JP7358574B2 - Authentication system, transmitter, receiver, authentication method, and program - Google Patents

Description

The present disclosure relates to a communication system, a transmitting device, a receiving device, a communication method, and a program.

2. Description of the Related Art Conventionally, a technique is known in which data to be transmitted, such as user identification information, is transmitted from a transmitting device to a receiving device. For example, in Patent Document 1, a transmitting device encrypts user identification information using an encryption key that is changed at a predetermined timing, and uses a Bluetooth (registered trademark) advertising packet to transmit the encrypted identification information. A technique for transmitting data to a receiving device is described.

Japanese Patent Application Publication No. 2016-116130

In the technique of Patent Document 1, since identification information is different for each user, a receiving device needs to receive an advertising packet containing arbitrary identification information. In this regard, noise may occur during conversion to an analog electrical signal or during transmission of advertising packets. Therefore, in order to accurately acquire identification information, the receiving device of Patent Document 1 needs to distinguish between advertising packets that are not affected by noise and advertising packets that are affected by noise.

The advertising packet of Patent Document 1 includes a CRC (Cyclic Redundancy Check), which is a type of error detection code, but there is a limit to the error detection accuracy of the CRC, and it cannot sufficiently cope with noise that the identification information receives. Sometimes. This point also applies to communication protocols other than Bluetooth (registered trademark), and conventional methods have not been able to sufficiently cope with the influence of noise on the data to be transmitted.

One of the objectives of the present disclosure is to address noise that is experienced by data to be transmitted.

A predicted profit/loss display system according to the present disclosure is a communication system including a transmitting device and a receiving device, wherein the transmitting device includes a dividing unit that divides data to be transmitted into a plurality of data parts, and a dividing unit that divides data to be transmitted into a plurality of data parts. Creating means for creating each of the plurality of packets so that each of the plurality of packets includes at least one overlapping data portion and order information regarding the order of the data portion in the data to be transmitted. and a transmitting means for transmitting each of the plurality of packets to the receiving device, and the receiving device includes a receiving means for receiving each of the plurality of packets from the transmitting device, and a transmitting means for transmitting each of the plurality of packets to the receiving device. acquisition means for combining the plurality of data parts to obtain the transmission target data based on the plurality of duplicated at least one data parts included in each packet and the order information; and execution means for executing a predetermined process based on the data to be transmitted.

A transmitting device according to the present disclosure includes a dividing unit that divides data to be transmitted into a plurality of data portions, and a plurality of at least one data portion overlapped in each of a plurality of packets, and a plurality of data portions to be transmitted. The apparatus includes a creating means for creating each of the plurality of packets so as to include order information regarding the order of the data portions in the data, and a transmitting means for transmitting each of the plurality of packets to the receiving device.

A receiving device according to the present disclosure includes a receiving device that receives each of a plurality of packets from a transmitting device, a plurality of at least one overlapping data portion included in each of the plurality of packets, and a plurality of overlapping data portions of the data portion. an acquisition unit that combines a plurality of the data portions to obtain data to be transmitted based on order information regarding the order; and an execution unit that executes a predetermined process based on the data to be transmitted.

The communication method according to the present disclosure includes a dividing step of dividing data to be transmitted into a plurality of data parts, and a plurality of overlapping at least one data part is included in each of the plurality of packets, and the data to be transmitted is a creation step of creating each of the plurality of packets so as to include order information regarding the order of the data portions in the data; a transmission step of transmitting each of the plurality of packets to a receiving device; , a receiving step of receiving each of the plurality of packets, a plurality of duplicated at least one data portions included in each of the plurality of packets, and the order information. The method includes an acquisition step of combining parts to obtain the transmission target data, and an execution step of executing a predetermined process based on the transmission target data.

A program according to the present disclosure includes a dividing means for dividing data to be transmitted into a plurality of data parts, each of a plurality of packets includes a plurality of overlapping at least one data part, and the data to be transmitted is divided into a plurality of data parts. A computer is caused to function as a creating means for creating each of the plurality of packets and as a transmitting means for transmitting each of the plurality of packets to the receiving device so that order information regarding the order of the data portions is included.

