JP6382163B2 - Authenticity confirmation system for position information, authenticity confirmation method for position information, and communication apparatus - Google Patents

Description

  The present invention relates to a position information authenticity confirmation system, a position information authenticity confirmation method, and a communication device, and more specifically, enables authenticity of position information transmitted from an indoor positioning system. Regarding technology.

Currently, as a positioning system, the Global Positioning System (Global Positioni)
ng System. GPS) is widely used. In this GPS, a GPS receiver receives a GPS positioning signal transmitted from a satellite, and performs a necessary positioning calculation on the GPS positioning signal, thereby positioning the GPS receiver. However, the above-mentioned GPS positioning signal is a weak signal transmitted from a satellite and is difficult to receive indoors. Therefore, when the GPS receiver is indoors, positioning calculation cannot be performed as a result.

On the other hand, indoor positioning system (Indoor) is a positioning technology that addresses such problems.
Messaging system. Hereinafter, IMES) exists. Unlike the GPS, the IMES transmitter in the IMES transmits the position information itself. Therefore, the IMES receiver that receives the position information can perform positioning of the IMES receiver without positioning calculation that is necessary for GPS.

  As the related art related to the IMES described above, for example, by creating installation information by an installer terminal, requesting authentication from a certification authority by communication, and setting the installation information authenticated by the certification authority, proper location information In the position information transmitting device for transmitting the information, a control unit that generates a new activation code every time the position information transmitting device is installed, a verification unit that verifies the authenticity of the authentication by the certification authority, and communication with the installer terminal A local communication unit that performs location information transmission, a location information transmission unit that transmits location information, and an abnormality detection unit that detects an abnormality of the location information transmission device, and the verification unit sets the validity and installation of a certificate issued by the certification authority The position information transmission device (see Patent Document 1) is characterized in that the control unit controls the position information transmission unit in a state in which transmission is possible based on a verification result that verifies information signature. ) It has been proposed.

JP 2014-207549 A

  In the above-described prior art, a technique for registering installation information obtained by a certification authority in a position information transmission device has been proposed. However, a technique for verifying whether the position information transmitted from the position information transmitting apparatus is authentic has not been proposed. Even if it is a location information transmission device in which installation information is registered through authentication, it is difficult to detect and cope with this on the receiver side when the location information to be transmitted has been falsified or counterfeited.

  SUMMARY OF THE INVENTION An object of the present invention is to provide a technique that makes it possible to confirm the authenticity of position information transmitted from an indoor positioning system.

The system for confirming authenticity of position information according to the present invention that solves the above-described problems includes first data including position data, and second data including authentication data obtained by applying a predetermined algorithm to at least predetermined data included in the first data. A first communication device for sending to an indoor environment, and the first data and the second data received from the first communication device, and the predetermined data including either the first data or the second data a result of applying the predetermined algorithm to the second data by collating the authentication data including, and a second communication apparatus for performing the authenticity check of the first data, the first The communication device receives predetermined data transmitted by the second communication device in response to a predetermined opportunity, and applies a predetermined algorithm at least with respect to predetermined information included in the predetermined data. The authentication data included in the second data is further transmitted, and the second communication device receives the second data from the first communication device, and the second data The authentication data included is verified with the authentication data to which a predetermined algorithm is applied with respect to the predetermined information included in the predetermined data transmitted to the first communication device, and the authenticity of the first data is executed. It is characterized by being.

In the authenticity confirmation method for position information according to the present invention, the first communication device includes first data including position data, and authentication data obtained by applying a predetermined algorithm to at least the predetermined data included in the first data. Two data is transmitted to the indoor environment, and the second communication device receives the first data and the second data from the first communication device, and either the first data or the second data The first communication device performs verification of the authenticity of the first data by comparing the result of applying the predetermined algorithm to the predetermined data including the authentication data included in the second data, The second communication device receives predetermined data transmitted in response to a predetermined opportunity, and at least authentication data obtained by applying a predetermined algorithm with respect to predetermined information included in the predetermined data The second communication device further receives the second data from the first communication device, the authentication data included in the second data, and the first data The authenticity confirmation of the first data is executed by collating with authentication data to which a predetermined algorithm is applied with respect to predetermined information included in the predetermined data transmitted to the communication device .

In addition, the communication device of the present invention is a device for transmitting positional information that constitutes the indoor positioning system, and includes first data including the position data of the own device held in the storage device, and at least the predetermined data included in the first data and an information processing unit for generating a second data including the authentication data by applying a predetermined algorithm on the data, the first data and the authentication data the generated, and a communication processing unit which transmits towards the indoor environment through a predetermined antenna wherein the a result of applying the predetermined algorithm to the predetermined data including either the first data or the second data, and collates the authentication data the second data comprises authenticity of the first data Receiving predetermined data transmitted from the second communication device in response to a predetermined trigger from the second communication device executing the sex confirmation, and at least the predetermined data It is intended to outgoing included in the second data authentication data by applying a predetermined algorithm on the free predetermined information, characterized in that.

Further, the communication device of the present invention includes first data including position data transmitted by a device for transmitting position information in the indoor positioning system, and authentication data applying a predetermined algorithm with respect to at least predetermined data included in the first data. A communication processing unit that receives the second data including the predetermined data, a result of applying the predetermined algorithm to the predetermined data included in either the received first data or the second data, and the received and collating the authentication data including the second data, and a processing unit for executing the authenticity check of the first data, includes a process of transmitting a predetermined data in response to a predetermined trigger, the at least the predetermined data From the device for transmitting location information, including the second data including authentication data to which a predetermined algorithm is applied with respect to predetermined information, The second data is received, and the authentication data included in the second data is compared with the authentication data applied with a predetermined algorithm with respect to the predetermined information included in the predetermined data transmitted to the device for transmitting position information The authenticity check of said 1st data is performed, It is characterized by the above-mentioned.

  ADVANTAGE OF THE INVENTION According to this invention, it becomes possible to confirm the authenticity of the positional information transmitted by an indoor positioning system.

It is a figure which shows the structural example 1 of the authenticity confirmation system in this embodiment. It is a figure which shows the format example 1 of the communication data frame in the authenticity confirmation system of this embodiment. It is a figure which shows the example 2 of a format of the communication data frame in the authenticity confirmation system of this embodiment. It is a figure which shows the example 3 of a format of the communication data frame in the authenticity confirmation system of this embodiment. It is a figure which shows the example 1 of a flow in the authenticity confirmation method of this embodiment. It is a figure which shows the example 2 of a flow in the authenticity confirmation method of this embodiment. It is a figure which shows the example 3 of a flow in the authenticity confirmation method of this embodiment. It is a figure which shows the example 4 of a format of the communication data frame in the authenticity confirmation system of this embodiment. It is a figure which shows the example 4 of a flow in the authenticity confirmation method of this embodiment. It is a figure which shows the example 5 of a flow in the authenticity confirmation method of this embodiment. It is a figure which shows the example 5 of a format of the communication data frame in the authenticity confirmation system of this embodiment. It is a figure which shows the format example 6 of the communication data frame in the authenticity confirmation system of this embodiment. It is a figure which shows the example 7 of a format of the communication data frame in the authenticity confirmation system of this embodiment. It is a figure which shows the structural example 2 of the authenticity confirmation system in this embodiment. It is a figure which shows the structural example 3 of the authenticity confirmation system in this embodiment. It is a figure which shows the example 6 of a flow in the authenticity confirmation method of this embodiment.

