JP2021033766A - Authentication device, communication apparatus, authentication system, authentication method, communication method, and program - Google Patents

Abstract

To provide an authentication device, a communication apparatus, an authentication system, an authentication method, a communication method, and a program that can transmit and receive information safely and more reliably with simple operation.SOLUTION: An authentication device includes: connection information generation means for generating connection information usable only for one-time connection of short-range wireless communication; output means for outputting the connection information by voice; short-range wireless communication means for receiving connection transmission information including information identifying a communication apparatus from the communication apparatus that has received the connection information output by voice; and connection determination means for determining whether to perform data communication with the communication apparatus via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means.SELECTED DRAWING: Figure 2

Description

The present invention relates to an authentication device, a communication device, an authentication system, an authentication method, a communication method and a program.

Some payment systems and point systems that use smartphones use NFC (Near Field Communication) and QR codes (registered trademarks). However, NFC is limited to smartphone compatible models, and the QR code (registered trademark) has security problems. Furthermore, there is a demand for a system that can be easily used even in places where there is no Internet environment.
Therefore, there is a demand for a system that is not limited to smartphone models, is secure, and can easily send and receive information only by local communication that does not go through the Internet.

For example, in Patent Document 1, the authentication device outputs authentication information that can be used only for one authentication to the communication terminal by voice, and the communication terminal outputs the transmission data to which the received authentication information is added by voice to the authentication device. The authentication system to be used is disclosed. In this authentication system, the authentication device authenticates whether or not the communication terminal is valid based on whether or not the received authentication information matches the output authentication information. This prevents fraud such as spoofing in authentication using voice as a transmission medium.

JP-A-2018-197955

Since voice communication can be used with any communication device equipped with a microphone and a speaker, there is an advantage that it can support a wide variety of communication devices. However, when the customer information or the like is transmitted from the communication device, the user may have to adjust the volume of the communication device. In addition, there is a problem of stability of data transmission / reception, such that the receiving device cannot receive the transmitted data due to the difference in performance depending on the type and model of the communication device and the way the user holds the speaker.

On the other hand, there is Bluetooth (registered trademark) as a local communication that does not go through the Internet. Bluetooth (registered trademark) has higher speed and stability of data transmission / reception than voice communication, but when pairing, the user needs to set the pairing, which increases the user's trouble. Become. In addition, when pairing is not performed, it is difficult to identify the communication partner and the route is not encrypted, which poses a security problem.

The present invention has been made in view of the above circumstances, and provides an authentication device, a communication device, an authentication system, an authentication method, a communication method, and a program capable of transmitting and receiving information safely and more reliably with a simple operation. The purpose is.

(1) In order to achieve the above object, the authentication device according to the first aspect of the present invention is
Connection information generation means that generates connection information that can be used only for one short-range wireless communication connection,
An output means that outputs the connection information by voice, and
A short-range wireless communication means for receiving connection transmission information including information for identifying the communication device from a communication device that has received the connection information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means to judge and
It is characterized by having.

(2) Further, in order to achieve the above object, the authentication device according to the second aspect of the present invention is
Connection information generation means that generates connection information that can be used only for one short-range wireless communication connection,
An authentication information generation means that generates authentication information that can be used only for one-time authentication,
An output means that outputs the connection information and the authentication information by voice, and
A short-range wireless communication means for receiving connection transmission information including information for identifying the communication device from a communication device that has received connection information and authentication information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means to judge
A transmission request for data including the authentication information is transmitted by the short-range wireless communication means based on the determination result of the connection determination means, and the data transmitted from the communication device receiving the transmission request is transmitted to the short-range wireless communication means. An authentication means for authenticating whether or not the communication device is valid depending on whether or not the authentication information included in the received data matches the authentication information output by voice by the output means when the data is received via. When,
It is characterized by having.

(3) Further, in order to achieve the above object, the authentication device according to the third aspect of the present invention is
Connection information generation means that generates connection information that can be used only for one short-range wireless communication connection,
An authentication information generation means that generates authentication information that can be used only for one-time authentication,
An output means that outputs the connection information and the authentication information by voice, and
A short-range wireless communication means for receiving connection transmission information including information for identifying the communication device from a communication device that has received connection information and authentication information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means to judge
Based on the determination result of the connection determination means, the transmission request of the data encrypted based on the authentication information is transmitted by the short-range wireless communication means, and the data transmitted from the communication device receiving the transmission request is transmitted. When received via the short-range wireless communication means, the received data is decoded based on the authentication information output by voice by the output means, and whether or not the communication device is valid based on the decoding result. Authentication means to authenticate and
It is characterized by having.

(4) Further, in order to achieve the above object, the authentication device according to the fourth aspect of the present invention is
Connection information generation means that generates connection information that can be used only for one short-range wireless communication connection,
An authentication information generation means that generates authentication information that can be used only for one-time authentication,
An output means that outputs the connection information and the authentication information by voice, and
A short-range wireless communication means for receiving connection transmission information including information for identifying the communication device and information unique to the communication device from a communication device that has received connection information and authentication information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means to judge
Based on the determination result of the connection determination means, a transmission request for data encrypted based on the communication device-specific information and the authentication information is transmitted by the short-range wireless communication means, and the transmission request is received. When the data transmitted from the communication device is received via the short-range wireless communication means, the data received is decoded based on the information unique to the communication device and the authentication information output by voice by the output means. Then, based on the decryption result, an authentication means for authenticating whether or not the communication device is legitimate, and
It is characterized by having.

(5) In any one of the above (1) to (4) authentication devices,
Further provided with a detection means for detecting that the distance to the communication device is within a predetermined distance,
The output means outputs the connection information when the detection means detects that the distance to the communication device satisfies a predetermined standard.
You may do so.

(6) In any one of the above (1) to (5) authentication devices,
A plurality of the output means are provided in the authentication device.
You may do so.

