been paired once. Therefore, the communication connection is automatically established between the vehicle 1 and the mobile terminal 2 that have been paired.

  The mobile terminal 2 includes a user interface application 23 (hereinafter, referred to as a UI application 23) that performs ID collation with the vehicle 1 through short-range wireless communication. The UI application 23 is provided in the terminal control unit 20, for example, by being downloaded from a server through network communication. The UI application 23 is a type of a program for operating the mobile terminal 2 as an electronic key of the vehicle 1, and executes various processes such as electronic key registration, ID verification, and vehicle operation.

  In using the mobile terminal 2 as an electronic key of the vehicle 1, the mobile terminal 2 registers an electronic key ID and a key unique key of the mobile terminal 2 in the vehicle 1 (electronic key registration). For example, the mobile terminal 2 logs in to a server (not shown) through the network communication by the UI application 23 (authenticates a user ID and a password). Then, the mobile terminal 2 acquires the electronic key ID and the key unique key from the server, and writes and stores the electronic key ID and the key unique key in the memory 24. Further, the mobile terminal 2 connects (logs in) to the vehicle 1 through the short-range wireless communication by the UI application 23, and registers the electronic key ID and the key unique key of the mobile terminal 2.

  The UI application 23 automatically executes ID collation with the vehicle 1 by mutual communication through Bluetooth communication. For example, when the electronic key registration of the mobile terminal 2 is completed and the communication connection between the vehicle 1 and the mobile terminal 2 is established, the electronic key ID is transmitted and received between the verification ECU 4 and the UI application 23 to perform the verification. At the same time, cryptographic authentication such as challenge response authentication using the key unique key is performed. When the collation ECU 4 confirms that the collation and the authentication are established, the collation ECU 4 determines that the ID collation is established. It should be noted that these series of ID comparisons are automatically executed without the user operating the mobile terminal 2 and without operating the vehicle 1. That is, the UI application 23 performs the ID collation processing in the background even when the UI application 23 is not activated on the screen of the mobile terminal 2.

  As shown in FIG. 2, the UI application 23 includes an interface 25 that executes various functions by operating in a situation where ID matching is established. The interface 25 is a button displayed on the screen of the mobile terminal 2 when the UI application 23 is activated on the mobile terminal 2. The interface 25 includes one that does not involve the operation of the vehicle 1 and one that causes the operation of the vehicle 1 to be executed. The one that does not involve the operation of the vehicle 1 is, for example, a battery confirmation unit 26. The battery check unit 26 displays the remaining battery level of the vehicle 1 on the screen of the mobile terminal 2 by a tap operation. The operation of the vehicle 1 includes, for example, a lock operation unit 27 and an unlock operation unit 28. The lock operation unit 27 causes the vehicle door 10 to be locked by a tap operation. The unlock operation unit 28 causes the vehicle door 10 to be unlocked by a tap operation.

  Returning to FIG. 1, the authentication system 3 includes a function of determining whether or not authentication has been established based on detection of unauthorized communication that attempts to establish authentication illegally (illegal communication detection function: communication unauthorized establishment prevention system 29). The communication fraud prevention system 29 includes a measurement unit 30 that measures a measurement value according to the distance between the vehicle 1 and the mobile terminal 2. Further, the communication fraud establishment prevention system 29 includes a control unit 31 that controls the operation of wireless authentication (ID verification) based on the determination result of the fraudulent communication detection function using the measured value. The control unit 31 includes a control unit 31a provided in the verification ECU 4 of the vehicle 1 and a control unit 31b provided in the UI application 23 of the mobile terminal 2.

  The measurement unit 30 measures a distance measurement value as a measurement value according to the distance between the vehicle 1 and the portable terminal 2 by short-range wireless communication. The control unit 31 determines the validity of the communication from the distance measurement value. The distance measurement method by the measurement unit 30 is, for example, a TOF (Time Of) that transmits and receives a distance measurement signal Sd between the vehicle 1 and the portable terminal 2 and measures a distance between the two based on a propagation time required for transmission and reception at that time. (Flight) method. The control unit 31a and the control unit 31b control transmission and reception of the distance measurement signal Sd between the vehicle 1 and the portable terminal 2.