--- System configuration ---

  Embodiments of the present invention will be described below in detail with reference to the drawings. FIG. 1 is a diagram showing a configuration example 1 of a position information authenticity confirmation system 101 (hereinafter, authenticity confirmation system 101) in the present embodiment. An authenticity confirmation system 101 shown in FIG. 1 is a communication system that makes it possible to confirm the authenticity of position information transmitted from an indoor positioning system.

  The authenticity confirmation system 101 according to the present embodiment includes a first communication device 102 as a position information transmission device in an indoor positioning system, and a second device that receives predetermined data transmitted from the communication device 102 and performs positioning of the own device. Communication device 109. Of course, the authenticity confirmation system 101 is not limited to such a configuration form of the communication apparatus. An authenticity confirmation system in which two or more first and second communication devices are arranged may be assumed.

  Among the communication devices that constitute the authenticity confirmation system 101 of the present embodiment, the first communication device 102 includes an information processing unit 103, an authentication information storage unit 104, a first communication processing unit 105, and a second communication processing unit. 106, and a first and second wireless antennas 107 and 108 in the configuration.

  Among these, the information processing unit 103 includes, for example, a central processing unit (so-called CPU), a suitable non-volatile storage element such as an SSD (Solid State Drive) or a hard disk drive, or a storage device including a volatile storage element such as a RAM. It is composed of hardware. In this case, the central processing unit executes a program held in the storage device as necessary, and implements a function necessary as an information processing unit of the first communication device 102. However, the hardware and functions for configuring the information processing unit 103 are not limited, and other appropriate existing techniques may be employed.

  The authentication information storage unit 104 stores information for authentication processing that guarantees the authenticity of communication data, such as position information that the first communication device 102 exchanges with other devices. As an example of the authentication process, various technologies such as an electronic signature technology using public key encryption technology and a data authentication code (Message Authentication Code, MAC) using common key encryption technology can be assumed. Therefore, the information stored in the authentication information storage unit 104 is information necessary for such authentication processing, and key information used for encryption processing and identification information of the first communication device 102 can be assumed. Further, the authentication information storage unit 104 according to the present embodiment holds position data corresponding to the installation position of the first communication device 102 (for example, IMES method position data compliant with GPS signal specifications). This position data may be held by the information processing unit 103.

In addition, the first communication processing unit 105 causes the first communication device 102 to transmit the first communication frame that is the first data including the position data described above to the second communication via the first wireless antenna 107. It is a communication processing unit used when transmitting to the device 109. In addition, the second communication processing unit 106 transmits a second communication frame, which is second data generated by the first communication device 102 based on the information held in the authentication information storage unit 104, to the second communication frame. This is a communication processing unit used when transmitting to the second communication device 109 via the wireless antenna 108.

  The combination of the first communication processing unit 105 and the first wireless antenna 107 described above provides one wireless communication processing unit, and the combination of the second communication processing unit 106 and the second wireless antenna 108 provides another wireless communication. A processing unit is configured. The plurality of wireless communication processing units can perform parallel communication between the first communication device 102 and the second communication device 109 via a plurality of wireless communication means.

  Here, the above-described two wireless communication processing units may have any configuration as long as the parallel communication can be effectively performed at the required level of the authenticity confirmation system 101. For example, the first communication processing unit 105 may be compatible with the IMES method, and the second communication processing unit 106 may be compatible with a short-range wireless communication method such as a wireless LAN. Both of the two communication processing units 106 may be of some short-range wireless communication system.

  Note that the second communication device 109 is similar to the above-described first communication device 102 in that the information processing unit 110, the authentication information storage unit 111, the first communication processing unit 112, the second communication processing unit 113, One wireless antenna 114 and the second wireless antenna 115 are included. The hardware of each configuration is the same as that in the first communication apparatus 102.

  For example, the authentication information storage unit 111 includes a storage device that stores information for authentication processing that guarantees the authenticity of communication data such as position information that the second communication device 109 exchanges with the first communication device 102. Is done. The information stored in the authentication information storage unit 111 is information necessary for the authentication processing employed in the first communication device 102, and includes key information used for encryption processing and first communication obtained in advance. The identification information of the device 102 can be assumed.

  In addition, the first communication processing unit 112 causes the second communication device 109 to transmit the first communication frame that is the first data including the position data described above via the first wireless antenna 114 to the first communication. It is a communication processing unit used when receiving from the device 102. In addition, the second communication processing unit 113 is configured such that the second communication device 109 receives the second communication frame that is the second data described above from the first communication device 102 via the second wireless antenna 115. It is a communication processing part used when doing.

In addition, between the above-mentioned 1st communication apparatus 102 and the 2nd communication apparatus 109, the 1st communication process parts 105 and 112 respond | correspond to common communication protocols, such as an IMES system. Similarly, the second communication processing units 106 and 113 correspond to a common communication protocol such as a short-range wireless communication method such as a wireless LAN.
--- Functional example ---

  Next, functions provided in the first and second communication devices 102 and 109 constituting the authenticity confirmation system 101 of the present embodiment will be described. As described above, the functions described below can be said to be functions of the information processing units 103 and 110 that are implemented by executing programs provided in the communication apparatuses 102 and 109, for example.

  The first communication device 102 according to the present embodiment has a function of generating the first communication frame by setting the position data of the own device held in, for example, the authentication information storage unit 104 in a communication frame compatible with the IMES method. ing.

The first communication device 102 holds the position data included in the first communication frame described above and the time data such as the generation time or the transmission time of the second communication frame in the authentication information storage unit 104. A function that generates authentication data by applying an appropriate algorithm such as an encryption key, and sets the authentication data, the above-described position data, and time data in a communication frame compatible with the wireless LAN system to generate a second communication frame It has.

  In addition, the first communication device 102 has a function of transmitting the first communication frame generated as described above to the indoor environment 5 via the first communication processing unit 105 and the first wireless antenna 107. I have. The first communication device 102 has a function of transmitting the second communication frame generated as described above to the indoor environment 5 via the second communication processing unit 106 and the second wireless antenna 108. I have.

  Note that each function of generating or transmitting the above-described second communication frame is performed with the second communication every time a predetermined time that can be determined based on a clock function or the like that the first communication apparatus 102 naturally has as an information processing apparatus. Frame generation or transmission may be executed.

  Alternatively, each of the functions for generating or transmitting the second communication frame described above is performed in accordance with predetermined functions such as a wireless LAN method transmitted from the second wireless antenna 115 and the second communication processing unit 113 by the second communication device 109. Even if the presence of the second communication device 109 in the indoor environment 5 is detected by receiving the third communication frame based on the communication protocol, and the generation or transmission of the second communication frame is executed in response to the detection. Good. Details of the third communication frame will be described later.

  On the other hand, the second communication device 109 receives the first communication frame transmitted from the first communication device 102 to the indoor environment 5 by the first wireless antenna 114 and the first communication processing unit 112. It has. Similarly, the second communication device 109 receives the second communication frame transmitted from the first communication device 102 to the indoor environment 5 by the second wireless antenna 115 and the second communication processing unit 113. It has a function.

  The second communication device 109 applies an appropriate algorithm such as an encryption key held in the authentication information storage unit 111 to the position data and time data included in either the first communication frame or the second communication frame. A function of checking the authenticity of the first communication frame by comparing the result calculated in this way with the authentication data included in the second communication frame is provided.

