JP5207654B2 - Communication device, pairing method between communication devices, method for pairing wearable key and IC card, and system comprising wearable key and IC card - Google Patents

Description

  The present invention relates to a communication device, a pairing method between communication devices, a method for pairing a wearable key and an IC card, and a system including the wearable key and an IC card.

  Two communication apparatuses (hereinafter referred to as “units”) A and unit B communicating in two directions authenticate each other by an operation called “pairing”.

  For example, IDs are assigned to the units A and B in advance, the IDs are stored in the memory, and the units A and B communicate with each other to authenticate each other. Specifically, when communicating with the other party using a mobile phone, communication is performed by calling the other party's number. In addition, an ID of a car key (referred to as “keyless entry” or the like) is stored in advance in a storage device in the vehicle, and when the ID is transmitted wirelessly from the key, whether or not the ID is stored in the storage device in the vehicle. Whether the door of the car is opened or closed is determined.

On the other hand, as a conventional technique, a wireless authentication system having a function of restricting use of devices is disclosed in order to prevent misplacement, theft, unauthorized use, or unauthorized use of various devices such as mobile phones (for example, Patent Document 1).
International Publication Number WO 03/058936 A1

  However, all of the above-described examples relate to pairing for performing authentication with a communication partner (unit) registered in advance using an ID or the like. Conventionally, a pairing capable of authenticating with an unregistered communication partner has been desired.

  Therefore, even though the present invention has been made in view of the above problems, it is an object of the present invention to pair a communication device that can authenticate with a communication partner that is not registered, a pairing method between communication devices, a wearable key and an IC card. An object of the present invention is to provide a ring method and a system comprising a wearable key and an IC card.

  In order to achieve the above object, according to an embodiment of the present invention, in a communication device that communicates with another communication device, a random number generator that generates a random number of N (N is a natural number of 1 or more) bits; A transmitting unit that generates a pairing request signal including the random number and transmits the pairing request signal to the other communication device; and a pairing acceptance signal that is the encrypted pairing request signal is transmitted to the other communication device. A receiving unit that receives the pairing acceptance signal, a decoding unit that decodes the received pairing acceptance signal, and the pairing request signal when the signal decoded by the decoding unit matches the pairing request signal And a storage unit for storing the pairing acceptance signal received by the receiving unit.

  In order to achieve the above object, according to another embodiment of the present invention, there is provided a pairing method in a communication device that communicates with another communication device, wherein N (N is a natural number of 1 or more) bits. Generate a random number, generate a pairing request signal consisting of the random number, send the pairing request signal to the other communication device, and send the pairing acceptance signal that is the encrypted pairing request signal to the other Receiving the pairing acceptance signal received from the communication device, and when the decoded signal and the pairing request signal match, the pairing request signal and the pairing received by the receiving unit The acceptance signal is stored in the storage unit.

  In order to achieve the above object, according to another embodiment of the present invention, in a method for pairing a wearable key and an IC card, N (N is a natural number of 1 or more) bits in the wearable key. Generate a random number, send a pairing request signal comprising the random number to the IC card, encrypt the received pairing request signal in the IC card, and pair the encrypted pairing request signal Transmitting to the wearable key as an acceptance signal, decrypting the received pairing acceptance signal in the wearable key, and when the decrypted signal and the pairing request signal match, a pairing confirmation signal is sent to the IC card And sending the pairing request signal and the pairing acceptance signal to the wearable Stored in over the memory in the IC card receives the pairing acknowledgment signal, and the pairing request signal to the pairing acceptance signal, and to store in the memory of the IC card.

  In order to achieve the above object, according to another embodiment of the present invention, in a system comprising a wearable key and an IC card, a random number of N (N is a natural number of 1 or more) bits is assigned to the wearable key. A generated random number generation unit, a pairing request signal transmission unit that generates a pairing request signal composed of the random numbers and transmits the pairing request signal to the IC card, and a pair that is the encrypted pairing request signal A pairing acceptance signal receiving unit for receiving a ring acceptance signal from the IC card; a decoding unit for decoding the received pairing acceptance signal; a signal decoded by the decoding; and the pairing request signal; When the two match, a pairing confirmation signal indicating a match is transmitted to the IC card, and the pairing request signal and the pair are transmitted. And a wearable key storage unit that stores in the memory the pairing acceptance signal received by the pairing acceptance signal receiving unit, and the IC card receives the pairing request signal transmitted from the wearable key. A request signal receiving unit, an encryption unit for encrypting the received pairing request signal, and a pairing acceptance signal transmitting unit for transmitting the encrypted pairing request signal to the wearable key as a pairing acceptance signal; And an IC card storage unit that stores the pairing request signal and the pairing acceptance signal in a memory when the pairing confirmation signal is received.

  According to the present invention, there is provided a communication device capable of authenticating with an unregistered partner, a pairing method between communication devices, a method for pairing a wearable key and an IC card, and a system comprising the wearable key and an IC card. Can be provided.

  The best mode for carrying out the present invention will be described below with reference to the drawings.

  First, Example 1 will be described. FIG. 1 is a diagram illustrating a configuration example of units (or communication apparatuses) A, B, and C to which the present invention is applied. Each unit A, B, C has substantially the same configuration, and FIG. 1 shows an example of the unit A10.

  The unit A10 includes a reception antenna 11, a transmission / reception circuit 12, a function calculation circuit 13, a switch (SW) 14, and a transmission / reception antenna 15. The transmission / reception circuit 12 includes a receiver 121 and a transmitter 122. Furthermore, the function calculation circuit 13 includes a use restriction function unit 131, a pairing function unit 132, a wireless authentication function unit 133, a search function unit 134, a reception level measurement circuit 135, an alarm function unit 136, and a time measurement unit. 137, a search signal generator 138, and an orientation detection circuit 139.

  The controlled device 40 is a device whose use is restricted with respect to the unit A10. For example, the use of the controlled device 40 is restricted by communication between the units A and B.

  FIG. 2 is a diagram illustrating a configuration example of the unit A10 and the unit B20 in the first embodiment. FIG. 2 is a diagram including a specific configuration example of the pairing function unit 132 with respect to FIG. 1. In the first embodiment, the pairing function unit 132 automatically issues an ID when pairing is performed for the first time without previously assigning an ID between the units A10 and B20, and stores the ID in each other. This is an example in which an authentication relationship is established only with the other party by registering with the apparatus.