A program according to the present disclosure includes a receiving unit that receives each of a plurality of packets from a transmitting device, a plurality of at least one overlapping data portion included in each of the plurality of packets, and an order of the data portion. The computer is caused to function as an acquisition unit that combines the plurality of data portions to obtain data to be transmitted based on the order information, and as an execution unit that executes a predetermined process based on the data to be transmitted.

In one aspect of the present disclosure, each of the plurality of packets includes a plurality of overlapping at least one data portions in a first data area, includes the order information in a second data area, and includes the order information in a second data area; The acquisition means scans packets whose values contained in the first data area are the same, and acquires the transmission target data based on the scanned packets.

In one aspect of the present disclosure, the creating means creates each of the plurality of packets so that each of the plurality of packets includes a plurality of overlapping pieces of the order information, and the obtaining means The transmission target data is acquired based on the plurality of duplicated at least one data portions and the plurality of duplicated order information included in each of the plurality of packets.

In one aspect of the present disclosure, each of the plurality of packets includes a plurality of overlapping at least one data portions in a first data area, and overlaps the order information in a second data area. The acquisition means scans packets in which the values contained in the second data area are the same, and acquires the transmission target data based on the scanned packets.

In one aspect of the present disclosure, the creation means creates each of the plurality of packets so that each of the plurality of packets consecutively includes a plurality of overlapping pieces of the order information.

In one aspect of the present disclosure, the creation means is configured to create the plurality of packets such that in each of the plurality of packets, the plurality of duplicated at least one data portions and the order information are separated by a predetermined distance or more. Create each of them.

In one aspect of the present disclosure, the creation means creates each of the plurality of packets such that each of the plurality of packets includes a plurality of consecutive overlapping at least one data portions.

In one aspect of the present disclosure, the receiving device further includes specifying means for specifying the number of the data portions, and the obtaining device extracts the at least one data portion from each of the plurality of packets until the number reaches the number. and the order information, and when the number reaches the number, the data to be transmitted is acquired.

In one aspect of the present disclosure, the data to be transmitted is a numerical value with a predetermined number of digits, each of the plurality of data parts is an individual digit included in the numerical value, and the order information is a numerical value in the numerical value. The identifying means identifies the number of digits as the number.

In one aspect of the present disclosure, the receiving device is capable of communicating with each of the plurality of transmitting devices, and each of the plurality of packets includes identification information that can identify the transmitting device that has transmitted the packet. The acquisition means acquires the transmission target data for each of the transmitting devices based on the identification information included in each of the plurality of packets.

In one aspect of the present disclosure, each of the plurality of packets is an advertising packet in a predetermined wireless communication standard, and the creation means includes a part of a service UUID in the wireless communication standard in each of the plurality of advertising packets. , each of the plurality of advertising packets is created so as to include a plurality of duplicated at least one data portions and the order information, and the transmitting means uses the wireless communication standard. , transmitting each of the plurality of advertising packets, the receiving means receiving each of the plurality of advertising packets using the wireless communication standard, and the obtaining means transmitting each of the plurality of advertising packets to each of the plurality of advertising packets. The transmission target data is acquired based on the plurality of duplicated at least one data portions included as part of the service UUID and the order information.

In one aspect of the present disclosure, a predetermined application is installed in the transmitting device, and each process of the dividing means, the creating means, and the transmitting means is executed as a process of the application, and The UUID includes an application identification ID that can identify the application, and the acquisition means scans the advertising packet in which the service UUID includes the application identification ID, and acquires the transmission target data. do.

In one aspect of the present disclosure, the transmission target data is a user ID that can identify a user of the transmitting device, and the predetermined process is an authentication process performed based on the user ID.

In one aspect of the present disclosure, the receiving device further includes a biometric information acquisition unit that acquires biometric information of the user, and the execution unit performs the authentication process based on the user ID and the biometric information. Execute.

According to the present disclosure, it is possible to cope with noise that the data to be transmitted receives.

1 is a diagram showing the overall configuration of a communication system. 1 is a diagram illustrating an example of a situation in which a communication system is used. FIG. 3 is a diagram illustrating an example of the format of an advertising packet. FIG. 3 is a diagram showing how the authentication device scans advertising packets. FIG. 3 is a diagram showing how the authentication device scans advertising packets. FIG. 3 is a diagram showing how the authentication device scans advertising packets. FIG. 2 is a functional block diagram showing an example of functions implemented in the communication system. FIG. 3 is a diagram illustrating an example of data storage in a user database. FIG. 3 is a diagram illustrating an example of data storage of scan setting data. FIG. 3 is a flow diagram showing an example of startup processing. FIG. 3 is a flow diagram showing an example of authentication processing. It is a figure showing the details of processing in S204.