  In addition, the 1st communication apparatus 102 in this embodiment is as a 2nd communication frame, with respect to the positional data which 1st communication frame contains, time data, and the identification information of the said 1st communication apparatus 102, Appropriate algorithm such as an encryption key held in the authentication information storage unit 104 is applied to generate authentication data, and the authentication data, the position data, the time data, and the identification information are set in a communication frame compatible with the wireless LAN system. Then, the second communication frame may be generated.

  In this case, the authenticity confirmation execution function in the second communication device 109 is the authentication information storage for the position data, time data, and identification information included in either the first communication frame or the second communication frame. The authenticity of the first communication frame is checked by comparing the result calculated by applying an appropriate algorithm such as the encryption key held by the unit 111 with the authentication data included in the second communication frame. .

  In addition, the second communication device 109 needs to verify the authenticity of holding the first communication frame received from the first communication device 102 in the authentication information storage unit 111 with respect to the received data from the first communication device 102. If it is determined that the first communication frame needs to be verified as a result of the verification, the determination is triggered by, for example, generating a random value as challenge data, and using the challenge data as a wireless LAN. It has a function of generating and transmitting a fourth communication frame set in a communication frame corresponding to the system.

  Note that the authenticity confirmation necessity criterion is, for example, that there is no continuity in the value of a predetermined item between the first communication frame received most recently and the first communication frame received this time, or a value It can be assumed that the distance between the two is greater than a predetermined value. The challenge data is the same as that used in challenge and response authentication.

  In this case, the first communication device 102 receives the fourth communication frame transmitted from the second communication device 109, the challenge data included in the fourth communication frame, and the second communication device 109 already. Authentication data to which a predetermined algorithm such as an encryption key held in the authentication information storage unit 104 is applied to the position data included in the transmitted first communication frame is generated and set in a communication frame compatible with the wireless LAN system. And a function for generating and transmitting a fifth communication frame.

  On the other hand, the second communication device 109 receives the fifth communication frame from the first communication device 102 and has transmitted the authentication data included in the fifth communication frame and the first communication device 102. The challenge data included in the fourth communication frame and the position data included in the received first communication frame are compared with authentication data to which a predetermined algorithm such as an encryption key held in the authentication information storage unit 111 is applied, A function is provided for executing authenticity confirmation of the first communication frame.

  Also, when the second communication device 109 receives the second communication frame from the first communication device 102, the second communication device 109 sends a verification request including the second communication frame to the verification device 1103 on the network 1104 (see FIG. 15). The function further includes a function of executing authenticity confirmation of the first communication frame based on the verification result transmitted from the verification apparatus 1103 in response to the verification request.

In this case, the verification apparatus 1103 receives the verification request from the second communication apparatus 109 described above via the network 1104, and performs a predetermined verification algorithm (the second communication described above) for the second communication frame included in the verification request. The device 109 executes the authenticity check of the first communication frame by applying the same as that executed by the device 109 based on the stored information of the authentication information storage unit 111), and uses the result of the authenticity check as the verification result. A function of returning to the second communication device 109 is provided.
--- Example of communication data frame ---

  Next, an example of the structure of a communication data frame handled by the authenticity confirmation system 101 of this embodiment will be described. FIG. 2 is an example of a format of a communication data frame exchanged between communication devices in the authenticity confirmation system in the present embodiment. Specifically, the first communication frame 201 is illustrated.

  The first communication frame 201 is transmitted from the first communication processing unit 105 of the first communication device 102 and the first wireless antenna 107 to the first wireless of the second communication device 109 located in the indoor environment 5. It is transmitted to the antenna 1114 and the first communication processing unit 112.

  A first communication frame 201 in FIG. 2 includes a first communication header 202 and first communication data 203. Among these, the communication header 202 is generated according to a predetermined format required when the first communication processing units 105 and 112 perform transmission / reception, and has a value corresponding to the IMES protocol, for example. (However, details are not an issue here). The first communication data 203 is content itself that is a target of transmission / reception between the first communication device 102 and the second communication device 109. In the present embodiment, position data of the first communication device 102 in the IMES method is assumed.

  FIG. 3 is a diagram showing a format example 2 of a communication data frame in the authenticity confirmation system of the present embodiment. Specifically, the second communication frame 204 is illustrated. The second communication frame 204 is transmitted from the second communication processing unit 106 and the second wireless antenna 108 of the first communication device 102 to the second wireless antenna 115 and the second communication of the second communication device 109. It is transmitted to the processing unit 113.

  The second communication frame 204 in FIG. 3 includes a second communication header 205 and second communication data 206. Among these, the second communication header 205 is functionally the same as the first communication header 202, and is a value corresponding to, for example, a wireless LAN protocol (however, details thereof are not a problem here).

  The second communication data 206 includes first communication data 207, time data 208, and authentication data 209. Of these, the first communication data 207 is included in the first communication frame 201 that the second communication device 109 has received from the first communication device 102, and is the same data as the first communication data 203. It is.

  The time data 208 described above indicates, for example, the generation time or transmission time of the second communication frame 204, and is generated by a time measuring function (not shown) included in the first communication device 102.

  The authentication data 209 is data that can verify whether the first communication data 207 and the time data 208 have been tampered with. The process 210 shown in the figure schematically shows the relationship regarding the generation of authentication data among the first communication data 207, the time data 208, and the authentication data 209. This processing 210 is executed by the information processing unit 103, the first communication processing unit 105, and the like of the first communication device 102 when the second communication frame 204 is generated. Here, although not limited to a specific authentication data generation method, for example, the following method may be used.

That is, it is assumed that the communication devices 102 and 109 secretly share a common key used for common key encryption in the authentication information storage units 104 and 111 in advance. In this case, the information processing unit 103 of the first communication device 102 uses the common key of the authentication information storage unit 104 to perform HMAC (Hash-based Message Authentication Code) for the first communication data 207 and the time data 208. ) To generate the HAM
Let C be authentication data 209. On the other hand, in the second communication device 109, if the shared key stored in the authentication information storage unit 111 is the same as that stored in the first communication device 102, the same first communication data 207 and time data 208 are stored. It is possible to recalculate the same authentication data 209 by the HMAC process for. Therefore, in that case, the second communication device 109 can verify whether the first communication data 207 and the time data 208 received from the first communication device 102 have been falsified.

  FIG. 4 is a diagram showing a format example 3 of a communication data frame in the authenticity confirmation system of the present embodiment. Specifically, the third communication frame 211 is illustrated. The third communication frame 211 is transmitted from the second communication processing unit 113 in the second communication device 109 to the second communication processing unit 106 in the first communication device 102.

The illustrated third communication frame 211 includes a third communication header 212 and third communication data 213. The IDs 214 and 215 held by the third communication header 212 and the third communication data 213 are identification numbers assigned to the second communication device 109, respectively. For example, when the communication between the second communication processing unit 106 in the second communication device 109 and the second communication processing unit 113 in the first communication device 102 is a wireless LAN system, the ID 214 is a wireless LAN. The MAC address and ID 215 may be an IP address or an individual identifier in the application layer.
--- Flow example 1 ---

  Hereinafter, the actual procedure of the authenticity confirmation method for position information in the present embodiment will be described with reference to the drawings. Various operations corresponding to the authenticity confirmation method for position information described below are realized by the respective programs executed by the respective central processing units by the respective communication devices 102 and 109 constituting the authenticity confirmation system 101. And such a program is comprised from the code | cord | chord for performing the various operation | movement demonstrated below.