  The pairing function unit 132 of the unit A10 includes a pairing switch (SW) 1321, a random number generation unit 1322, a transmission memory 1323, a decryption unit 1324, a reception memory 1325, and an ID memory 1326.

  On the other hand, the pairing function unit 132 of the unit B20 includes a pairing switch 1327, an encryption unit 1328, a transmission memory 1329, a reception memory 1330, and an ID memory 1331.

  Next, an example of pairing operation between the units A10 and B20 will be described with reference to FIG. FIG. 3 shows a pairing sequence diagram. In this sequence, unit A10 operates as a key, and unit B20 operates as a target. The pairing means that the unit A10 and the unit B20 can authenticate each other.

  First, unit A10 and unit B20 are brought close to each other (S10).

  Next, the pairing switch 1321 of the unit A10 is turned on (S11), and the pairing switch 1327 of the unit B20 is also turned on (S12).

  Next, it is determined whether or not pairing has already been performed between the units A10 and B20 (S13). For example, the random number generator 1322 accesses the ID memory 1326 via the transmission memory 1323, and the IDs of the units A10 and B20 (specifically, the pairing request signal Preq and the pairing acceptance signal Pacc) are stored in the memory 1326. If it is stored, it is determined that it is paired, otherwise it is determined that it is not paired. If paired, this sequence does not need to be executed, and the process ends.

  If not paired (NO in S13), the calling signal CA is transmitted from the unit A10 to the unit B20 (S14). For example, when the pairing switch 1321 is turned on, the call signal CA is transmitted from the random number generator 1322 to the transmitter 122 via the transmission memory 1323, and the transmitter 122 receives the call by inputting the signal. A signal CA is generated and transmitted.

  In this way, the call signal CA is transmitted from the unit A10 only when the unit A10 is not already paired with another unit.

  Next, the unit B20 receives the calling signal CA (S15). Next, the unit B20 determines whether it is already paired with the unit A10 (S16). For example, when the receiver 121 receives the calling signal CA, a signal indicating that the signal has been received is output to the encryption unit 1328, and the encryption unit 1328 accesses the ID memory 1331 to register the IDs of the units A10 and B20. It is judged by checking whether or not. If it has already been paired, the processing of this sequence ends.

  If not paired (NO in S16), the unit B20 returns a response signal RS to the calling signal CA (S17). For example, a signal indicating reception of the calling signal CA is output from the receiver 121 to the transmitter 122 via the encryption unit 1328 and the transmission memory 1329, and the transmitter 122 generates and transmits a response signal RS.

  Thus, the unit B20 returns a response signal only when the unit B20 is not already paired with another unit.

  FIGS. 4A and 4B are diagrams showing examples of the format of the call signal CA and the response signal RS transmitted and received between the units A10 and B20. The call signal CA is transmitted together with the synchronization bit and the header, and the response signal RS is also transmitted together with the synchronization bit and the header.

  Returning to FIG. 3, upon receiving the response signal RS, the unit A10 generates an N-bit random number (S18). For example, when the receiver 121 receives the response signal RS, the random number generator 1322 generates a random number by instructing the random number generator 1322 to generate a random number.

  Then, the unit A10 transmits a pairing request signal Preq for requesting pairing to the unit B20 (S19). This request signal Preq is a random number generated in the process of S18. The random number generated by the random number generator 1322 is output to the transmitter 122 via the transmission memory 132 and transmitted from the transmitter 122 as a pairing request signal Preq.

  The unit B20 receives the pairing request signal Preq (S20), and encrypts the pairing request signal Preq using the encryption function g (S21). For example, when the receiver 121 receives the pairing request signal Preq, the receiver 121 outputs the signal to the encryption unit 1328, and the encryption unit 1328 performs encryption.

  Next, the unit B20 returns the encrypted signal as a pairing acceptance signal Pacc to the unit A10 (S22). For example, the encrypted signal is output to the transmitter 122 via the transmission memory 1329 and transmitted from the transmitter 122 as a pairing acceptance signal Pacc.

  FIG. 4C and FIG. 4D are diagrams illustrating a format example of a signal transmitted between the units A10 and B20 during pairing. The pairing request signal Preq is transmitted together with the synchronization bit and the header, and the pairing acceptance signal Pacc is also transmitted together with the synchronization bit and the header.

Returning to FIG. 3, when the unit A10 receives the pairing acceptance signal Pacc (S23), the unit A10 decodes the pairing acceptance signal Pacc using the decoding function g- ¹ (S24). Then, the unit A10 confirms that the decoding result matches the pairing request signal Preq (S25). This is to confirm that the units A10 and B20 are regular pairing partners using the same encryption function g.

  For example, when the receiver 121 receives the pairing acceptance signal Pacc, it is output to the decoding unit 1324 to be decoded, and processing is performed depending on whether it matches the pairing request signal Pacc stored in the transmission memory 1323. Is called.

  If they do not match (NO in S25), the process ends because the party is not a regular pairing partner.

  If they match (YES in S25), unit A10 transmits a pairing confirmation signal Pok (S26). For example, when the decoding unit 1324 confirms a match with the pairing request signal Preq, the decoding unit 1324 outputs a signal indicating that to the transmitter 122, and the transmitter 122 generates a pairing confirmation signal Pok. The signal is transmitted.

  In the unit B20, when the pairing confirmation signal Pok is received (S27), the pairing request signal Preq and the pairing acceptance signal Pacc are stored in the ID memory 1331 (S28). Then, the unit B20 returns a pairing completion signal Pend (S29). For example, when the receiver 121 receives the pairing confirmation signal Pok, a signal indicating reception is output to the encryption unit 1328 and the reception memory 1330, and the encryption unit 1328 stores the pairing stored in the transmission memory 1329. The acceptance signal Pacc is read and output to the ID memory 1331, and the reception memory 1330 reads the stored pairing request signal Preq and outputs it to the ID memory 1331 for storage.

  FIG. 4E and FIG. 4F are diagrams showing a format example of a signal transmitted / received when pairing is completed. The pairing confirmation signal Pok and the pairing completion signal Pend are transmitted / received together with the synchronization bit and the header, similarly to the call signal CA and the like.