(7) In any one of the above (1) to (6) authentication devices,
Further equipped with a measuring means for measuring noise in a predetermined range,
The output means can output at different volumes depending on the measurement result by the measuring means.
You may do so.

(8) Further, in order to achieve the above object, the communication device according to the fifth aspect of the present invention is
A receiving means that receives connection information that can be used only for one short-range wireless communication connection by voice from the authentication device, and
A connection transmission information generating means that generates connection transmission information including information for identifying the own device based on the connection information received by the receiving means.
A short-range wireless communication means for transmitting the connection transmission information and
It is characterized by having.

(9) Further, in order to achieve the above object, the authentication system according to the sixth aspect of the present invention is
An authentication system that has an authentication device and a communication device.
The authentication device is
Connection information generation means that generates connection information that can be used only for one short-range wireless communication connection,
An output means that outputs the connection information by voice, and
A short-range wireless communication means for receiving connection transmission information including information for identifying the communication device from a communication device that has received the connection information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means for judgment and
With
The communication device is
A receiving means for receiving the connection information by voice from the authentication device, and
The connection transmission information generation means for generating the connection transmission information and
A short-range wireless communication means for transmitting the connection transmission information and
It is characterized by having.

(10) Further, in order to achieve the above object, the authentication system according to the seventh aspect of the present invention is
An authentication system that has an authentication device and a communication device.
The authentication device is
Connection information generation means that generates connection information that can be used only for one short-range wireless communication connection,
An authentication information generation means that generates authentication information that can be used only for one-time authentication,
An output means that outputs the connection information and the authentication information by voice, and
A short-range wireless communication means for receiving connection transmission information including information for identifying the communication device from a communication device that has received connection information and authentication information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means to judge
Based on the determination result of the connection determination means, a transmission request for data including the authentication information is transmitted by the short-range wireless communication means, and the data transmitted from the communication device receiving the transmission request is used for the short-range wireless communication. Authentication that authenticates whether or not the communication device is valid depending on whether or not the authentication information included in the received data matches the authentication information output by voice by the output means when received via the means. Means and
With
The communication device is
A receiving means for receiving the connection information and the authentication information by voice from the authentication device, and
The connection transmission information generation means for generating the connection transmission information and
A transmission data generation means that generates data including authentication information received by the reception means, and a transmission data generation means.
A short-range wireless communication means for transmitting the connection transmission information and data including the authentication information, and
It is characterized by having.

(11) Further, in order to achieve the above object, the authentication method according to the eighth aspect of the present invention is
It is an authentication method using an authentication device.
A connection information generation step that generates connection information that can only be used for one short-range wireless communication connection,
An output step that outputs the connection information by voice, and
A reception step of receiving connection transmission information including information for identifying the communication device from a communication device that has received the connection information output by voice, and a reception step.
A connection determination step for determining whether or not to perform data communication with the communication device based on the connection transmission information received in the reception step and the connection information output in the output step.
It is characterized by having.

(12) Further, in order to achieve the above object, the authentication method according to the ninth aspect of the present invention is
It is an authentication method using an authentication device.
A connection information generation step that generates connection information that can only be used for one short-range wireless communication connection,
An authentication information generation step that generates authentication information that can be used only for one-time authentication,
An output step that outputs the connection information and the authentication information by voice, and
A reception step of receiving connection transmission information including information for identifying the communication device from a communication device that has received connection information and authentication information output by voice, and a reception step.
A connection determination step for determining whether or not to perform data communication with the communication device based on the connection transmission information received in the reception step and the connection information output in the output step.
Authentication included in the received data when a transmission request for data including the authentication information is transmitted based on the determination result of the connection determination step and the data transmitted from the communication device that received the transmission request is received. An authentication step that authenticates whether or not the communication device is valid based on whether or not the information matches the authentication information output by voice in the output step, and
It is characterized by having.

(13) Further, in order to achieve the above object, the communication method according to the tenth aspect of the present invention is:
It is a communication method executed by a communication device.
A reception step in which connection information that can be used only for one short-range wireless communication connection is received by voice from the authentication device, and
A connection transmission information generation step that generates connection transmission information including self-identifying information based on the connection information received in the reception step, and a connection transmission information generation step.
The output step of transmitting the connection transmission information and
A communication method characterized by comprising.

(14) Further, in order to achieve the above object, the program according to the eleventh aspect of the present invention is
Computer,
Connection information generation means, which generates connection information that can be used only for one short-range wireless communication connection,
An output means that outputs the connection information by voice,
A short-range wireless communication means for receiving connection transmission information including information for identifying the communication device from a communication device that has received connection information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means to judge,
It is characterized by functioning as.

(15) Further, in order to achieve the above object, the program according to the twelfth aspect of the present invention is provided.
Computer,
Connection information generation means, which generates connection information that can be used only for one short-range wireless communication connection,
Authentication information generation means, which generates authentication information that can be used only for one-time authentication.
An output means that outputs the connection information and the authentication information by voice.
A short-range wireless communication means that receives connection transmission information including information that identifies the communication device from a communication device that has received connection information and authentication information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means to judge
Based on the determination result of the connection determination means, a transmission request for data including the authentication information is transmitted by the short-range wireless communication means, and the data transmitted from the communication device receiving the transmission request is used for the short-range wireless communication. Authentication that authenticates whether or not the communication device is valid depending on whether or not the authentication information included in the received data matches the authentication information output by voice by the output means when received via the means. means,
It is characterized by functioning as.

(16) Further, in order to achieve the above object, the program according to the thirteenth aspect of the present invention is provided.
Computer,
A receiving means that receives connection information by voice from an authentication device, which can be used only for one short-range wireless communication connection.
A connection transmission information generating means that generates connection transmission information including information for identifying the own device based on the connection information received by the receiving means.
Short-range wireless communication means for transmitting the connection transmission information,
It is characterized by functioning as.