  FIG. 5 is a diagram showing a flow example 1 of the method for confirming authenticity of position information in the present embodiment. This flow is an example of a communication protocol using the first communication processing units 105 and 112 in the first communication device 102 and the second communication device 109. In this case, the first communication apparatus 102 starts transmission processing using the first communication processing unit 105 in response to the elapse of a predetermined time specified by, for example, a clock function (301).

  Subsequently, for example, the first communication device 102 sets the position data of the own device held in the authentication information storage unit 104 to a communication frame compatible with the IMES method, and generates the first communication frame 201 (302).

  Next, the first communication apparatus 102 uses the first communication processing unit 105 to transmit the first communication frame 201 toward the indoor environment 5 via the first wireless antenna 107 (303).

  On the other hand, the second communication device 109 is in a reception waiting state (304) for the first communication frame 201 in the time interval of the execution interval of step 301 in the first communication device 102 described above.

  On the other hand, when the first communication frame 201 is transmitted from the first communication device 102 toward the indoor environment 5, the second communication device 109 uses the second communication processing unit 113 to perform the first communication. The frame 201 is received (305).

In the above flow, transmission of the first communication data 203 as position data is realized from the first communication device 102 to the second communication device 109. If the first communication data 203 is sent from the first communication device 102 or is correct and not tampered, or if only the flow concerned, the second communication device 109 on the receiving side confirms it. There is no art. However, since communication related to authentication of communication data is not included, in each communication processing in each of the communication devices 102 and 109, a situation such as enlargement of the communication data length due to addition of authentication data does not occur, and information processing and communication Each efficiency is maintained well. On the other hand, in the authenticity confirmation system 101 of the present embodiment, the authenticity of the first communication data 203 included in the first communication frame 201 can be confirmed by the following flows.
--- Flow example 2 ---

  Next, generation and transmission of the second communication frame, and processing for confirming the authenticity of the first communication frame 201 accompanying this will be described with reference to the drawings. FIG. 6 is a diagram showing a flow example 2 of the method for confirming the authenticity of position information in the present embodiment. Specifically, this is an example of a communication protocol using the second communication processing units 106 and 113 in the respective communication devices 102 and 109.

In this case, the first communication device 102 starts a time measurement process using an appropriate clock function or the like in order to realize an operation at a certain time interval (401). As a result of the time measurement process, when it is confirmed that a certain period of time has passed (402: OK), the first communication apparatus 102 shifts the process to step 403. Of course, the implementation method of the above-mentioned timing process in the first communication apparatus 102 is not limited.

  Subsequently, the first communication apparatus 102 receives the result of step 402 described above, and starts transmission processing using the second communication processing unit 106 (403). In this case, the first communication device 102 generates the second communication frame 204 (404).

  As described above, in the generation process of the second communication frame 204 in step 404, the first communication device 102 performs processing on the position data and time data such as the generation time or transmission time of the second communication frame. In addition, an appropriate algorithm such as an encryption key held in the authentication information storage unit 104 is applied to generate authentication data, and the authentication data, the above-described position data, and time data are set in a communication frame compatible with the wireless LAN system. Thus, the second communication frame is generated.

  Next, the first communication device 102 directs the second communication frame 204 generated in step 404 described above to the indoor environment 5 via the second wireless antenna 115 using the second communication processing unit 106. Make a call (405).

  On the other hand, the second communication device 109 is in a waiting state for reception processing of the second communication frame 204 during the execution interval of step 403 in the first communication device 102 described above (406).

  On the other hand, when the second communication frame 204 is transmitted by the first communication device 102, the second communication device 109 uses the second communication processing unit 113 and the second wireless antenna 115, The communication frame 204 is received (407).

  Subsequently, the second communication device 109 executes verification processing of the authentication data of the second communication frame 204 received in step 407 (408).

  In the verification process of the authentication data of the second communication frame 204 in step 408, as described above, the position data and time data included in either the first communication frame 201 or the second communication frame 204 that has been received. The first communication frame 201 is compared with the result calculated by applying an appropriate algorithm such as an encryption key held in the authentication information storage unit 111 against the authentication data included in the second communication frame 204. This is a process for executing the authenticity check of the position data at.

  As a result of the above verification process, when the verification of the authentication data is successful (408: OK), the second communication device 109 shifts the process to step 409. On the other hand, if the verification of the authentication data has failed (408: NG), the process proceeds to step 410.

  Next, the second communication device 109 determines that the first communication data 203 transmitted from the first communication device 102, that is, the position data is authentic, based on the verification result of step 408 described above (409). The flow is finished. On the other hand, the second communication device 109 determines that the first communication data 203 transmitted from the first communication device 102, that is, the position data is invalid based on the verification result of step 408 described above ( Step 410), the flow ends.

In the above protocol illustrated in FIG. 6, whether the first communication data 207 in the first communication frame 201 transmitted by the first communication device 102, that is, whether the position data is genuine data that has not been falsified or received. It is possible to authenticate with the second communication device 109 on the side.

In this way, by combining the two types of communication illustrated in the flows of FIGS. 5 and 6, the second communication device 109 can eliminate the processing and security overhead associated with the security processing in the first communication processing unit 112. The first communication data 203 (position data), which is desired communication data, can be received by the first communication device 102 at a predetermined timing. Further, the second communication device 109 transmits the first communication data 207 as the desired communication data via the second communication processing unit 113 together with the authentication data 209 indicating that the first communication data 207 has not been forged or tampered. It can be received at a predetermined timing by the communication device 102. Thereby, for example, it is possible to realize an authenticity confirmation system that normally performs plaintext communication on position data and can confirm the authenticity of position data that is communication data that is plaintext communicated at a predetermined timing.
--- Flow example 3 ---

  In the flow example 2 described above, the first communication device 102 needs to continuously transmit the second communication frame at regular time intervals, but in terms of various processing efficiencies in the first communication device 102. Further efficiency may be improved by using the following communication protocol. FIG. 7 is a diagram showing a flow example 3 of the authenticity confirmation method for position information in the present embodiment.

  In this case, the second communication device 109 uses the second communication processing unit 113 and the second wireless antenna 115 to set predetermined communication data in the third communication frame 211 and transmits it to the indoor environment 5 ( 501). Here, it does not matter what communication device 211 the third communication frame 211 transmits to which communication data, but as an example, the one already in the form illustrated in FIG. Can be assumed.

  On the other hand, the first communication device 102 uses the second communication processing unit 106 and the second wireless antenna 108 to detect the third communication frame 211 described above, for example, when it starts up or when a predetermined time arrives. Is started (502). Considering the above example, since the third communication frame 211 is transmitted from the second communication device 109, the first communication device 102 transmits the third communication frame 211 transmitted to the indoor environment 5. , The presence of the second communication device 109 is detected in the indoor environment 5 (503: OK), and the process transitions to step 504. On the other hand, if the third communication frame 211 cannot be received, the first communication device 102 determines that the presence of the second communication device 109 in the indoor environment 5 has not been detected (503: NG), and continues. The third communication frame 211 is waiting to be received.