  Returning to FIG. 3, when the unit A10 receives the pairing completion signal Pend (S30), the pairing request signal Preq and the pairing acceptance signal Pacc are stored in the memory (S31). For example, the transmission memory 1323 reads the stored pairing request signal Preq and outputs it to the ID memory 1326, and the decoding unit 1324 reads the pairing acceptance signal Pacc stored in the reception memory 1330 and stores it in the ID memory 1326. It memorizes by outputting.

  By storing the pairing request signal Preq and the pairing acceptance signal Pacc in the ID memories 1326 and 1331, the unit A10 and the unit B20 are already paired (S32 and S33). When pairing is completed, new pairing is not performed again between the units A10 and B20. Thereafter, the units A10 and B20 enter the authentication mode (described in the second embodiment) and end (S34, S35).

  5 and 6 are flowcharts showing specific examples of encryption and decryption processing. The same processes as those in the example shown in FIG. As shown in FIG. 5, in the encryption performed by the unit B20, the pairing request signal Preq is received (S20), encrypted by the encryption function g (S21), and an encrypted signal Pacc is generated and transmitted ( S22). Here, as the encryption function g, generally known encryption functions such as DES (Data Encryption Standard), AES (Advanced Encryption Standard), and Triple DES (Triple DES) are used. The reason why encryption is performed in this manner is to prevent pairing with a fake unit when performing pairing.

When encryption is performed using an encryption function (S21), an encryption key ANK is used (S210). This encryption key ANK is a secret key that only the manufacturer that manufactures the units A10 and B20 can know. When the encryption signal Pacc (pairing acceptance signal) is expressed using the encryption key ANK,
Pacc = g (ANK, Preq)
It becomes.

As shown in FIG. 6, the decoding performed by the unit A10 receives the pairing acceptance signal Pacc (S23), decodes it using the decoding function g- ¹ (S24), and obtains the decoded signal Preq (S241). . Decryption is also performed using the encryption key ANK, and the decrypted signal Preq is
Preq = g ⁻¹ (ANK, Pacc)
Can be expressed as

  As described above, in the first embodiment, a random number is generated (S18), and encryption and decryption are performed between the unit A10 and the unit B20 using this random number. Therefore, authentication can be performed even when pairing is performed for the first time without giving an ID between the units A10 and B20 in advance.

  In order to accurately perform pairing in the first embodiment, the units A10 and B20 may be placed in a metal case in order to prevent interference with other radio waves.

  Moreover, although the example mentioned above demonstrated by the example by a radio | wireless, unit A10, B20 may be connected with a wire and the process mentioned above may be performed.

  Further, the unit A10 and the unit B20 shown in FIG. 2 may include a decryption unit 1324 and an encryption unit 1328, and the configuration of the pairing function unit 132 may be quite common.

  In any case, the same effect as the above-described example is obtained.

  Next, Example 2 will be described. The second embodiment is an example in which wireless authentication is performed. Confirming that the paired units A10 and B20 communicate with each other and are paired is called authentication, and because this authentication operation is performed wirelessly, it is called wireless authentication.

  FIG. 7 is a diagram illustrating a sequence example of wireless authentication. The wireless authentication is performed in the units A10 and B20 after the pairing is completed, and the configurations of the units A10 and B20 are the same as those in the first embodiment. Specifically, this is performed by the wireless authentication function unit 133 of the function calculation circuit 13 (see FIG. 1).

  First, the unit A10 operating as a key transmits a search signal SKID at a constant cycle (for example, every 2 seconds) (S40).

  When the unit B20 paired with the unit A10 receives the search signal SKID (S41), it checks whether or not it is a paired partner (S42). Whether or not the pair is a paired partner is determined by checking whether or not the pair of the pairing request signal Preq and the pairing acceptance signal Pacc is stored in the ID memory 1331. If the other party is not paired, the wireless authentication is not performed and the process ends.

  If it is a paired partner (YES in S42), a search response signal STID is returned (S43).

  Next, when the unit A10 receives the search response signal STID, it confirms whether or not it is a paired partner (S44), and when it is a paired partner (YES), sends a challenge request signal Creq ( S45). The pairing partner is recognized by transmitting and receiving the search signal SKID and the search response signal STID.

  Upon receipt of the challenge request signal Creq (S46), the unit B20 generates an N-bit random number (S47). Then, the unit B20 returns a challenge signal Chal (S48). The challenge signal Chal is an N-bit random number generated in the unit B20.

  When the unit A10 receives the challenge signal Chal (S49), the unit A10 encrypts the challenge signal Chal using the encryption function g (S50). The encryption uses the encryption function g used for pairing, but the key used for encryption is exchanged at the time of pairing and stored in the ID memories 1326 and 1331 and the pairing acceptance signal Pacc. It is.

  Then, the unit A10 transmits a response signal Resp (S51). The response signal Resp is an encrypted challenge signal Chal.

When the unit B20 receives the response signal Resp (S52), the unit B20 decrypts it using the decryption function g- ¹ (S53). The unit B20 confirms that the decrypted result matches the challenge signal Chal (S54). If they match, unit B20 returns an ACK signal (S55), and unit A10 receives the ACK signal (S56).

  After receiving the ACK signal, the unit A10 transmits the challenge request signal Creq again after a predetermined time (for example, after 4 seconds) (S45), and repeats the subsequent processing.

  If authentication is established, the processing from S45 onward is repeated in this way. However, if the authentication fails (NO in S54), the processing is performed again from transmission of the search signal (S40).

  8 and 9 are flowcharts showing specific examples of encryption and decryption processes, respectively. As described above, the encryption performed in the unit A10 uses the pairing request signal Preq and the pairing acceptance signal Pacc exchanged between the units A10 and B20 during pairing as encryption keys (S500). The same applies to decoding (S530).

  In this way, in addition to simply confirming whether or not the partner is a paired partner (S42, S44), in the second embodiment, the generated random number is encrypted and decrypted to determine whether the result matches. By confirming (S54), wireless authentication is performed. Therefore, the unit B20 can reliably authenticate the unit A10, and the unit A10 can authenticate the unit B20.