The authentication device according to the present invention outputs connection information of short-range wireless communication by voice. As a result, short-range wireless communication can be connected with a simple operation without the need for manual pairing or other operations. Further, the authentication device is based on the connection information that can be used only for one short-range wireless communication connection output by voice and the connection transmission information transmitted from the communication device that has received the connection information. Determines whether or not to perform data communication with a communication device via a communication means. As a result, information can be transmitted and received safely and more reliably by short-range wireless communication, which is faster and more stable than voice communication.

The figure which shows an example of the authentication system which concerns on embodiment of this invention. A flowchart showing an example of processing of the authentication device and the communication device according to the embodiment of the present invention. A block diagram showing an example of an authentication device according to an embodiment of the present invention. Block diagram showing an example of a communication device according to an embodiment of the present invention

An example in which the authentication device according to the present embodiment is applied to the authentication system 1 shown in FIG. 1 is shown. In the present embodiment, it is assumed that Bluetooth (registered trademark) Low Energy (BLE) is used as the communication method for short-range wireless communication. BLE is one of the extended specifications of Bluetooth (registered trademark), which is a short-range wireless communication technology, and is a short-range wireless communication technology formulated as a part of the Bluetooth (registered trademark) 4.0 standard. The short-range wireless communication method according to the present embodiment may be based on other standards, specifications, or the like that perform the same processing as BLE.

As shown in FIG. 1, the authentication system 1 includes an authentication device 100 and a communication device 200.

As shown in FIG. 3, the authentication device 100 connects the storage unit 110, the control unit 120, the output unit 130, the detection unit 140, the short-range wireless communication unit 150, and the input unit 160 to each other. It is equipped with a system bus 99.

The storage unit 110 is composed of a hard disk, a flash memory, and the like, and stores the program 111. The program 111 generates and updates connection information and one-time key of BLE communication such as service UUID (Universally Unique Identifier), determines whether or not to connect the communication device 200 and BLE communication, and determines whether or not to connect the communication device 200 with the communication device 200. Software that executes the process of authenticating the validity. The storage unit 110 has the connection information generated by the connection information generation unit 121, which will be described later, the one-time key generated by the one-time key generation unit 123, their expiration dates, and the BLE received by the advertising operation by the communication device 200. Communication connection Sends information, transmission data, etc.

The control unit 120 is composed of a CPU (Central Processing Unit) and the like. The control unit 120 operates according to the program 111 stored in the storage unit 110, and executes the process according to the program 111. The control unit 120 includes a connection information generation unit 121, a connection determination unit 122, a one-time key generation unit 123, and an authentication processing unit 124 as main functional units provided by the program 111.

The connection information generation unit 121 has a function of executing a process of generating connection information necessary for connecting BLE communication. This connection information includes the service UUID. The service UUID is an identifier for uniquely identifying the service possessed by the communication device 200, and is used by the authentication device 100 to identify the communication device 200. The connection information generation unit 121 generates a different service UUID for each BLE communication connection. The connection information generation unit 121 is an example of the connection information generation means according to the present invention.

The connection determination unit 122 has a function of executing a connection determination process for determining whether or not to perform data communication by BLE communication with the communication device 200. In the connection determination process, whether or not the connection determination unit 122 performs data communication by BLE communication based on the connection transmission information included in the advertisement packet received from the communication device 200 and the connection information transmitted by the authentication device 100. To judge. The connection transmission information is included in the advertisement packet by the advertising operation of the communication device 200, and includes the Local ID (name of the communication device 200), the service UUID of the service of the communication device 200, and the like. The connection determination unit 122 is an example of the connection determination means according to the present invention.

The one-time key generation unit 123 has a function of executing a process of generating a one-time key. A one-time key is information that has a predetermined expiration date and is valid only once (only in one authentication). The one-time key generation unit 123 is an example of the authentication information generation means according to the present invention.

The authentication processing unit 124 has a function of executing an authentication process for authenticating the validity of the communication device 200. In the authentication process, when the authentication processing unit 124 receives the transmission data from the communication device 200, the authentication processing unit 124 authenticates whether or not the communication device 200 is valid based on the one-time key included in the transmission data. The authentication processing unit 124 is an example of the authentication means according to the present invention.

The output unit 130 is a device that includes a speaker, modulates a carrier signal with digital data to be transmitted, and outputs the data. Specifically, the output unit 130 converts (modulates) the connection information of BLE communication generated by the connection information generation unit 121 and the one-time key generated by the one-time key generation unit 123 into voice data, and also converts (modulates) the conversion. The connected connection information and voice data such as a one-time key are output to the communication device 200. The output unit 130 is an example of the output means according to the present invention.

The detection unit 140 is composed of, for example, an inductive type or a capacitance type proximity sensor, and detects that the communication device 200 is close to the communication device 200 within a predetermined distance (for example, 0 to 3 cm). The detection unit 140 can detect the proximity of the object in each of the non-contact state and the contact state of the object. When the detection unit 140 detects that the communication device 200 is in close proximity, the detection unit 140 outputs a detection signal to the control unit 120. The connection information generation unit 121 of the control unit 120 starts the connection information generation process of BLE communication based on the detection signal. As the distance, a distance at which voice data can be suitably transmitted / received by an experiment or the like may be set as a predetermined distance. Further, as a predetermined distance, different distances may be set depending on the type of proximity sensor. The detection unit 140 is an example of the detection means according to the present invention.

The short-range wireless communication unit 150 is configured to wirelessly connect to the communication device 200 at a short distance and execute data communication. In this embodiment, the short-range wireless communication unit 150 has a BLE module. The BLE module includes a microcomputer, which is a microprocessor that processes wireless communication, and a wireless communication circuit that transmits and receives data by wireless communication. The microcomputer is equipped with a RAM (Random Access Memory) and a flash memory. The short-range wireless communication unit 150 is an example of the short-range wireless communication means according to the present invention.