  Thereafter, steps 504 to 506 are the same as steps 403 to 405 illustrated in the flow of FIG. Steps 507 to 510 are the same as steps 407 to 410 exemplified in the flow of FIG. 6, and detailed description thereof is omitted.

  By using the communication protocol shown in the flow example 3, the first communication device 101 can detect the presence of the second communication device 109 to be communicated in the communication range in the indoor environment 5 in the vicinity of the own device. In this case, the first communication data 207 and the time data 208 as position data can be transmitted together with the authentication data 209 using the second communication processing unit 106 and the second wireless antenna 108. Thereby, for example, the first communication data 207 as the position data is efficiently obtained in a situation in which, for example, plain text communication regarding the position data is normally performed and the second communication device 109 to be received is detected in the vicinity. It is possible to confirm the authenticity of.

  Note that it is possible to assume a case where the authentication data included in the second communication frame, which is the target of the verification process in the flows illustrated in FIGS. 6 and 7 described above, includes a predetermined ID. FIG. 8 is a diagram illustrating a format example of the second communication frame 601.

  The second communication frame 601 includes a second communication header 205 and second communication data 602. Among these, the second communication data 602 includes an identification number 603 (hereinafter referred to as ID (2)) assigned in advance to the first communication device 102 (or the second communication device 109), and the first communication data 207. , Time data 208, and authentication data 604. The second communication header 205, the first communication data 207, and the time data 208 are the same as those of the second communication frame 204 shown in FIG.

  On the other hand, the ID (2) 603 corresponds to, for example, a protocol for communication between the second communication processing unit 106 of the first communication device 102 and the second communication processing unit 113 of the second communication device 109. Identification information can also be assumed. For example, when the protocol corresponds to wireless LAN communication, ID (2) 603 is an IP address, an individual identifier in the application layer, or the like. Note that the process 210 schematically shows a relationship regarding generation of authentication data among the ID (2) 603, the first communication data 207, the time data 208, and the authentication data 604, and has already been described with reference to FIG. The same applies to what is shown.

By using the second communication frame 601 described above, the second communication device 109 can also check the authenticity of the first communication device 102. When a so-called public key cryptosystem is used for generating the authentication data 209, the authenticity of each individual first communication device 102 can be confirmed by appropriately managing the secret key individually.
--- Flow example 4 ---

  Next, processing for determining whether or not the above-described authentication data verification processing is necessary based on the first communication frame 201 received from the first communication device 102 in the second communication device 109 will be described with reference to the drawings. . Note that the second communication device 109 in this case is a predetermined portion (eg, date / time information or sequence number) of the first communication data 203 received from the first communication device 102, or the first communication data 203. It is assumed that a management table (not shown) for storing everything is held in the storage device.

  FIG. 9 is a diagram showing a flow example 4 of the method for confirming the authenticity of position information in the present embodiment. In this flow, steps 301 to 305 are the same as those already shown in the flow of FIG. On the other hand, the second communication device 109 that has received (305) the first communication frame uses the portion of the first communication data 203 of the received first communication frame that is used for determining whether or not authentication processing is necessary. Alternatively, all the first communication data 203 is added to the above management table (1001). The first communication frame 201 has the same configuration as that shown in FIG. 2 as shown in FIG.

  In addition, the second communication device 109 has a predetermined consistency such as “the date and time are continuous between data” and “the date and time divergence is within a predetermined range”. The quality is judged based on the management criteria (1002).

  If there is no problem in the consistency between the data as a result of the determination (1002: OK), the second communication device 109 returns the process to step 304 and performs the first communication using the first communication processing unit 112. The frame 201 continues to receive a frame 201. On the other hand, as a result of the above determination, if there is a problem in the consistency between data (1002: NG), the second communication device 109 shifts the processing to step 801. The second communication apparatus 109 in this case starts authentication processing based on the flow shown in FIG.

With the processing based on the flow in FIG. 9, it becomes possible for the second communication device 109 to determine whether or not to start authenticity confirmation processing regarding the first communication data 203 obtained from the first communication device 102. . Here, when the first communication data 203 is position information and the second communication device 109 is a mobile object, the data managed in the above management table is a past movement history of the mobile object. In general, the positional information of such a moving body is expected to have some coordinate continuity. In addition, whether or not any discontinuity has occurred in the expected continuity can be a management standard for determining data consistency.
--- Flow example 5 ---

  Next, the flow example 5 shown in FIG. 10 will be described. In this case, as described above, the second communication device 109 starts processing for confirming the authenticity of the first communication data 203 obtained from the first communication device 102, that is, the position data (801).

  Next, the second communication device 109 generates a fourth communication frame 701 (802). As shown in FIG. 12, the fourth communication frame 701 is composed of a fourth communication header 702 and fourth communication data 703. Among these, the second communication header 702 is functionally the same as the first communication header 202. The fourth communication data 703 includes challenge data 704. The challenge data 704 is challenge data for performing so-called challenge and response authentication, and the challenge value is generated by the second communication device 109 by a predetermined method. Here, the generation method does not matter.

  In addition, the second communication device 109 transmits the fourth communication frame 701 generated in step 802 described above to the indoor environment 5 using the second communication processing unit 113 and the second wireless antenna 115. (803).

  On the other hand, the first communication device 102 is in a reception waiting state using the second communication processing unit 106 and the second wireless antenna 108 (804). However, as described above, since the second communication device 109 transmits the fourth communication frame 701, the first communication device 102 uses the second communication processing unit 106 and the second wireless antenna 108. The fourth communication frame 701 is received (805).

  Subsequently, the first communication device 102 generates a fifth communication frame 705 (806). The fifth communication frame 705 includes a fifth communication header 706 and fifth communication data 707 as shown in FIG. Of these, the fifth communication header 706 is functionally the same as the first communication header 202. The fifth communication data 707 includes first communication data 708 and authentication data 709. The first communication data 708 is the same data as the first communication data 203 and is position data. The authentication data 709 is data that can verify whether or not the first communication data 708 has been tampered with using a so-called challenge and response authentication method. Process 710 schematically shows a relationship for generating authentication data 709 based on first communication data 708 and challenge data 704. This processing 710 is executed by the information processing unit 103 and the first communication processing unit 105 in the first communication device 102 when the fifth communication frame 705 is generated. Here, although not limited to a specific authentication data generation method, as in the description of FIG. 2, for example, the HMAC operation result of data obtained by combining the challenge data 704 with the first communication data 203 is defined as authentication data 709. A method such as the above may be used.

  Next, the first communication device 102 transmits the fifth communication frame 705 generated in step 806 described above to the indoor environment 5 using the second communication processing unit 106 and the second wireless antenna 108. (807).

In response to the transmission of the fifth communication frame 705 in step 807 described above, the second communication device 109 uses the second communication processing unit 113 and the second wireless antenna 115 to transmit the fifth communication frame 705. Receive (808).

  Next, the second communication device 109 verifies the authentication data of the fifth communication frame 705 received in Step 808 (809). The second communication device 109 shifts the processing to step 810 if the verification succeeds and to step 811 if the verification fails. The verification process regarding the authentication data includes authentication data 709 included in the fifth communication frame 705, challenge data 704 included in the fourth communication frame 701 transmitted to the first communication device 102, and the first received data. The first communication data 203, which is the position data included in the communication frame 201, is compared with authentication data to which a predetermined algorithm such as an encryption key held in the authentication information storage unit 111 is applied. The authenticity confirmation is executed with respect to the first communication data 203.