  The control unit 31 determines that the ranging authentication has been established when the ranging values of the vehicle 1 and the mobile terminal 2 are equal to or less than the threshold. On the other hand, when the distance measurement values of the vehicle 1 and the mobile terminal 2 are longer than the threshold, the control unit 31 determines that the distance measurement authentication has failed. The verification ECU 4 prohibits the operation of the vehicle 1 when the ranging authentication is not established. The determination of the ranging authentication by the control unit 31 may be performed by at least one of the control unit 31a on the vehicle 1 side or the control unit 31b on the mobile terminal 2 side. In the case of this example, the control unit 31a determines the distance measurement authentication.

  The communication fraud prevention system 29 includes a nullification unit 40 that nullifies a function of detecting illegal communication by the control unit 31 when a specific operation related to the vehicle 1 is performed on the mobile terminal 2. The disabling unit 40 of the present example includes a disabling unit 40a provided in the verification ECU 4 of the vehicle 1 and a disabling unit 40b provided in the UI application 23 of the mobile terminal 2. The invalidation unit 40 of this example invalidates the control unit 31 when a specific operation is detected, thereby preventing the control unit 31 from transmitting and receiving the distance measurement signal Sd. Note that the specific operation related to the vehicle 1 is preferably an operation of the lock operation unit 27 and an operation of the unlock operation unit 28 for executing the operation of the vehicle 1.

  Next, the operation and effect of the authentication system 3 will be described with reference to FIGS. Here, a case where the user carrying the mobile terminal 2 unlocks the vehicle door 10 will be described as an example. It is assumed that the pairing in the short-range wireless communication between the vehicle 1 and the mobile terminal 2 has been completed.

  As shown in FIG. 3, in step S101, the vehicle 1 (verification ECU 4) transmits an advertisement message from the vehicle communication unit 16 to the vicinity of the vehicle 1 in order to establish a communication connection with the mobile terminal 2. When the mobile terminal 2 (terminal control unit 20) enters the area near the vehicle 1 and receives the advertisement message, the mobile terminal 2 (terminal control unit 20) starts communication connection with the vehicle 1.

  In step S102, the vehicle 1 and the mobile terminal 2 automatically perform communication connection when device authentication is established according to a series of communication connection processes linked to the advertisement message. The communication connection between the two is continued until the mobile terminal 2 moves out of the range of the short-range wireless communication with the vehicle 1.

  In step S103, when the vehicle 1 and the mobile terminal 2 are connected for communication, the vehicle 1 and the mobile terminal 2 start ID collation. The ID collation processing in the mobile terminal 2 is performed by the UI application 23 performing processing in the background. The UI application 23 transmits / receives the electronic key ID to / from the verification ECU 4 and performs cryptographic authentication using the key unique key. When the verification of the electronic key ID and the cryptographic authentication using the key unique key are established, the verification ECU 4 determines that the ID verification is established. On the other hand, when either the verification of the electronic key ID or the encryption authentication using the key unique key fails, the verification ECU 4 determines that the ID verification has failed. When the ID collation is not established, the operation of the vehicle 1 is prohibited.

  In step S104, when ID collation is established, the control unit 31 starts distance measurement. The measurement unit 30 measures a distance value between the vehicle 1 and the portable terminal 2 from the propagation time of the distance measurement signal Sd transmitted and received between the control unit 31a on the vehicle 1 side and the control unit 31b on the portable terminal 2 side. .

  In step S105, the control unit 31a determines whether or not the measured distance value between the vehicle 1 and the portable terminal 2 is equal to or less than a threshold. When the measured distance value is equal to or smaller than the threshold, the control unit 31a determines that the distance measurement authentication has been established, and proceeds to step S106. On the other hand, if the measured distance value is longer than the threshold value, the control unit 31a determines that distance measurement authentication has failed, and shifts to step S107.