The input unit 160 is a device for inputting voice data such as a microphone. The input unit 160 measures the volume of ambient noise. The input unit 160 is an example of the measuring means according to the present invention.

The communication device 200 is composed of, for example, a mobile phone, a smartphone, a tablet terminal, or the like, and as shown in FIG. 4, the storage unit 210, the control unit 220, the input unit 230, the short-range wireless communication unit 240, and the like. It is equipped with a system bus 98 that connects the two to each other.

The storage unit 210 is composed of a hard disk, a flash memory, and the like, stores the program 211, and stores various data described later. The program 211 is software that executes a process of creating a service based on the connection information received from the authentication device 100, a process of generating connection transmission information, and a process of generating transmission data to be output to the authentication device 100. Further, the storage unit 210 includes data such as a member number and password of a credit card, connection transmission information generated by the connection transmission information generation unit 221 described later, transmission data generated by the transmission data generation unit 222, and Data such as BLE communication connection information and one-time key received from the authentication device 100 are stored.

The control unit 220 is composed of a CPU and the like. The control unit 220 operates according to the program 211 stored in the storage unit 210, and executes the process according to the program 211. The control unit 220 includes a connection transmission information generation unit 221 and a transmission data generation unit 222 as main functional units provided by the program 211. The transmission data generation unit 222 is an example of the transmission data generation means according to the present invention.

The connection transmission information generation unit 221 has a function of executing a process in which the communication device 200 generates connection transmission information to be output to the authentication device 100 by an advertisement packet. The connection transmission information includes a Local ID, a service UUID of a service possessed by the communication device 200, and the like. The connection transmission information generation unit 221 is an example of the connection transmission information generation means according to the present invention.

The transmission data generation unit 222 has a function of executing a process of generating transmission data to be output to the authentication device 100 (transmission data generation process). When the transmission data generation unit 222 receives the one-time key by voice from the authentication device 100, for example, the received one-time key is added (added in a demodulated state) to data such as a membership number or password of a credit card or the like. ) To generate transmission data.

The input unit 230 is a device that includes a microphone, converts sound into an electric signal, converts it into A / D (analog / digital), and inputs digitized audio data. Specifically, the input unit 230 receives the BLE communication connection information and voice data such as the one-time key output from the authentication device 100, demodulates them, and inputs them to the control unit 220. The input unit 230 is an example of a receiving means according to the present invention.

The short-range wireless communication unit 240 is configured to wirelessly connect to the authentication device 100 at a short distance and execute data communication. The short-range wireless communication unit 240 transmits the advertisement packet and the transmission data by BLE communication. The short-range wireless communication unit 240 is an example of the short-range wireless communication means according to the present invention.

The above is the configuration of the authentication system 1.
Subsequently, the overall operation of the authentication system 1 will be described with reference to FIG.
In the present embodiment, the authentication device 100 is installed in a store that sells products and has a function of performing payment processing such as product purchase, and the communication device 200 has information such as a credit card membership number and a password. However, a case where the product is used by a user who purchases a product at a store will be described as an example.

The authentication system 1 operates to establish a short-range wireless communication connection between the authentication device 100 and the communication device 200. At that time, the authentication device 100 transmits a one-time key valid for one authentication to the communication device 200. When the short-range wireless communication connection is established, the communication device 200 transmits the transmission data in which the one-time key is added to the transmission target information such as the credit card membership number and the password to the authentication device 100. The authentication device 100 authenticates whether or not the communication device 200 is valid based on the one-time key included in the received transmission data. When the authentication device 100 authenticates that it is legitimate, it ends the authentication process and performs the settlement process.
First, the flow of the short-range wireless communication connection operation will be described.

The authentication device 100 starts the process shown in FIG. 2 when the power is turned on.
The detection unit 140 detects whether or not the communication device 200 within a predetermined distance exists (step S101). That is, the detection unit 140 measures the distance between the authentication device 100 and the communication device 200, determines whether or not this distance is within a predetermined distance, and determines that the distance is within a predetermined distance. (Step S101; Yes), the control unit 120 is notified. If it is not detected by the detection unit 140 (step S101; No), the process of step S101 is repeated until it is detected.

When the control unit 120 receives the notification from the detection unit 140, the control unit 120 performs a process of generating connection information of BLE communication by the function of the connection information generation unit 121 and a process of generating a one-time key by the function of the one-time key generation unit 123. Execute (step S102). The process of generating the connection information is a process of generating the information necessary for the connection of the BLE communication with the communication device 200 by the connection information generation unit 121. The connection information includes the service UUID. The service UUID is an identifier for uniquely identifying the service possessed by the communication device 200. The connection information generation unit 121 generates a different service UUID for each BLE communication connection.

The process of generating the one-time key is performed by the one-time key generation unit 123. The one-time key can prevent the transmitted data from being eavesdropped by transmitting the data by adding the one-time key when the communication device 200 transmits the data. The one-time key may be generated by a general one-time key generation method, for example, the one-time key generation unit 123 generates the one-time key based on the current time.

After executing the connection information generation process and the one-time key generation process of BLE communication, the control unit 120 modulates the generated connection information and the generated one-time key by the output unit 130, converts the generated connection information into audio data, and outputs the data. (Step S103), the generated connection information and the generated one-time key are stored in the storage unit 110.

In the voice data output process of step S103, the data is output at a volume determined in advance by an experiment or the like (that is, the minimum volume at which voice transmission / reception is possible within the range detected by the detection unit 140). In the process of step S103, the output volume of the connection information of BLE communication may be adjusted and output so as to be different according to the distance between the authentication device 100 detected by the detection unit 140 and the communication device 200. .. For example, when the detection unit 140 detects that the distance is 0 cm, the output volume may be adjusted to be smaller than that when the detection unit 140 detects that the distance is 3 cm. The output volume may be set in advance according to the separation distance.