  When the verification result of the authentication data in the above-described step 809 is a successful verification (809: OK), the second communication device 109 authenticates the first communication data 203 transmitted from the first communication device 102. (810), the flow is terminated. On the other hand, if the verification result of the authentication data in the above-described step 809 is unsuccessful (809: NG), the second communication device 109 transmits the first communication data transmitted from the first communication device 102. 203 is determined to be invalid (811), and the flow ends.

  By executing such a flow, whether or not the first communication data 203 has been falsified using so-called challenge and response authentication between the first communication device 102 and the second communication device 109, Authentication can be performed by the second communication device 109 on the receiving side.

  As described above, by combining the two types of communication shown in the flowcharts of FIGS. 9 and 10, the second communication device 109 allows the first communication processing unit 112 to avoid processing associated with security processing and communication overhead. The first communication data 203 that is position data can be received by the first communication device 102 at a predetermined timing. Further, the second communication device 109 sends authentication data 709 indicating that the first communication data 203 as the position data has not been forged or tampered via the second communication processing unit 113. 102 can be received at a predetermined timing. As a result, for example, it is possible to realize an authenticity confirmation system that normally performs plaintext communication on position data and can confirm the authenticity of position data being transmitted in plaintext at an arbitrary timing.

--- Other configuration examples of authenticity confirmation system 1 ---

  The authenticity confirmation system 101 of the present embodiment may have the following system configuration instead of the configuration shown in FIG. FIG. 14 is a diagram showing a configuration example 2 of the authenticity confirmation system in the present embodiment.

  The authenticity confirmation system 901 shown here includes a first communication device 902 and a second communication device 903. However, the first communication device 902 and the second communication device 903 here each have only one communication processing unit. Other configurations are the same as those shown in FIG.

In such a configuration, the first communication device 902 and the second communication device 903 use only one communication processing unit 105 and 112, respectively, and can perform the processing using the second communication processing unit already described. Is possible. For example, transmission / reception of the first communication frame is performed by the first communication processing units 105 and 112, while transmission / reception of the second communication frame is also performed in the first communication in the gap time of the transmission / reception processing of the first communication frame. If operations such as execution by the processing units 105 and 112 are performed, plaintext communication of position data and communication of authentication data can be performed in parallel with a set of one communication processing unit. When such a configuration and operation are employed, a cost reduction effect can be obtained by reducing the number of communication processing units in the communication devices 902 and 903.

--- Other configuration examples of authenticity confirmation system 2 ---

  Further, in the case where an electronic signature technique using public key encryption technology is used as means for realizing authentication of the first communication data 203, the configuration of the authenticity confirmation system 101 may be as follows.

  FIG. 15 is a diagram showing a configuration example 3 of the authenticity confirmation system 1101 in the present embodiment. The authenticity confirmation system 1101 shown here includes a first communication device 102 and a second communication device 1102. Note that the first wireless antennas 107 and 114 and the second wireless antennas 108 and 115 are the same as those shown in FIG.

  On the other hand, the second communication apparatus 1102 further includes another communication function for executing communication with the verification apparatus 1103 via an appropriate network 1104 such as the Internet in addition to the configuration of the second communication apparatus 109 shown in FIG. It is a communication apparatus of the composition. Here, the verification device 1103 is a device that receives a verification request from the second communication device 1102 via the network 1104, performs signature verification, and returns the verification result to the second communication device 1102 that is the request source.

The verification device 1103 described above manages the signature verification list that has been processed in response to the verification request, using an appropriate storage device. In this signature verification list, the verification result of each signature, that is, the result of verification OK or NG is written. In the signature verification list, it is assumed that entries determined to be unnecessary due to the age of the history or the frequency of reference are deleted in accordance with the storage device capacity constraint in the verification device 1103.
--- Flow example 6 ---

  Next, processing executed by the authenticity confirmation system 101 shown in FIG. 15 will be described with reference to the drawings. FIG. 16 is a diagram showing a flow example 6 in the authenticity confirmation method of the present embodiment. In this case, the second communication device 1102 receives the second communication frame from the first communication device 102 according to the flow shown in FIG. 6 (corresponding to step 407), and starts signature verification (in step 408). In this case, the verification process is requested to the verification apparatus 1103 instead of performing the verification process within the second communication apparatus 1102 itself (step 1201).

  Here, the second communication apparatus 1102 transmits a verification request communication frame to the verification apparatus 1103 (step 1201). Here, a specific example of the communication frame for the verification request is not shown, but includes a set of authentication data necessary for signature verification, and the second communication frame 601 or the fifth communication frame transmitted from the first communication device 102 is included. Similar to communication frame 705.

  On the other hand, the verification device 1103 is waiting to receive a signature verification request from the second communication device 1102 (step 1203). However, in the above-described situation, since the second communication apparatus 1102 has transmitted the communication frame for the verification request, the verification apparatus 1103 receives the verification request communication frame (step 1204).

Next, the verification apparatus 1103 checks whether an entry indicated by the above-described verification request exists in the signature verification list (step 1205). If there is no entry in the signature verification list as a result of this check (1205: OK), the verification apparatus 1103 verifies the signature included in the verification request communication frame (1206). On the other hand, if there is an entry in the signature verification list as a result of the above check (1205: NG), the verification apparatus 1103 shifts the processing to step 1207 to respond with the verification result indicated by the corresponding entry.

  Next, the verification device 1103 transmits the verification result (OK or NG) at step 1206 to the second communication device 1102 (1207). Here, the format of the result response communication frame includes at least a verification result (OK or NG). Other formats are not required here.

  Subsequently, the verification device 1103 updates the signature verification list when it is necessary to perform a new signature verification in step 1206 described above (step 1208), and receives a signature verification request from the second communication device 1102 Return to wait.

  On the other hand, the second communication device 1102 receives the result response communication frame from the verification device 1103 (1209), and transitions to step 409 or step 410 of the flow shown in FIG. 6 based on the result.

  According to the flow shown above, the authenticity for realizing the signature verification processing based on the public key cryptography without providing the second communication device 1102 with a public key cryptography function that requires complicated and expensive cryptographic processing. A sex confirmation system can be configured.

  Although the best mode for carrying out the present invention has been specifically described above, the present invention is not limited to this, and various modifications can be made without departing from the scope of the invention.

  According to this embodiment, it is possible to confirm the authenticity of the position information transmitted by the indoor positioning system.

  At least the following will be clarified by the description of the present specification. That is, in the position information authenticity confirmation system according to the present embodiment, the first communication device may execute the transmission of the second data every elapse of a predetermined time.

  According to this, it is possible to avoid a situation where the first communication device continuously transmits the second data for authentication frequently and reduce the processing load, and efficiently use the limited resources. . As a result, the authenticity of the position information transmitted by the indoor positioning system can be efficiently confirmed.

  Further, in the position information authenticity confirmation system according to the present embodiment, the first communication device receives the predetermined data based on a predetermined communication protocol transmitted from the second communication device, whereby the indoor environment The presence of the second communication device may be detected, and the transmission of the second data may be executed in response to the detection.

  According to this, the process of transmitting the second data for authentication in the first communication device is executed only when the existence confirmation of the second communication device that is the receiving device can be performed. It is possible to reduce the processing load on the communication apparatus and efficiently use limited resources. As a result, the authenticity of the position information transmitted by the indoor positioning system can be confirmed more efficiently.