  Next, Example 3 will be described. The third embodiment is an example in which the distance between the unit A10 and the unit B20 is measured. FIG. 10 is a diagram illustrating a configuration example of the units A10 and B20 for realizing such a function. Unit A10 and unit B20 have the same configuration.

  The unit A10 includes a reception antenna 11, a reception amplifier 111, an A / D conversion circuit 112, a reception level measurement circuit 113 (corresponding to the reception level measurement circuit 135 in FIG. 1), a distance conversion calculation circuit 115, and wireless authentication. Circuit (corresponding to the wireless authentication function 133 in FIG. 1) 133.

  The operation is as follows. That is, radio waves are transmitted and received in both directions between the units A10 and B20 performing wireless authentication (second embodiment). The radio wave transmitted from the unit A10 is received by the unit B20. FIG. 11A shows an example of a received signal received by the receiving antenna 11.

  The reception signal is amplified by the reception amplifier 111 and converted from an analog signal to a digital signal by the A / D conversion circuit 112. An example of the converted signal is shown in FIG.

  On the other hand, the amplified received signal is input to the wireless authentication circuit 133, and the unit B20 authenticates the unit A10 by analyzing the received signal. This authentication operation is performed at the timing when a reception signal is input (see FIG. 11C).

  Then, the wireless authentication circuit 133 outputs a measurement timing signal indicating the reception level measurement timing. A measurement timing signal is output at the timing when the wireless authentication operation ends. Since authentication with a pairing partner is confirmed by wireless authentication, a measurement timing signal is output at the end of authentication.

  The reception level measurement circuit 113 measures the level of the reception signal based on the measurement timing signal. For example, the measurement is performed at a timing when the measurement timing signal is “HIGH”.

  The distance conversion calculation circuit 115 calculates the distance to the unit A10 based on the reception level from the reception level measurement circuit 113. For example, when the units A10 and B20 are located at a distance “1 m” in advance, the reception level V1 is stored in the memory, and the reception level Vx from the reception level measurement circuit 113 is used and the following equation is used. The distance x is calculated.

x = √ (V1 / Vx) (Formula 1)
As described above, in the third embodiment, it is possible to measure how far the wirelessly authenticated partner is located with a simple configuration.

  Next, Example 4 will be described. The fourth embodiment is an example in which the time during which the units A10 and B20 are performing the wireless authentication operation is measured. It is possible to know how many hours per day the unit A10 and the unit B20 have been authenticated. The measurement of the authentication time is executed by the authentication time measurement unit 136 of the function arithmetic circuit 13.

  FIG. 12A and FIG. 12B are diagrams showing measurement examples. As described in the second embodiment (wireless authentication), the unit A10 first transmits a search signal to search for a paired partner (unit B20) (indicated as “S” in FIG. 12A). .

  If the paired partner exists within a certain distance, authentication is performed by mutual authentication (indicated as “A” in FIG. 12A). If the authentication is established, the authentication operation is repeated at a constant period Ta. Therefore, once the time Ta (see FIG. 12B) from the authentication establishment (“A”) to the authentication establishment (“A”) is measured, once. The authentication duration can be measured.

  If the authentication is established and the distance from the unit B20 is more than a certain distance in the next authentication, the authentication fails (“NG” in FIG. 12A), and the time Tn during this period is not included in the authentication establishment time. In this case, if the process is started again from the search signal, authentication establishment ("A") is repeated, and the establishment time Ta is integrated, the authentication time can be measured.

That is, if the authentication time from the authentication establishment to the authentication establishment is Ta, the total authentication time Tauth is
Tauth = ΣTa (Formula 2)
Can be shown.

  Next, Example 5 will be described. The fifth embodiment is an example in which the affection of the unit A10 and the unit B20 is measured by measuring how long the unit A10 and the unit B20 have been together for how long.

  When the unit A10 and the unit B20 are present in the authentication range, the distance between them can be measured by the distance conversion arithmetic circuit 115 (Example 3). Further, the time during which both are present in the authentication range can be measured by the authentication time measuring unit 136 (Example 4). From these two parameters, it is possible to measure how long the units A10 and B20 have been together for how long.

In the fifth embodiment, it is assumed that love is “inversely proportional to the square of the distance and proportional to the time spent together”. The affection coefficient can be derived from the time spent together. When the distance between them is X [m] and the authentication measurement time is Ta, the affection coefficient LL is
LL = Ta / X ² (Formula 3)
Can be expressed as

  For example, if the distance is 1 m and stay together for 8 hours, LL = 8/1 = 8. FIG. 13 is an example of a table 200 showing the relationship between the distance X, the time Ta, and the affection coefficient LL. Here, the love can be measured as a numerical value by ranking the love coefficients. An example of the ranked table 210 is shown in FIG. The higher the affection factor, the higher the affection rank.

  These processes are performed by, for example, the affection coefficient measurement circuit in the function calculation circuit 13 in FIG. 1, and the tables 200 and 210 shown in FIGS. 13 and 14 are stored in the circuit.

  Next, Example 6 will be described. The sixth embodiment is an example of so-called AND authentication. A method in which the unit C can be authenticated only when the units A10 and B20 are in the authentication state using the wireless authentication function is called AND authentication.

  The AND authentication will be described with reference to FIG. Unit A10 and unit B20 have been paired. Assume that unit A10 and unit C30, and unit B20 and unit C30 are also paired. However, as described in the first embodiment, the pairing can be performed when the unit is not paired with another unit. Here, the state in which the unit A10 and the unit B20 are paired is called main pairing, and the pairing of the main paired unit with another unit is called secondary pairing. Multiple pairs can be performed. In the example of FIG. 15, unit A10 and unit C30, and unit B and unit C30 are secondary pairing.

  In the example of FIG. 15, the main paired unit A10 and unit B20 performing an authentication operation on the unit C30 is called AND authentication. That is, the use restriction of the unit C30 is released only when the two units A10 and B20 are aligned (the controlled device 40 in FIG. 1 corresponds to the unit C30), and the unit C30 can be used.

  FIG. 16 is a diagram illustrating a sequence example of AND authentication in the example of FIG. Among these, “search” and “authentication” are the same as the authentication sequence shown in FIG.

  First, when the unit A10 and the unit B20 turn on the AND authentication switch (S60, S61), the AND authentication process is started.