When the voice data output process of step S103 is executed, the authentication device 100 starts scanning the advertisement packet and waits for reception (step S104). When the communication device 200 receives the voice data of the connection information of BLE communication at the input unit 230 (step S201; Yes), it demodulates and reproduces the original transmitted connection information and the one-time key, and sends the voice data to the control unit 220. .. The control unit 220 executes a service creation process and a connection transmission information generation process (step S202).

The service creation process is executed by the transmission data generation unit 222, creates a service with the service UUID included in the received connection information, and stores transmission target information such as a credit card membership number and password in the service. The service UUID of the created service and the transmission target information stored in the service are stored in the storage unit 210.

After creating a service with the received service UUID, the communication device 200 starts a process of generating connection transmission information in the connection transmission information generation unit 221. The connection transmission information includes information such as a Local ID and a service UUID of a service possessed by the communication device 200.

When the communication device 200 generates the connection transmission information by the connection transmission information generation unit 221, the communication device 200 starts transmitting the advertisement packet by BLE communication (step S203). The advertisement packet includes the connection transmission information generated by the connection transmission information generation unit 221 and can notify the authentication device 100 of the information of the own device. The advertising operation of transmitting the advertisement packet is performed at a set time interval until the connection request is received.

When the authentication device 100 receives the advertisement packet transmitted from the communication device 200, the authentication device 100 connects whether or not the service UUID in the advertisement packet and the service UUID stored in the storage unit 110 of the authentication device 100 match. The determination unit 122 determines (step S105). If it is determined that they match (step S105; Yes), the short-range wireless communication unit 150 transmits a connection request for data communication by BLE communication to the communication device 200 (step S106), and establishes the connection.

Next, the flow of data transmission / reception and authentication processing will be described.
When the BLE connection is established (step S107; Yes), the authentication device 100 requests the communication device 200 to send data (step S108). This request is made by transmitting a data transmission request to the communication device 200 by the short-range wireless communication unit 150.

When the communication device 200 receives the data transmission request from the authentication device 100 (step S205; Yes), the communication device 200 executes the transmission data generation process by the function of the transmission data generation unit 222 (step S206). First, the transmission data generation unit 222 of the control unit 220 applies the one-time key received from the authentication device 100 to the transmission target information such as the credit card membership number and password stored in the storage unit 210 and stored in the service. Add and generate transmission data.

After executing the transmission data generation process in step S206, the control unit 220 causes the short-range wireless communication unit 240 to transmit the generated transmission data by BLE communication (step S207), and ends the data transmission process. By executing the data transmission process, the transmission data is received by the short-range wireless communication unit 150 of the nearby authentication device 100.

When the data transmission process is executed, the short-range wireless communication unit 150 of the authentication device 100 receives the transmission data, and the authentication device 100 performs the authentication process due to this (step S109).

The authentication processing unit 124 of the control unit 120 determines whether or not the one-time key generated by the one-time key generation unit 123 and the one-time key included in the transmission data match. Specifically, the one-time key included in the transmitted data that has been demodulated into bit string data is extracted, and the extracted one-time key matches the one-time key generated by the one-time key generation unit 123. Determine whether or not to do so. The one-time key generated by the one-time key generation unit 123 is stored in the storage unit 110 together with the expiration date. First, the expiration date of the one-time key of the storage unit 110 is confirmed, and if it is within the expiration date, the determination process is executed. If the one-time key stored in the storage unit 110 has expired, the authentication failure process is executed (step S109; No). The one-time key whose expiration date has passed may be deleted from the storage unit 110 when the expiration date has passed.

When it is determined in the determination process that the one-time keys match, the authentication processing unit 124 determines that the authentication was successful (step S109; Yes). In the process of step S109, the communication device 200 may be notified of the authentication result indicating that the authentication has been successful. After executing the process of step S109, the authentication processing unit 124 deletes the one-time key stored in the storage unit 110, and then ends the authentication process.

On the other hand, if it is determined that the one-time keys do not match (including the case where the one-time key is not stored in the storage unit 110 or the expiration date has expired), the authentication processing unit 124 determines that the authentication has failed ( Step S109; No), the authentication process is terminated. At this time, the communication device 200 may be notified of the authentication result that the authentication has failed.

After executing the process of step S109, the authentication device 100 ends the authentication process. In the illustrated example, in order to facilitate understanding, an example is shown in which the authentication device 100 terminates the process after executing the process of step S109, but the process is terminated only when the authentication fails and the authentication is performed. If it succeeds, the process to be executed after the authentication may be continuously executed. For example, if the authentication is successful, a process of making a payment based on the received credit card member number, password, or the like may be executed.

The above is the operation in the authentication system 1. As described above, the authentication device 100 according to the present embodiment generates connection information of BLE communication that is valid only for one connection and outputs the voice. Then, the communication device 200 and the BLE communication are connected depending on whether or not the service UUID included in the advertisement packet from the communication device 200 matches the service UUID included in the connection information generated and output by the authentication device 100. Judge whether or not. Only when the service UUID included in the advertisement packet from the communication device 200 and the service UUID included in the connection information generated and output by the authentication device 100 match, the authentication device 100 can perform data communication by BLE communication. Send a connection request and establish a BLE communication connection.

Further, the authentication device 100 generates a one-time key that is valid only for one authentication and outputs the voice. Then, the validity of the communication device 200 is determined based on whether or not the one-time key included in the transmission data from the communication device 200 matches the one-time key generated and output immediately before. Authentication is performed only when the one-time key included in the transmission data received from the communication device matches the one-time key at the time of generation.