Moreover, in the authenticity confirmation system for position information according to the present embodiment, the first communication device relates to at least the predetermined data included in the first data and the identification information of the first communication device as the authentication data. Information to which a predetermined algorithm is applied is included in the second data and transmitted, and when the second communication device performs the authenticity check, either the first data or the second data is transmitted. The result of applying the predetermined algorithm to the predetermined data included in the data and the identification information of the first communication device previously stored in the storage device is compared with the authentication data included in the second data. It is good also as.

  According to this, it is possible to confirm the authenticity of the first communication device itself, which is the position information transmitting device, at the time of the authenticity confirmation. As a result, the authenticity of the position information transmitted by the indoor positioning system can be confirmed with higher accuracy.

  In the authenticity confirmation system for position information according to the present embodiment, the first communication device receives predetermined data transmitted by the second communication device in response to a predetermined trigger, and includes at least the predetermined data. The second data further includes a process of transmitting authentication data to which the predetermined algorithm is applied with respect to the predetermined information, and the second communication device receives the second data from the first communication device. The authentication data included in the second data is compared with the authentication data applied with a predetermined algorithm with respect to the predetermined information included in the predetermined data transmitted to the first communication device, and the first data It is also possible to execute authenticity confirmation.

  According to this, the process of transmitting the second data for authentication in the first communication device is executed in response to a request from the second communication device as the receiving device, and the processing load in the first communication device Can be further reduced, and limited resources can be used efficiently. As a result, the authenticity of the position information transmitted by the indoor positioning system can be confirmed more efficiently.

  In the authenticity confirmation system for position information according to the present embodiment, the second communication device stores the first data received from the first communication device with respect to the received data from the first communication device. Collating with the authenticity confirmation necessity criteria held by the device, and as a result of the collation, when the first data is determined to require authenticity confirmation, the predetermined data is transmitted with the determination as a trigger. It is good.

  According to this, there is a suspicion regarding the position information which is the first data transmitted by the first communication device, and the second communication device has a request to the first communication device, The process of transmitting the second data for authentication in one communication apparatus is executed. Therefore, it is possible to further reduce the processing load in the first communication device and efficiently use limited resources. As a result, the authenticity of the position information transmitted by the indoor positioning system can be confirmed more efficiently.

  In the authenticity confirmation system for position information according to the present embodiment, when the second communication device receives the second data from the first communication device, the second communication device issues a verification request including the second data. Based on the verification result transmitted to the verification device and received from the verification device in response to the verification request, the authenticity check of the first data is executed, and the verification request is received from the second communication device Then, a predetermined verification algorithm is applied to the second data included in the verification request, the authenticity check of the first data is executed, and the result of the authenticity check is used as a verification result to the second communication device. It may further include a verification device that replies.

  According to this, for example, authenticity that realizes signature verification processing based on public key cryptography without providing the second communication device with a public key cryptography function that tends to be complicated and expensive to introduce. The confirmation system can be configured. Therefore, it is possible to reduce the processing load on the second communication device and efficiently use limited resources. As a result, the authenticity of the position information transmitted by the indoor positioning system can be confirmed more efficiently.

In the authenticity confirmation system for position information according to the present embodiment, the first communication device includes two communication processing units, and one communication processing unit transmits the first data, and the second data The second communication device includes two communication processing units, one communication processing unit receives the first data, and the second data is transmitted to the other communication unit. It is good also as what a communication processing part receives.

  According to this, for example, a communication function in one communication processing unit (processing plaintext first data) is not equipped with a security function, while the other communication processing unit (processing encrypted second data) is used. Various types of security functions can be installed in communication. Therefore, while reducing the security processing load during normal operation, which is the time of the first data processing, in the first and second communication devices, it is simple and efficient with respect to the second data processing that requires authenticity confirmation processing. Security functions can be used. Therefore, it is possible to reduce the processing load in each of the first and second communication devices and use limited resources more efficiently. As a result, the authenticity of the position information transmitted by the indoor positioning system can be confirmed more efficiently.

  Further, in the position information authenticity confirmation method according to the present embodiment, the first communication device may execute the transmission of the second data every elapse of a predetermined time.

  In the location information authenticity confirmation method according to the present embodiment, the first communication device receives predetermined data based on a predetermined communication protocol transmitted from the second communication device, so that the indoor environment The presence of the second communication device may be detected, and the transmission of the second data may be executed in response to the detection.

  Moreover, in the authenticity confirmation method for position information according to the present embodiment, the first communication device relates to at least predetermined data included in the first data as the authentication data and identification information of the first communication device. Information applying a predetermined algorithm is included in the second data and transmitted, and when the second communication device executes the authenticity check, the first data or the second data includes a predetermined value. The result of applying the predetermined algorithm to the data and the identification information of the first communication device previously held in the storage device may be collated with the authentication data included in the second data.

  Further, in the location information authenticity confirmation method of the present embodiment, the first communication device receives predetermined data transmitted by the second communication device in response to a predetermined trigger, and includes at least the predetermined data. Further executing a process of transmitting the authentication data including a predetermined algorithm with respect to the predetermined information included in the second data, the second communication device receiving the second data from the first communication device, Verification of authenticity of the first data by collating authentication data included in the second data and authentication data applied with a predetermined algorithm with respect to predetermined information included in the predetermined data transmitted to the first communication device May be executed.

  In the authenticity confirmation method of position information according to the present embodiment, the second communication device stores the first data received from the first communication device with respect to the received data from the first communication device. When it is determined that the first data needs to be verified as a result of the verification, the predetermined data may be transmitted using the determination as a trigger.

  In the authenticity confirmation method for position information according to the present embodiment, when the second communication device receives the second data from the first communication device, a verification request including the second data is sent to a predetermined request. A verification device that transmits to the verification device and executes authenticity confirmation of the first data based on the verification result received from the verification device in response to the verification request, and receives the verification request from the second communication device Applies a predetermined verification algorithm to the second data included in the verification request, executes authenticity check of the first data, and uses the result of the authenticity check as a verification result to the second communication device. You may reply.

  Moreover, in the authenticity confirmation method for position information according to the present embodiment, the first communication device includes two communication processing units, and one communication processing unit transmits the first data, and the second data Is transmitted from the other communication processing unit, the second communication device includes two communication processing units, the one communication processing unit receives the first data, and the second data is processed by the other communication processing unit. The unit may receive.