  In step S106, the verification ECU 4 permits the operation of the vehicle 1 when the ID verification and the distance measurement authentication are established. In this state, when the outside door handle 12 of the vehicle door 10 is touched, the vehicle door 10 is unlocked. As described above, the vehicle 1 and the mobile terminal 2 perform wireless communication with each other, so that the operation of the vehicle 1 is automatically permitted without the user operating the mobile terminal 2.

  In step S107, the verification ECU 4 prohibits the operation of the vehicle 1 when the distance measurement authentication is not established. In this state, even if the outside door handle 12 of the vehicle door 10 is touched, the vehicle door 10 is not unlocked. If the unauthorized communication using the repeater is performed, the distance becomes equal to or larger than the threshold value in step S105, so that the process proceeds to step S107, and the operation of the vehicle 1 can be prohibited.

  By the way, when the user performs a specific operation on the mobile terminal 2 to operate the vehicle 1, the user is usually located near the vehicle 1 and pays attention to the vehicle 1. However, it can be determined that unauthorized communication is difficult to be performed. Therefore, in such a situation, there is no problem even if the distance measurement authentication is invalidated assuming that there is no unauthorized communication. Rather, priority is given to not detecting unnecessary unauthorized communication and eliminating the possibility of the control unit 31 erroneously detecting the distance.

  As shown in FIG. 2, in the case of the present example, the invalidation unit 40 b on the mobile terminal 2 side, when a specific operation is performed on the mobile terminal 2, regardless of the distance or position from the vehicle 1, The function of detecting unauthorized communication by the control unit 31b is invalidated. The invalidation unit 40b of the mobile terminal 2 of this example stops the function of detecting unauthorized communication of the mobile terminal 2 for a certain period of time. Therefore, the ranging signal Sd is not transmitted from the mobile terminal 2.

  The invalidation unit 40b of the mobile terminal 2 has a function of detecting an unauthorized communication on the vehicle 1 when the communication between the vehicle 1 and the mobile terminal 2 is established when the function of detecting the unauthorized communication on the mobile terminal 2 is stopped. An invalidation signal Siv requesting invalidation of the vehicle is transmitted to the vehicle 1 through Bluetooth communication. Upon receiving the invalidation signal Siv, the invalidation unit 40a of the vehicle 1 causes the control unit 31a of the vehicle 1 to stop transmitting and receiving the distance measurement signal Sd and invalidate the distance measurement authentication. The invalidation signal Siv may be transmitted at any time before, after, or during the ID collation.

  As described above, the verification ECU 4 permits the operation of the vehicle 1 without performing the determination based on the distance by the control unit 31. Therefore, in the state where the specific operation is performed, it is possible to suppress the occurrence of the event that the authentication is not established and the vehicle 1 cannot be operated, and accordingly, the operation according to the user's intention can be performed.

  Further, for example, when the invalidation unit 40b of the mobile terminal 2 detects a specific operation during the period in which the ID collation and the ranging authentication are being performed (steps S103 to S105), the invalidation signal Siv is obtained at that time. To the disabling unit 40a of the vehicle 1. Thereby, the collation ECU 4 invalidates the distance measurement authentication by the control unit 31 immediately upon receiving the invalidation signal Siv. As a result, the operation of the vehicle 1 is permitted on condition that the distance measurement value is not determined and the ID collation is established.

  In this example, the measuring unit 30 that measures the distance value between the vehicle 1 and the mobile terminal 2, the control unit 31 that determines whether authentication is established based on the distance value, and the mobile terminal 2 related to the vehicle 1 An invalidating unit is provided to invalidate a function of detecting unauthorized communication by the control unit when a specific operation is performed. According to this configuration, in a state where the specific operation is performed in the mobile terminal 2, it is possible to suppress the occurrence of the event that the authentication is not established and the operation of the vehicle 1 cannot be performed despite the regular communication. Therefore, it is possible to secure the operation according to the user's intention.