Further, when the detection unit 140 of the authentication device 100 detects that the distance between the authentication device 100 and the communication device 200 is within a predetermined distance (for example, 3 cm), the connection information for short-range wireless communication, one Output the time key by voice. Therefore, the output volume of the connection information and the one-time key can be set to a volume that can be received by the nearby communication device 200, and it is possible to prevent recording by another person. Further, while the authentication device 100 outputs voice, the communication device 200 outputs transmission data by BLE communication. Therefore, as compared with the case where both are output as voice, it is not necessary to adjust the output volume on the communication device 200 side, and the time and effort of the user can be reduced.

(Modification example)
The present invention is not limited to the above-described embodiment, and various modifications and applications are possible. It does not have to have all the technical features shown in the above-described embodiment, but includes a part of the configurations described in the above-described embodiment so as to solve at least one problem in the prior art. There may be. In addition, the configurations shown in the following modifications may be combined.

(1) In the above embodiment, in the transmission data generation process, the transmission data generation unit 222 of the communication device 200 adds (adds in a demodulated state) the received one-time key to generate transmission data. As shown, this is just an example. For example, the transmission data generation unit 222 simply adds (adds in a demodulated state) the received one-time key to the information to be transmitted such as the membership number and password in the process of generating the transmission data in step S206. Instead, the information to be transmitted may be encrypted with a one-time key that has been received and demodulated. In addition to encryption, information to be transmitted may be calculated using a received and demodulated one-time key (for example, adding a one-time key). Then, the encrypted or calculated information may be used as transmission data. In this case, for example, the information to be transmitted is squared and the remainder divided by 5 is added to the information to be transmitted. A predetermined hash function may be applied to the data, and the result (hash value) may be added to the transmission data.

Then, in the process of outputting the transmission data, the generated transmission data and the hash value may be output to the authentication device 100 by the short-range wireless communication unit 240. In the authentication process of step S109, the authentication device 100 demodulates the transmission data and the hash value received from the communication device 200 into bit string data before determining whether or not the one-time keys match, and converts the transmission data into bit string data. Decrypt with the one-time key generated by the one-time key generation unit 123 (return to the state before the calculation). Then, a predetermined hash function may be applied to the decoded transmission data, and it may be determined whether or not the result (hash value) matches the received hash value.

The process when the one-time key has expired is the same as that of the above embodiment. Then, if the hash values match, it may be determined that the authentication was successful, and if they do not match (similar to the above embodiment), it may be determined that the authentication has failed. It is assumed that a common hash function is stored in advance in each storage unit of the authentication device 100 and the communication device 200. According to this, since the one-time key and the hash value are not authenticated unless they are valid, the security can be improved and fraud can be further prevented as compared with simply adding the one-time key.

(2) Further, in the modified example (1), an example in which the information to be transmitted is encrypted or calculated with a one-time key is shown. It may be encrypted or calculated using a unique private key assigned to each. Specifically, the communication device 200 receives in advance the identification information for identifying the communication device 200 and the private key corresponding to the identification information from a server capable of communicating with each other via the network (after receiving once). Does not require communication between the communication device 200 and the server). Then, in the transmission data generation process in step S206, the one-time key (demodulated state) received from the authentication device 100 and the private key received from the server are used for information to be transmitted such as a membership number and a password. It may be encrypted or calculated to generate transmission data. In this case, the hash value may be added to the transmission data as in the modification (1), and the identification information received from the server may be added to the transmission data. That is, in the transmission data generation process of step S206, the short-range wireless communication unit 240 may output the generated transmission data, the hash value, and the identification information to the authentication device 100.

On the authentication device 100 side, in the authentication process of step S109, before the determination process, the transmission data, the hash value, and the identification information received from the communication device 200 are demolished into bit string data, and the transmission data is generated as a one-time key. Decryption is performed using the one-time key generated in unit 123 and the private key (returns to the state before the calculation). Then, in the determination process, a predetermined hash function may be applied to the decoded transmission data, and it may be determined whether or not the result (hash value) matches the received hash value. The private key is stored in advance in the storage unit 110 of the authentication device 100 in association with the identification information of the communication device 200, and the private key may be specified from the storage unit 110 based on the received identification information. .. Further, for example, the private key may be calculated by calculating according to a predetermined rule based on the identification information. Subsequent processing is the same as that of the modified example (1). According to this, security can be further improved.

In addition to this, for example, on the communication device 200 side, the identification information may be encrypted or calculated with a one-time key, and the information to be transmitted may be encrypted or calculated with a one-time key and a private key. Good. Then, on the side of the authentication device 100, the identification information is first decrypted with the one-time key, and the private key is acquired based on the identification information. Then, the transmitted data may be decrypted using the acquired private key and the one-time key. According to this, security can be further improved.

(3) Further, in the above embodiment, as shown in FIG. 3, an example in which the authentication device 100 includes one output unit 130 is shown, but this is an example. The authentication device 100 may include a plurality of output units 130, and in this case, the output units 130 may be provided at different positions and at positions where the voice is evenly distributed around the authentication device 100. According to this, it is possible to output sound at a more suitable output volume.

For example, even if the detection unit 140 determines that the distance between the authentication device 100 and the communication device 200 is within a predetermined distance, the distance between the input unit 230 of the communication device 200 and the output unit 130 of the authentication device 100 May be separated. In such a case, if the output volume of the authentication device 100 is low, the communication device 200 may not be able to receive the voice accurately. On the other hand, if the output volume is increased, it may be received by a communication device other than the target. Therefore, by providing a plurality of output units 130 at different positions, it is possible to output sound with high accuracy and at a suitable output volume.

Further, the authentication device 100 may include a plurality of detection units 140 corresponding to the plurality of output units 130. Then, among the plurality of detection units 140, the voice output may be performed only from the output unit 130 corresponding to the detection unit 140 that has detected that the communication device 200 is in close proximity. According to this, it is possible to prevent the output from the unnecessary output unit 130, output the voice with a suitable output voice, and further improve the security.