5 Indoor Environment 101 Authenticity Confirmation System 102 First Communication Device 103 Information Processing Unit 104 Authentication Information Storage Unit 105 First Communication Processing Unit 106 Second Communication Processing Unit 107 First Antenna 108 Second Antenna 109 Second Communication device 110 information processing unit 111 authentication information storage unit 112 first communication processing unit 113 second communication processing unit 114 first antenna 115 second antenna 201 first communication frame (first data)
202 First communication header 203 First communication data (position data)
204 Second communication frame (second data)
205 Second communication header 206 Second communication data 207 First communication data (first data)
208 Time data 209 Authentication data 211 Third communication frame (predetermined data based on a predetermined communication protocol)
212 Third communication header 213 Third communication data 214 ID included in third communication header
215 ID included in the third communication data
601 Second communication frame 602 Second communication data 603 ID (identification information of the first communication device) included in the second communication data
604 Authentication data 701 Fourth communication frame (predetermined data transmitted according to a predetermined opportunity)
702 Fourth communication header 703 Fourth communication data 704 Challenge data (predetermined information included in predetermined data)
705 fifth communication frame 706 fifth communication header 707 fifth communication data 708 first communication data 709 authentication data 901 authenticity confirmation system 902 first communication device 903 second communication device 1101 authenticity confirmation system 1102 Second communication device 1103 Verification device 1104 Network

Claims (16)

A first communication device that transmits first data including position data and second data including authentication data to which a predetermined algorithm is applied to at least the predetermined data included in the first data to an indoor environment;
Receiving the first data and the second data from the first communication device, and applying the predetermined algorithm to predetermined data included in either the first data or the second data; and and collating the authentication data the secondary data includes, and a second communication apparatus for performing the authenticity check of the first data,
The first communication device receives predetermined data transmitted by the second communication device in response to a predetermined opportunity, and at least authentication data obtained by applying a predetermined algorithm with respect to predetermined information included in the predetermined data is the second data To further execute the process of sending in,
The second communication device receives the second data from the first communication device, and includes authentication data included in the second data and the predetermined data transmitted to the first communication device. Collating with authentication data to which a predetermined algorithm is applied with respect to the predetermined information, the authenticity check of the first data is executed.
A system for confirming the authenticity of position information.   The authenticity confirmation system for position information according to claim 1, wherein the first communication device executes transmission of the second data every elapse of a predetermined time.   The first communication device detects presence of the second communication device in the indoor environment by receiving predetermined data based on a predetermined communication protocol transmitted by the second communication device, and detects the detection. The position information authenticity confirmation system according to claim 1, wherein the transmission of the second data is executed in accordance with the position information. The first communication device includes, as the authentication data, information obtained by applying a predetermined algorithm with respect to at least predetermined data included in the first data and identification information of the first communication device in the second data. To send,
The second communication device, when executing the authenticity confirmation, identifies predetermined data included in either the first data or the second data, and identification of the first communication device previously held in a storage device A result obtained by applying the predetermined algorithm to information and verification data included in the second data are collated.
The system for confirming authenticity of position information according to claim 1. The second communication device compares the first data received from the first communication device with an authenticity confirmation necessity criterion held in a storage device with respect to the received data from the first communication device, and As a result of the collation, when it is determined that authenticity confirmation is necessary, the predetermined data is transmitted in response to the determination.
The system for confirming authenticity of position information according to claim 1. When the second communication device receives the second data from the first communication device, the second communication device transmits a verification request including the second data to a predetermined verification device, and receives the verification request from the verification device. Based on the received verification result, the authenticity of the first data is executed,
The verification request is received from the second communication device, a predetermined verification algorithm is applied to the second data included in the verification request, the authenticity check of the first data is executed, and the authenticity check The position information authenticity confirmation system according to claim 1, further comprising a verification device that returns a result as a verification result to the second communication device. The first communication device includes two communication processing units, one of the communication processing units transmits the first data, and the other communication processing unit transmits the second data.
The second communication device includes two communication processing units, and one communication processing unit receives the first data, and the other communication processing unit receives the second data.
The system for confirming authenticity of position information according to claim 1. The first communication device
Transmitting first data including position data and second data including authentication data to which a predetermined algorithm is applied to at least the predetermined data included in the first data to an indoor environment;
The second communication device
Receiving the first data and the second data from the first communication device, and applying the predetermined algorithm to predetermined data included in either the first data or the second data; and The authentication data included in the two data is collated, and the authenticity check of the first data is performed,
The first communication device receives predetermined data transmitted by the second communication device in response to a predetermined opportunity, and at least authentication data obtained by applying a predetermined algorithm with respect to predetermined information included in the predetermined data is the second data Further execute the process of sending in
The second communication device receives the second data from the first communication device, and includes authentication data included in the second data and the predetermined data transmitted to the first communication device. Collating with authentication data to which a predetermined algorithm is applied with respect to predetermined information, and executing authenticity confirmation of the first data,
A method for confirming the authenticity of position information.   The method for confirming authenticity of position information according to claim 8, wherein the first communication device executes the transmission of the second data every elapse of a predetermined time.   The first communication device detects the presence of the second communication device in the indoor environment by receiving predetermined data based on a predetermined communication protocol transmitted by the second communication device, and detects the detection. 9. The method for confirming authenticity of position information according to claim 8, wherein the transmission of the second data is executed in accordance with the position information. In the second data, the first communication device includes, as the authentication data, information obtained by applying a predetermined algorithm with respect to at least predetermined data included in the first data and identification information of the first communication device. Outgoing,
When the second communication device executes the authenticity confirmation, the predetermined data included in either the first data or the second data and the identification of the first communication device previously held in the storage device Collating a result of applying the predetermined algorithm to information and authentication data included in the second data;
The method for confirming authenticity of position information according to claim 8. The second communication device collates the first data received from the first communication device with the authenticity confirmation necessity criteria held in the storage device with respect to the received data from the first communication device, and As a result of the collation, when it is determined that the first data needs to be verified, the predetermined data is transmitted in response to the determination.
The method for confirming authenticity of position information according to claim 8. When the second communication device receives the second data from the first communication device, the second communication device transmits a verification request including the second data to a predetermined verification device, and from the verification device in response to the verification request Based on the received verification result, authenticity of the first data is executed,
The verification device that receives the verification request from the second communication device applies a predetermined verification algorithm to the second data included in the verification request, executes authenticity verification of the first data, and The result of the sex confirmation is returned to the second communication device as the verification result.
The method for confirming authenticity of position information according to claim 8. The first communication device includes two communication processing units, one communication processing unit transmits the first data, and the other communication processing unit transmits the second data,
The second communication device includes two communication processing units, wherein one communication processing unit receives the first data, and the other communication processing unit receives the second data.
The method for confirming authenticity of position information according to claim 8. A device for transmitting location information constituting an indoor positioning system,
An information processing unit that generates first data including position data of the own device held in the storage device, and second data including authentication data obtained by applying a predetermined algorithm to at least the predetermined data included in the first data;
The first data and the authentication data the generated, and a communication processing unit which transmits towards the indoor environment through a predetermined antenna,
The result of applying the predetermined algorithm to the predetermined data included in either the first data or the second data is compared with the authentication data included in the second data to check the authenticity of the first data The second communication device that receives the predetermined data transmitted by the second communication device in response to a predetermined trigger, and receives at least the authentication data to which the predetermined algorithm is applied with respect to the predetermined information included in the predetermined data. It is to be transmitted by including it in two data.
A communication device. A first antenna including position data transmitted by a device for position information transmission in an indoor positioning system and at least second data including authentication data to which a predetermined algorithm is applied with respect to the predetermined data included in the first data. A communication processing unit for receiving via
A result of applying the predetermined algorithm to predetermined data included in the received first data or second data is compared with authentication data included in the received second data, and the first data and a processing unit for executing a check authenticity,
A process of transmitting predetermined data according to a predetermined opportunity;
The second data is received from the position information transmission device that transmits the second data including authentication data to which the predetermined algorithm is applied with respect to the predetermined information included in the predetermined data, and the second data includes the authentication The verification of the first data is performed by comparing the data with authentication data to which a predetermined algorithm is applied with respect to the predetermined information included in the predetermined data that has been transmitted to the device for transmitting position information. is there,
A communication device.

Images