  Next, the unit A10 transmits an AND authentication challenge request signal ACreq to the unit C30 (S62). Upon receiving the signal, the unit C30 generates a random number (S64), and returns the random number as an AND authentication challenge signal AChal. (S65).

  In the unit A10, the AND authentication challenge signal AChal is encrypted (S67) and transmitted as a response signal ACresp (S68). The unit C30 decodes the signal and checks whether the result matches the AND authentication challenge signal AChal (S70).

  On the other hand, the unit B20 also transmits an AND authentication challenge request signal BCreq to the unit C30 after a predetermined time (the above-described processing time of the unit A10 and the unit C30) has elapsed (S71) (S72). The unit C30 generates a random number in the same manner as the processing for the unit A10 (S74), and returns it as an AND authentication challenge signal BChal (S75). The unit B20 encrypts the signal (S77) and transmits it as a response signal BCresp (S78). The unit C30 decodes the response signal BCresp and checks whether the result matches the AND authentication challenge signal BChal (S80). If they match, the unit C30 returns a BACK signal to the unit B20 (S81). The unit A10 transmits an AND authentication confirmation signal Cand to the unit C30 after a predetermined time has elapsed, and the unit C30 returns an AACK signal to the unit A10 (S85).

  Then, after a lapse of a certain time, the operation again proceeds to the authentication operation, and the process is repeated from the transmission of the challenge request signal Creq (Creq transmission). If authentication fails (NO in S70 and S80), processing is performed from search signal transmission (SKID transmission) of the search operation.

  In the above-described example, the example in which the use restriction of the unit C30 is released only when the two units A10 and B20 are gathered is described. However, even if the use restriction of the unit C30 is released only after three or more units are gathered, for example. Good. It can be implemented in the same manner as the above-described example, and has the same effect.

  Next, Example 7 will be described. The function in which the unit A10 searches for the unit B20 will be described. It can be confirmed that the other party is in the vicinity who displays on the unit A10 that the unit B20 is located near the unit A10.

  This search function is executed by the search function unit 134 and the search signal generation unit 138 of the function calculation circuit 13 of FIG. FIG. 17 is a diagram illustrating an example of a search sequence.

  First, when the search switch (SW) of the search function unit 134 of the unit A10 is pressed (S90), the output of the transmission signal of the unit A10 is increased (S92). Then, the search signal SR is transmitted from the search signal generator 138 of the unit A10 (S93).

  On the other hand, the unit B20 is in a standby reception state (S91), and it is confirmed whether or not the unit A10 is a paired partner upon receiving the search signal (S94). As in the second embodiment (wireless authentication) or the like, the ID memory 1331 checks whether a pair of the pairing request signal Preq and the pairing acceptance signal Pacc is stored.

  When it is not a paired partner (NO in S94), the process returns to the standby reception state (S91) again. On the other hand, if it is confirmed that the partner is a paired partner (YES in S94), a search response signal SRresp is returned (S95).

  When the unit A10 receives the search response signal SRresp, the unit A10 confirms whether the unit B20 is a paired partner (S96). Similarly, confirmation is made based on whether a pair of the pairing request signal Preq and the pairing acceptance signal Pacc in the ID memory 1326 is stored. If it is not a paired partner (NO in S96), the process proceeds to S90 again. When the partner is a paired partner (YES in S96), the fact that a response has been received from the partner is displayed on the display unit (S97). ). And it transfers to S90 again and repeats a process.

  Also in the unit B20, after returning the search response signal SRresp, it can be confirmed that it is a paired partner, so that the presence of the unit A10 is notified by sound or light in order to notify that it is near (S98). ). And it transfers to S91 again and repeats a process.

  The process of S97 and the process of S98 may be interchanged, or both processes may be performed in units A10 and B20.

  When the unit A10 searches for the unit B20 using the search function of the seventh embodiment, the unit B20 may enter the clothes pocket or chiffon, and the alarm sound or light may not be recognized. In such a case, if the unit A10 has an orientation measurement function and the approximate directionality of the unit B20 can be determined, the search function can be further enhanced.

  FIG. 18A is a diagram illustrating a configuration example around the antenna of the unit A10 in the eighth embodiment. The unit A10 includes two antennas 16 and 17, an adder 18, a negative value multiplier 19, and a switch 21.

  By switching the switch 21, the received signals from the two antennas 16 and 17 are added and processed (see FIG. 18B), or the received signals from the two antennas 16 and 17 are subtracted. Can be performed (see FIG. 18C).

  In the case of addition, since radio waves from the front and rear are added by the adding unit 18, the sensitivity can be increased in the front-rear direction of the antennas 16 and 17. On the other hand, in the case of subtraction, the radio waves from the front and rear are subtracted by the negative value multiplication unit 19 and the addition unit 18, for example, although the reception level is substantially “0”, the radio waves from the left and right directions do not cancel each other. Sensitivity can be increased with respect to direction. An interval between the left and right antennas 16 and 17 may be provided so that radio waves from the left and right directions do not cancel each other. Such switching is well known as so-called “bipolar antenna theory”.

  Using such a bipolar antenna, unit A10 can detect the orientation of unit B20. For example, when the switch 21 is switched so as to be added (see FIG. 18B), the sensitivity of the received radio waves in the front-rear direction increases, so if the unit B20 is located in the front-rear direction, a bipolar antenna is used. Compared with the case where there is no unit B20, the unit B20 can be reliably detected.

  Further, when the switch 21 is switched so as to be subtracted (see FIG. 18C), the sensitivity increases in the left-right direction. B20 can be detected.

  Therefore, the unit A10 can reliably detect the direction in which the unit B20 exists.

  Next, Example 9 will be described. The ninth embodiment is an example of preventing unauthorized use of an IC card by providing the IC card with a wireless authentication function.

  Recently, IC cards with a payment function such as SUICA (Super Urban Intelligent CArd) and Edy (Euro dollar yen) are becoming widespread. Mobile phones having such functions are also becoming popular. However, if the IC card itself is stolen and the personal identification number is known, there is a possibility of unauthorized use and the safety is not sufficient. A system combining fingerprint authentication and vein authentication is also conceivable, but it involves troublesome work such as holding a finger. In the ninth embodiment, an IC card and a wearable key possessed by the cardholder (a device that can be worn on the body and can input an ID. A wristwatch type is common, but an information portable terminal such as a cellular phone having such a function. Wireless authentication is performed, and the use of the IC card is not permitted unless the IC card and the wearable key are within a certain distance. Therefore, the IC card and the wearable key are provided with an MTC (Multi Task Communication) module (wireless authentication module).