(4) Further, in the above embodiment, in the voice data output process of step S103 of FIG. 2, the volume is determined in advance by an experiment or the like (that is, if it is within the range detected by the detection unit 140, transmission / reception by voice is performed. The example of outputting the connection information of BLE communication and the one-time key at the minimum possible volume) is shown, but this is an example. As described above, the volume output in step S103 does not have to be a constant volume, and may be, for example, a volume in consideration of ambient noise and the like. Specifically, when the volume of ambient noise is high, it is necessary to increase the volume so that the voice communication between the authentication device 100 and the communication device 200 does not fail. However, since the volume of ambient noise changes with the passage of time, if the volume of ambient noise decreases and the output volume remains high, security deteriorates. Therefore, it is necessary to change the output volume according to the volume of ambient noise.

In this example, during the period in which the connection information and the one-time key are output by voice in step S103, the input unit 160 measures the volume of ambient noise, and the output unit 130 adjusts the output volume according to the volume of the noise. Just do it. Specifically, the measured noise volume may be divided into a plurality of stages and output at an output volume corresponding to the stage. When measuring the volume of ambient noise, it is not necessary to measure the volume of noise in the frequency band used for voice communication and not to measure the noise in the unused frequency band.

Further, for example, as in the modification (3) above, a plurality of output units 130 (same for the detection unit 140) are provided around the authentication device 100, and a plurality of input units 160 are provided correspondingly to connect the authentication device 100. Before outputting the information and the one-time key, the user may be notified to move the communication device 200 to the position where the volume of ambient noise is the lowest. For example, the volume of ambient noise is measured by each of a plurality of input units 160 provided around the authentication device 100, and the input unit 160 is determined to have the lowest noise volume among the plurality of input units 160. A notification sound may be output from the output unit 130, and the user may be urged to move the communication device 200 to the position of the output unit 130. Then, based on the detection by the corresponding detection unit 140, the connection information and the one-time key voice output may be performed. According to this, it is possible to reduce the influence of noise and improve security.

Further, the authentication device 100 according to the present invention can be realized by using an ordinary computer such as a smartphone or a tablet without using a dedicated device. For example, the function of the authentication device 100 may be realized by executing a program by a computer. Programs for realizing the functions of the authentication device 100 include a computer such as a USB (Universal Serial Bus) memory, a CD-ROM (Compact Disk Read Only Memory), a DVD (Digital Versaille Disk), and an HDD (Hard Disk Drive). It may be stored on a recording medium or downloaded to a computer via a network.

In addition, when the above-mentioned functions are realized by sharing the OS (Operating System) and the application, or by cooperating with the OS and the application, only the part other than the OS may be stored in the medium.

It is also possible to superimpose a program on a carrier wave and distribute it via a communication network. For example, the program may be posted on a bulletin board system (BBS, Bulletin Board System) on a communication network, and the program may be distributed via the network. Then, by starting these programs and executing them in the same manner as other application programs under the control of the OS, the above-mentioned processing may be executed.

1 Authentication system 98 System bus 99 System bus 100 Authentication device 110 Storage unit 111 Program 120 Control unit 121 Connection information generation unit 122 Connection judgment unit 123 One-time key generation unit 124 Authentication processing unit 130 Output unit 140 Detection unit 150 Short-range wireless communication Unit 160 Input unit 200 Communication equipment 210 Storage unit 211 Program 220 Control unit 221 Connection transmission information generation unit 222 Transmission data generation unit 230 Input unit 240 Short-range wireless communication unit

Claims (16)