  In this example, the specific operation is an operation of the lock operation unit 27 and an operation of the unlock operation unit 28 that execute the operation of the vehicle 1 in the mobile terminal 2. According to this configuration, the unauthorized communication detection function is invalidated by a user's explicit act of trying to operate the vehicle 1. Therefore, the invalidating unit 40 can be operated only in a situation where unauthorized communication is difficult. This further contributes to ensuring operation according to the user's intention.

The present embodiment can be modified and implemented as follows. The present embodiment and the following modified examples can be implemented in combination with each other within a technically consistent range.
-In this embodiment, the mobile terminal 2 is not limited to a high-performance mobile phone. An individual electronic key linked to the vehicle 1 may be used. A case where an electronic key is applied to the mobile terminal 2 will be described with reference to FIG. It is assumed that the electronic key can perform ID collation and ranging authentication through wireless communication with the vehicle 1.

  As shown in FIG. 4, the electronic key 50 is provided with an operation unit 51 for operating the vehicle 1. The operation unit 51 includes a lock operation unit 52 that is operated to lock the vehicle door, and an unlock operation unit 53 that is operated to unlock the vehicle door. When the operation unit 51 is operated, the invalidation signal Siv is transmitted to the vehicle 1 by the invalidation unit 40, and the function of detecting unauthorized communication by the control unit 31 is invalidated. Even in this case, the operation according to the user's intention is enabled.

  In the present embodiment, the specific operation related to the vehicle 1 that triggers the control by the invalidation unit 40 may include activation of the UI application 23. Here, the activation of the UI application 23 preferably includes not only an operation of selecting and activating the UI application 23 on the mobile terminal 2 but also a state in which the interface 25 is displayed on the screen of the mobile terminal 2. On the other hand, the activation of the UI application 23 preferably does not include a state in which the UI application 23 is performing a process such as ID collation in the background. When the UI application 23 is activated, it is normal for the user to pay attention to the vehicle, so that it may be determined that unauthorized communication is difficult to be performed. Therefore, this configuration also contributes to securing operation in accordance with the user's intention. In addition, the specific operation may include an operation of the interface 25 (including an operation of the battery confirmation unit 26, an operation of the lock operation unit 27, and an operation of the unlock operation unit 28).

  In the present embodiment, the interface 25 of the UI application 23 is not limited to the present embodiment. For example, there may be one that opens and closes a power slide door.

  In the present embodiment, the invalidation unit 40 stops transmitting and receiving the distance measurement signal Sd for a certain period of time when detecting a specific operation, but is not limited thereto. That is, stopping the transmission and reception of the distance measurement signal Sd by the invalidation unit 40 can be omitted from the configuration requirements. However, when disabling the control unit 31, disabling the function for detecting unauthorized communication for a fixed time (stopping transmission and reception of the distance measurement signal Sd) contributes to power saving.

  In the present embodiment, disabling the invalidation detection function of the control unit 31 by the disabling unit 40 is not limited to disabling and stopping the ranging authentication, and regardless of the determination result of the ranging value. This includes determining that the distance measurement authentication has been established. Alternatively, control may be performed such that the verification ECU 4 ignores the determination result of the distance measurement authentication and establishes the authentication only with the determination result of the ID verification. In short, it suffices to perform control so that authentication is not established (or does not shift to establishment) by the unauthorized communication detection function of the control unit 31.

  -In this embodiment, the predetermined condition at the time of controlling the transition of the engine 6 is not particularly limited. Further, the method of determining whether the mobile terminal 2 is located in the vehicle compartment is not limited. For example, it may be determined by distance measurement.

  In the present embodiment, the method of calculating the distance and the method of determining the distance are not limited to the examples, and a method such as an RSSI (Received Signal Strength Indicator) can be applied. The measurement unit 30 may be provided on the mobile terminal 2 side.