  FIG. 19 is a diagram showing the relationship between the wearable key 50 and the IC cards 60-1 to 60-4. The wearable key 50 can be paired with a plurality of IC cards 60-1 to 60-4 and serves as a key for the plurality of IC cards 60-1 to 60-4. In the ninth embodiment, the wearable key 50 and the IC cards 60-1 to 60-4 are paired, and authentication is not performed unless they are paired. Further, once paired IC cards 60-1 to 60-4 are not paired again.

  20 and 21 are diagrams showing a configuration example of the pairing machine 70 in which the wearable key 50 and the IC card 60 are inserted and paired with each other. The pairing machine 70 includes a power supply 71 and a pairing switch (SW) 72. The power supply 71 supplies power to the IC card 60. Power may be supplied to the wearable key 50. The pairing SW 72 is a switch for turning on both pairing switches. For example, when both are inserted into the pairing machine 70, the power supply 71 supplies power to the IC card 60, and the pairing SW 71 turns on the pairing switch between the wearable key 50 and the IC card 60.

  FIG. 22 is a diagram illustrating a configuration example of the wearable key 50 and the IC card 60. The wearable key 50 includes a transmission / reception antenna 61, a switch 52, a transmission / reception circuit 53, and a function calculation circuit 54. The transmission / reception circuit 53 includes a receiver 531 and a transmitter 532. Furthermore, the function calculation circuit 54 includes an alarm function unit 541, a wireless authentication function unit 542, a pairing function unit 543, a pairing switch (SW) unit 544, and an ID memory 545.

  The IC card 60 includes a transmission / reception antenna 61, a switch 62, a transmission / reception circuit 63, a function calculation circuit 64, and an IC card memory unit 65. The transmission / reception circuit 63 includes a receiver 631 and a transmitter 632. The function calculation circuit 64 includes a use restriction function unit 641, a wireless authentication function unit 642, a pairing function unit 643, and a pairing switch (SW). 644 and an ID memory 645.

  The wireless authentication function unit 542 of the wearable key 50 corresponds to the MTC module of the wearable key 50, and the wireless authentication function unit 642 of the IC card 60 corresponds to the MTC module of the IC card 60.

  An example of pairing processing executed by the wearable key 50 and the IC card 60 configured as described above will be described. FIG. 23 is a sequence diagram illustrating an example of such processing.

  When wearable key 50 and IC card 60 are inserted into pairing machine 70, power supply 71 of pairing machine 70 supplies power to IC card 60 (S91). Also, the wearable key 50 is turned on with the insertion into the pairing machine 70 as a trigger (S92).

  The pairing SW 72 of the pairing machine 70 turns on the pairing switch for the wearable key 50 and the IC card 60 (S93 to S95). Then, a pairing sequence is executed.

  The processing of the pairing sequence is the same as that in the first embodiment. In the ninth embodiment, the wearable key 50 operates as a key, and the IC card 60 operates as a target. Details are the same as those in the first embodiment, and a description thereof will be omitted. 23 is executed by the pairing function unit 543, the pairing SW 544, and the ID memory 545 in the wearable key 50, and the IC card 60 is processed by the pairing function unit 643, the pairing SW 644, and the ID memory 645. Executed. Therefore, as in the first embodiment, the wearable key 50 and the random number generation unit of the IC card 60, the decryption unit, the encryption unit, and the like are included in the pairing function units 543 and 643 of both.

  As described above, the wearable key 50 can be paired with a plurality of IC cards 60, but the IC card 60 can be paired only once. Similarly to the first embodiment, the pairing operation is performed in a metal case when performing wirelessly, or inserted into the pairing machine 70 and performed by wire (indicated by a dotted line in FIG. 21). Can prevent interference.

  In the pairing operation, the example using the pairing machine 70 has been described. However, the pairing machine 70 simply supplies power to the IC card 60 and turns on the pairing SW. The pairing machine 70 is unnecessary if it has a power source 60.

  Next, prevention of unauthorized use of the IC card 60 will be described. In the ninth embodiment, when using the IC card 60 with the wireless authentication function, the owner must wear the wearable key 50 paired with the IC card 60 and use the IC card 60. If the wearable key 50 and the IC card 60 are not within a certain distance, the IC card is restricted in use and cannot be used.

  FIG. 24 is a diagram illustrating a state where the owner of the IC card 60 having the wearable key 50 uses the IC card 60.

  When the IC card 60 is inserted into the card reader 80, the MTC modules (wireless authentication function units 542 and 642) mounted on each start communication and perform wireless authentication. Wireless authentication is the same as in the second embodiment (see FIG. 7). Wearable key 50 operates as a key, and IC card 60 operates as a target.

  When the wearable key 50 and the IC card 60 are paired in advance and the IC card 60 is authenticated by the wearable key 50, the use restriction is released. For example, after the wireless authentication (after the processing in FIG. 7), the use restriction is released by the use restriction function unit 641 of the IC card 60, and the IC card memory 65 can be accessed.

  On the other hand, when the wearable key 50 is not near the IC card 60 (a predetermined distance) or when the wearable key 50 is not paired, the IC card 60 is not authenticated and its use is restricted. For example, even if the IC card 60 is picked up or stolen, the IC card 60 cannot be used.

  In the ninth embodiment, since the wearable key 50 and the IC cart 60 perform the pairing operation and the wireless authentication operation in the same manner as in the first embodiment and the like, it is possible to perform authentication for those not registered. Further, by providing the IC card 60 with a wireless authentication function, unauthorized use of the IC card 60 can be prevented. Moreover, since it is not necessary to hold the finger, troublesome work is unnecessary.