Connection information generation means that generates connection information that can be used only for one short-range wireless communication connection,
An output means that outputs the connection information by voice, and
A short-range wireless communication means for receiving connection transmission information including information for identifying the communication device from a communication device that has received the connection information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means to judge and
Authentication device equipped with. Connection information generation means that generates connection information that can be used only for one short-range wireless communication connection,
An authentication information generation means that generates authentication information that can be used only for one-time authentication,
An output means that outputs the connection information and the authentication information by voice, and
A short-range wireless communication means for receiving connection transmission information including information for identifying the communication device from a communication device that has received connection information and authentication information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means to judge
A transmission request for data including the authentication information is transmitted by the short-range wireless communication means based on the determination result of the connection determination means, and the data transmitted from the communication device receiving the transmission request is transmitted to the short-range wireless communication means. An authentication means for authenticating whether or not the communication device is valid depending on whether or not the authentication information included in the received data matches the authentication information output by voice by the output means when the data is received via. When,
Authentication device equipped with. Connection information generation means that generates connection information that can be used only for one short-range wireless communication connection,
An authentication information generation means that generates authentication information that can be used only for one-time authentication,
An output means that outputs the connection information and the authentication information by voice, and
A short-range wireless communication means for receiving connection transmission information including information for identifying the communication device from a communication device that has received connection information and authentication information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means to judge
Based on the determination result of the connection determination means, the transmission request of the data encrypted based on the authentication information is transmitted by the short-range wireless communication means, and the data transmitted from the communication device receiving the transmission request is transmitted. When received via the short-range wireless communication means, the received data is decoded based on the authentication information output by voice by the output means, and whether or not the communication device is valid based on the decoding result. Authentication means to authenticate and
Authentication device equipped with. Connection information generation means that generates connection information that can be used only for one short-range wireless communication connection,
An authentication information generation means that generates authentication information that can be used only for one-time authentication,
An output means that outputs the connection information and the authentication information by voice, and
A short-range wireless communication means for receiving connection transmission information including information for identifying the communication device and information unique to the communication device from a communication device that has received connection information and authentication information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means to judge
Based on the determination result of the connection determination means, a transmission request for data encrypted based on the communication device-specific information and the authentication information is transmitted by the short-range wireless communication means, and the transmission request is received. When the data transmitted from the communication device is received via the short-range wireless communication means, the data received is decoded based on the information unique to the communication device and the authentication information output by voice by the output means. Then, based on the decryption result, an authentication means for authenticating whether or not the communication device is legitimate, and
Authentication device equipped with. Further provided with a detection means for detecting that the distance to the communication device is within a predetermined distance,
The output means outputs the connection information when the detection means detects that the distance to the communication device satisfies a predetermined standard.
The authentication device according to any one of claims 1 to 4, wherein the authentication device is characterized by the above. A plurality of the output means are provided in the authentication device.
The authentication device according to any one of claims 1 to 5, characterized in that. Further equipped with a measuring means for measuring noise in a predetermined range,
The output means can output at different volumes depending on the measurement result by the measuring means.
The authentication device according to any one of claims 1 to 6, characterized in that. A receiving means that receives connection information that can be used only for one short-range wireless communication connection by voice from the authentication device, and
A connection transmission information generating means that generates connection transmission information including information for identifying the own device based on the connection information received by the receiving means.
A short-range wireless communication means for transmitting the connection transmission information and
Communication equipment equipped with. An authentication system that has an authentication device and a communication device.
The authentication device is
Connection information generation means that generates connection information that can be used only for one short-range wireless communication connection,
An output means that outputs the connection information by voice, and
A short-range wireless communication means for receiving connection transmission information including information for identifying the communication device from a communication device that has received the connection information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means for judgment and
With
The communication device is
A receiving means for receiving the connection information by voice from the authentication device, and
The connection transmission information generation means for generating the connection transmission information and
A short-range wireless communication means for transmitting the connection transmission information and
Authentication system with. An authentication system that has an authentication device and a communication device.
The authentication device is
Connection information generation means that generates connection information that can be used only for one short-range wireless communication connection,
An authentication information generation means that generates authentication information that can be used only for one-time authentication,
An output means that outputs the connection information and the authentication information by voice, and
A short-range wireless communication means for receiving connection transmission information including information for identifying the communication device from a communication device that has received connection information and authentication information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means to judge
Based on the determination result of the connection determination means, a transmission request for data including the authentication information is transmitted by the short-range wireless communication means, and the data transmitted from the communication device receiving the transmission request is used for the short-range wireless communication. Authentication that authenticates whether or not the communication device is valid depending on whether or not the authentication information included in the received data matches the authentication information output by voice by the output means when received via the means. Means and
With
The communication device is
A receiving means for receiving the connection information and the authentication information by voice from the authentication device, and
The connection transmission information generation means for generating the connection transmission information and
A transmission data generation means that generates data including authentication information received by the reception means, and a transmission data generation means.
A short-range wireless communication means for transmitting the connection transmission information and data including the authentication information, and
Authentication system with. It is an authentication method using an authentication device.
A connection information generation step that generates connection information that can only be used for one short-range wireless communication connection,
An output step that outputs the connection information by voice, and
A reception step of receiving connection transmission information including information for identifying the communication device from a communication device that has received the connection information output by voice, and a reception step.
A connection determination step for determining whether or not to perform data communication with the communication device based on the connection transmission information received in the reception step and the connection information output in the output step.
An authentication method characterized by comprising. It is an authentication method using an authentication device.
A connection information generation step that generates connection information that can only be used for one short-range wireless communication connection,
An authentication information generation step that generates authentication information that can be used only for one-time authentication,
An output step that outputs the connection information and the authentication information by voice, and
A reception step of receiving connection transmission information including information for identifying the communication device from a communication device that has received connection information and authentication information output by voice, and a reception step.
A connection determination step for determining whether or not to perform data communication with the communication device based on the connection transmission information received in the reception step and the connection information output in the output step.
Authentication included in the received data when a transmission request for data including the authentication information is transmitted based on the determination result of the connection determination step and the data transmitted from the communication device that received the transmission request is received. An authentication step that authenticates whether or not the communication device is valid based on whether or not the information matches the authentication information output by voice in the output step, and
An authentication method characterized by comprising. It is a communication method executed by a communication device.
A reception step in which connection information that can be used only for one short-range wireless communication connection is received by voice from the authentication device, and
A connection transmission information generation step that generates connection transmission information including self-identifying information based on the connection information received in the reception step, and a connection transmission information generation step.
The output step of transmitting the connection transmission information and
A communication method characterized by comprising. Computer,
Connection information generation means, which generates connection information that can be used only for one short-range wireless communication connection,
An output means that outputs the connection information by voice,
A short-range wireless communication means for receiving connection transmission information including information for identifying the communication device from a communication device that has received connection information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means to judge,
A program characterized by functioning as. Computer,
Connection information generation means, which generates connection information that can be used only for one short-range wireless communication connection,
Authentication information generation means, which generates authentication information that can be used only for one-time authentication.
An output means that outputs the connection information and the authentication information by voice.
A short-range wireless communication means that receives connection transmission information including information that identifies the communication device from a communication device that has received connection information and authentication information output by voice.
Whether or not to perform data communication with the communication device via the short-range wireless communication means based on the connection transmission information received by the short-range wireless communication means and the connection information output by the output means. Connection judgment means to judge
Based on the determination result of the connection determination means, a transmission request for data including the authentication information is transmitted by the short-range wireless communication means, and the data transmitted from the communication device receiving the transmission request is used for the short-range wireless communication. Authentication that authenticates whether or not the communication device is valid depending on whether or not the authentication information included in the received data matches the authentication information output by voice by the output means when received via the means. means,
A program characterized by functioning as. Computer,
A receiving means that receives connection information by voice from an authentication device, which can be used only for one short-range wireless communication connection.
A connection transmission information generating means that generates connection transmission information including information for identifying the own device based on the connection information received by the receiving means.
Short-range wireless communication means for transmitting the connection transmission information,
A program characterized by functioning as.

Images