  The determination as to whether or not the wireless communication based on the distance measurement authentication is appropriate may be made by the control unit 31a of the vehicle 1 or the control unit 31b of the portable terminal 2 or by both. Further, the control unit 31 may be provided on at least one of the vehicle 1 and the mobile terminal 2.

  -In this embodiment, the method of detecting unauthorized communication is not limited to the example. For example, communication correctness may be determined by comparing the signal reception strength (RSSI) of radio waves in both the vehicle 1 and the portable terminal 2 or confirming the position using a global positioning system (GPS). Can be changed as appropriate. That is, the measurement unit 30 is not limited to performing distance measurement.

In the present embodiment, the communication standard and the band of the short-range wireless communication are not limited to the examples. For example, Wi-Fi or the like is applicable.
-In this embodiment, the method of performing communication connection (pairing) of short-range wireless communication between the vehicle 1 and the mobile terminal 2 is not particularly limited. For example, the pairing may be performed only by operating one of the devices. When the operation is performed on the vehicle 1 side during pairing, a device such as a car navigation system mounted on the vehicle 1 can be applied as an input / output device. Further, when performing an operation on the mobile terminal 2 side during pairing, a setting screen on software installed in the mobile terminal 2 in advance can be used instead of the UI application 23. That is, at the time of pairing, the operation device, operation method, authentication method, and the like can be appropriately changed.

  In the present embodiment, the method by which the mobile terminal 2 obtains the electronic key ID and the key unique key is obtained from the server through Internet communication, but is not limited to this. For example, a mode may be used in which the user logs in to the vehicle 1 (user ID and password authentication) using the UI application 23 and assigns an electronic key ID and a key unique key registered in the vehicle 1 to the mobile terminal 2 in advance.

In the present embodiment, the ID collation performed by the authentication system 3 is not limited to the electronic key ID collation or the cryptographic authentication of the key unique key.
In the present embodiment, in a series of authentications, the order of ID collation and ranging authentication is not particularly limited. For example, ID verification may be performed after the distance measurement authentication, or may be performed such that the execution periods of the ID verification and the distance measurement authentication overlap.

  In the present embodiment, the communication partner of the mobile terminal 2 is not limited to the vehicle 1 and can be changed to another device or device.

DESCRIPTION OF SYMBOLS 1 ... vehicle, 2 ... portable terminal, 3 ... authentication system, 4 ... collation ECU, 15 ... vehicle communication part, 20 ... terminal control part, 22 ... short-range wireless communication module, 23 ... user interface application, 25 ... interface, 30 ... Measurement unit, 31 ... Control unit, 40 ... Disable unit.

Claims (4)

An authentication system for performing authentication by wireless communication between a mobile terminal and a communication partner thereof,
A measurement unit that is arranged on at least one of the mobile terminal and the communication partner, and measures a measurement value according to a distance between the mobile terminal and the communication partner.
Based on the determination result of the unauthorized communication detection function using the measured value, a control unit that controls the operation of the authentication,
An authentication system, comprising: an invalidation unit that invalidates a function of detecting illegal communication by the control unit when a specific operation related to the communication partner is performed on the mobile terminal. The authentication system according to claim 1, wherein the specific operation includes an operation for causing the mobile terminal to execute an operation of the communication partner. The mobile terminal is a high-performance mobile phone capable of short-range wireless communication with the communication partner,
The mobile terminal includes an application related to the communication partner,
The authentication system according to claim 1, wherein the specific operation includes a state in which the application is running. The mobile terminal and the communication partner are determined based on a determination result of an unauthorized communication detection function using the measured value, which determines whether a measurement value based on a distance between the mobile terminal and the communication partner is appropriate. An authentication method for controlling the operation of authentication by wireless during the communication, and invalidating the function of detecting unauthorized communication when a specific operation related to the communication partner is performed on the mobile terminal.