FIG. 1 is a diagram illustrating a configuration example of units A, B, and C. FIG. 2 is a diagram illustrating a circuit configuration example of the units A and B. FIG. 3 is a diagram showing an example of a pairing sequence. 4A to 4F are diagrams illustrating examples of signal formats. FIG. 5 is a flowchart showing an example of an encryption method. FIG. 6 is a flowchart showing an example of a decoding method. FIG. 7 is a diagram illustrating an example of an authentication sequence. FIG. 8 is a flowchart showing an example of an encryption method. FIG. 9 is a flowchart showing an example of a decoding method. FIG. 10 is a diagram illustrating another configuration example of the unit A. In FIG. FIG. 11A to FIG. 11D are diagrams illustrating signal examples. 12A and 12B are diagrams illustrating an example of authentication timing. FIG. 13 is an example of a table showing the relationship between distance, time, and affection coefficient. FIG. 14 is an example of a table showing the relationship between the affection coefficient and the affection rank. FIG. 15 is a diagram for explaining AND authentication. FIG. 16 is a diagram illustrating an example of a sequence including an AND authentication sequence. FIG. 17 is a diagram illustrating an example of a search sequence. 18A to 18C are diagrams illustrating a configuration example of an antenna having an azimuth measuring function. FIG. 19 is a diagram illustrating the relationship between the wearable key and the IC card. FIG. 20 is a diagram illustrating an example in which a wearable key and an IC card are inserted into the pairing machine. FIG. 21 is a diagram illustrating a configuration example of a pairing machine. 22A shows a wearable key, and FIG. 22B shows a configuration example of an IC card. FIG. 23 is a diagram illustrating an example of a pairing sequence. FIG. 24 is a diagram showing a state in which the owner of an IC card having a wearable key uses the IC card.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 communication apparatus (unit A), 13 function arithmetic circuit, 18 addition part, 19 negative value multiplication part, 20 communication apparatus (unit B), 21 switch, 30 communication apparatus (unit C), 50 wearable key, 60 IC card, 113 reception level measurement circuit, 115 distance conversion calculation circuit, 121 receiver, 122 transmitter, 132 pairing function unit, 133 wireless authentication function unit, 200 table, 210 table, 542 wireless authentication function unit, 543 pairing function unit, 641 Usage restriction function unit, 642 Wireless authentication function unit, 643 Pairing function unit, 1321 Pairing switch (SW), 1322 Random number generation unit, 1324 Decoding unit, 1326 ID memory, 1327 Pairing switch, 1 28 encryption unit, 1331 ID memory

Claims (22)

In a communication device that communicates with other communication devices,
In the configuration comprising an encryption key that is common in advance to both the communication device and the other communication device,
A random number generator for generating a random number of N bits (N is a natural number greater than or equal to 1) bits;
A transmitting unit that generates a pairing request signal composed of the random number and transmits the pairing request signal to the other communication device;
A receiving portion to which the other communication apparatus receives a pairing acceptance signal Ru der result of encrypting the pairing request signal using the encryption key from the other communication apparatus,
A decryption unit for decrypting the received pairing acceptance signal using the encryption key;
When the signal decoded by the decoding unit matches the pairing request signal,
While transmitting a pairing confirmation signal from the transmitter,
A communication device comprising: a storage unit that stores the pairing request signal and the pairing acceptance signal received by the receiving unit. Further, the pairing request signal received from the other communication device in response to the challenge request signal for requesting authentication transmitted from the transmission unit is received from the random number and stored in the storage unit And an encryption unit that encrypts the challenge signal using the pairing acceptance signal as an encryption key ,
The transmission unit transmits the encrypted challenge signal as a response signal to the other communication device,
Result of the response signal by using the pairing request signal, and the pairing acceptance signal stored in the storage unit of the other communication device in the other communication apparatus to the encryption key is decrypted, it is decrypted 2. The authentication is performed with the other communication device when the reception unit receives the confirmation signal transmitted when the challenge signal matches with the other communication device. The communication device described.   The communication apparatus according to claim 2, further comprising a distance calculation unit that calculates a distance from the other communication apparatus based on a reception level from the other communication apparatus.   The information processing apparatus further comprises an authentication time measurement unit that integrates a time from when the confirmation signal is received to when the authentication is established until the authentication is established, and measures the integration time as the authentication time. Item 3. The communication device according to Item 2.   Further, a love coefficient with the other communication device is calculated from the authentication time with the other communication device and the distance with the communication device, and the love with the other communication device is calculated based on the love coefficient. 5. The communication device according to claim 3, further comprising an affection measuring unit that performs measurement. The encryption unit encrypts an AND authentication challenge signal composed of a random number transmitted from the controlled device after the end of authentication with the other communication device,
The transmitting unit transmits the encrypted AND authentication challenge signal to the controlled device as an AND challenge response signal, and transmits an AND authentication confirmation signal to the controlled device after a certain period of time,
The receiving unit releases an use restriction on the controlled device with the other communication device by receiving an AND confirmation signal which is a response signal to the AND authentication confirmation signal. The communication device described. The transmission unit transmits a search signal whose transmission output is increased to the other communication device after the end of authentication with the other communication device,
The receiving unit receives a search response signal that confirms that the other communication device is a paired partner,
3. The display device according to claim 2, further comprising a display unit for notifying that there is a response from the other communication device when it is confirmed that the pairing request signal and the pairing acceptance signal are stored in the storage unit. The communication device described.   The communication apparatus according to claim 1, further comprising a bipolar antenna. In a communication device that communicates with other communication devices,
In the configuration comprising an encryption key that is common in advance to both the communication device and the other communication device,
A receiving unit that receives a pairing request signal composed of a random number of N bits (N is a natural number of 1 or more) transmitted from the other communication device;
An encryption unit for encrypting the received pairing request signal using the encryption key;
A transmission unit that transmits the encrypted pairing request signal to the other communication device as a pairing acceptance signal;
When the receiving unit receives a pairing confirmation signal transmitted when the pairing acceptance signal matches the result of decoding the pairing acceptance signal in the other communication device, the pairing request signal and the And a storage unit for storing a pairing acceptance signal. Furthermore, a random number generation unit that generates the random number when receiving a challenge request signal for requesting authentication with the other communication device,
It transmitted from the transmitting unit of the random number from the random number generator as a challenge signal to the other communication equipment, the pairing request signal stored in the storage unit of the other communication device in the other communication devices and When the receiving unit receives a response signal that is the challenge signal encrypted using the pairing acceptance signal as an encryption key, the pairing request signal stored in the storage unit and the pair A decryption unit that decrypts the ring acceptance signal using the encryption key ,
The transmission unit transmits a confirmation signal indicating authentication confirmation to the other communication device when a result obtained by decoding the response signal by the decoding unit matches the challenge signal. Item 10. The communication device according to Item 9.   The communication device according to claim 10, further comprising a distance calculation unit that calculates a distance from the other communication device based on a reception level from the other communication device.   The information processing apparatus further comprises an authentication time measurement unit that integrates a time from when the confirmation signal is received to when the authentication is established until the authentication is established, and measures the integration time as the authentication time. Item 11. The communication device according to Item 10.   Further, a love coefficient with the other communication device is calculated from the authentication time with the other communication device and the distance with the communication device, and the love with the other communication device is calculated based on the love coefficient. The communication apparatus according to claim 11, further comprising an affection measurement unit that performs measurement. The encryption unit encrypts an AND authentication challenge signal composed of a random number transmitted from the controlled device after the end of authentication with the other communication device,
The transmitter transmits the encrypted AND authentication challenge signal to the controlled device as an AND challenge response signal;
The receiving unit receives a confirmation signal transmitted when the AND authentication challenge signal matches the result of decoding the ANB challenge response signal in the controlled device;
The communication apparatus according to claim 10, wherein the use restriction on the controlled apparatus is released from the other communication apparatus by receiving the confirmation signal. When the transmission unit receives the search signal transmitted from the other communication device by the reception unit, the transmission unit outputs a search response signal when the pairing request signal and the pairing acceptance signal are stored in the storage unit. Send
The communication device according to claim 10, further comprising a voice unit or a light emitting unit that utters or emits light to notify the presence of the other communication device by transmitting the search response signal.   The communication device according to claim 9, further comprising a bipolar antenna. A pairing method in a communication device that communicates with another communication device,
In the configuration comprising an encryption key that is common in advance to both the communication device and the other communication device,
Generate a random number of N (N is a natural number greater than or equal to 1) bits,
Generate a pairing request signal consisting of the random number and send the pairing request signal to the other communication device,
The other communication apparatus receives a pairing acceptance signal Ru der result of encrypting the pairing request signal by using the encryption key,
Decrypting the received pairing acceptance signal using the encryption key ;
When the decoded signal and the pairing request signal coincide, sends a pairing confirm signal, storing the said pairing acceptance signal received the pairing request signal and by the reception unit A pairing method that features. A pairing method in a communication device that communicates with another communication device,
In the configuration comprising an encryption key that is common in advance to both the communication device and the other communication device,
Receiving a pairing request signal consisting of a random number of N bits (N is a natural number of 1 or more) transmitted from the other communication device;
Encrypt the received pairing request signal using the encryption key ,
Sending the encrypted pairing request signal to the other communication device as a pairing acceptance signal;
Upon receiving a pairing confirmation signal is sent when the other of said pairing request signal and a result of decoding the pairing acceptance signal in a communication device matches the pairing request signal to the pairing acceptance signal And a pairing method characterized by memorizing . In the method of pairing a wearable key and an IC card,
Te configuration odor with an encryption key that is common in advance to both the said wearable key and the IC card,
In the wearable key, a random number of N (N is a natural number of 1 or more) bits is generated, and a pairing request signal including the random number is transmitted to the IC card,
In the IC card, the received pairing request signal is encrypted using the encryption key , and the encrypted pairing request signal is transmitted to the wearable key as a pairing acceptance signal,
In the wearable key, the received pairing acceptance signal is decrypted using the encryption key , and when the decrypted signal matches the pairing request signal, a pairing confirmation signal is transmitted to the IC card. , Storing the pairing request signal and the pairing acceptance signal in the memory of the wearable key,
In the IC card, upon receiving the pairing confirmation signal, the pairing request signal and the pairing acceptance signal are stored in the memory of the IC card.
A pairing method characterized by that. Further, in the IC card, the N-bit random number is generated, and a challenge request signal composed of the random number is transmitted,
Wherein the wearable key, and sends as a response signal to the challenge request signal before Symbol pairing request signal stored in the memory and the pairing acceptance signal is encrypted using the encryption key,
In the IC card, when said decrypted by using the encryption key to the pairing request signal a response signal stored in the memory and the pairing acceptance signal, and the challenge request signal and a result of the decoding are identical, The pairing method according to claim 19, wherein the restriction on use of the IC card is released. In a system consisting of a wearable key and an IC card,
Te configuration odor with an encryption key that is common in advance to both the said wearable key and the IC card,
The wearable key includes
A random number generator for generating a random number of N bits (N is a natural number greater than or equal to 1) bits;
A pairing request signal transmitter for generating a pairing request signal composed of the random number and transmitting the pairing request signal to the IC card;
A pairing acceptance signal receiving unit that receives from the IC card a pairing acceptance signal that is the pairing request signal encrypted using the encryption key in the IC card;
A decryption unit for decrypting the received pairing acceptance signal using the encryption key ;
When the signal decoded by the decoding and the pairing request signal match, a pairing confirmation signal indicating matching is transmitted to the IC card, and the pairing request signal and the pairing acceptance signal A wearable key storage unit that stores the pairing acceptance signal received by the reception unit in a memory;
In the IC card,
A pairing request signal receiving unit for receiving the pairing request signal transmitted from the wearable key;
An encryption unit for encrypting the received pairing request signal using the encryption key ;
A pairing acceptance signal transmitter for transmitting the encrypted pairing request signal to the wearable key as a pairing acceptance signal;
An IC card storage unit that stores the pairing request signal and the pairing acceptance signal in a memory when the pairing confirmation signal is received. Further, the wearable key encrypts the challenge request signal transmitted from the IC card using the pairing request signal and the pairing acceptance signal stored in the memory as an encryption key, and transmits it as a response signal. With a response signal transmitter
In the IC card, a challenge request signal transmission unit that generates the N-bit random number and transmits a challenge request signal including the random number;
When the response signal is received and the challenge request signal matches the result of decrypting the response signal using the pairing request signal and the pairing acceptance signal stored in the memory with an encryption key , The system according to claim 21, further comprising a use restriction releasing unit that removes use restriction of the IC card.

Images