[1. Overall configuration of communication system]
Hereinafter, an example of an embodiment of a communication system according to the present disclosure will be described. In this embodiment, a case will be exemplified in which a communication system is applied to an authentication service for authenticating users. The communication system can be applied to any service, and examples of application to other services will be explained in modified examples below.

FIG. 1 is a diagram showing the overall configuration of a communication system. As shown in FIG. 1, the communication system S includes a server 10, a user terminal 20, and an authentication device 30, which can be connected to a network N such as the Internet. Although FIG. 1 shows one server 10, one user terminal 20, and one authentication device 30, there may be a plurality of them.

Server 10 is a server computer. The server 10 includes a control section 11, a storage section 12, and a communication section 13. Control unit 11 includes at least one processor. The control unit 11 executes processing according to programs and data stored in the storage unit 12. The storage section 12 includes a main storage section and an auxiliary storage section. For example, the main memory section is a volatile memory such as RAM. Further, for example, the auxiliary storage unit is a nonvolatile memory such as a ROM, an EEPROM, a flash memory, or a hard disk. The communication unit 13 is a communication interface for wired or wireless communication. The communication unit 13 performs data communication via the network N.

The user terminal 20 is a computer operated by a user. User terminal 20 is an example of a transmitting device. Therefore, the description of the user terminal 20 in this embodiment can be read as the transmitting device. The transmitting device may be any device that transmits individual data portions into which data to be transmitted, which will be described later, is divided, and other examples of the transmitting device will be described in modified examples, which will be described later.

For example, the user terminal 20 is a mobile phone (including a smartphone), a mobile information terminal (including a tablet computer and a wearable terminal), a personal computer, or the like. In this embodiment, the user terminal 20 includes a control section 21, a storage section 22, a communication section 23, an operation section 24, a display section 25, and a photographing section 26. The physical configurations of the control section 21, the storage section 22, and the communication section 23 may be the same as those of the control section 11, the storage section 12, and the communication section 13, respectively.

The operation unit 24 is an input device. For example, the operation unit 24 is a touch panel, a pointing device such as a mouse, a keyboard, a button, or the like. The display unit 25 is a display or a monitor. For example, the display section 25 is a liquid crystal display section, an organic EL display section, or the like. The photographing unit 26 includes at least one camera. The photographing unit 26 may generate still images or may generate moving images by continuously photographing at a predetermined frame rate.

Authentication device 30 is a computer used for authentication. Authentication device 30 is an example of a receiving device. Therefore, the description of the authentication device 30 in this embodiment can be read as the receiving device. The receiving device may be any device that receives individual data portions into which data to be transmitted, which will be described later, is divided. Other examples of the receiving device will be described in modified examples, which will be described later.

For example, the authentication device 30 is a mobile phone, a personal digital assistant, a personal computer, or the like. In this embodiment, the authentication device 30 includes a control section 31, a storage section 32, a communication section 33, an operation section 34, a display section 35, and a photographing section 36. The physical configuration of the control section 31, storage section 32, communication section 33, operation section 34, display section 35, and photographing section 36 is as follows: control section 11, storage section 12, communication section 13, operation section 24, and display section 25, respectively. , and the photographing section 26.

Note that the programs and data described as being stored in the storage units 12, 22, and 32 may be supplied via the network N. Further, the hardware configuration of each computer described above is not limited to the above example, and various hardware can be applied. For example, it may include a reading section for reading a computer-readable information storage medium (e.g., an optical disk drive or a memory card slot) or an input/output section for inputting and outputting data with an external device (e.g., a USB port). good. For example, programs and data stored in an information storage medium may be supplied via a reading section or an input/output section.

[2. Overview of communication system]
In the present embodiment, processing executed in the communication system S will be described using an example of a scene in which a user passes through a security gate. The communication system S can also be applied to authentication in other arbitrary situations, and examples of application to other situations will be explained in modified examples to be described later.

FIG. 2 is a diagram showing an example of a situation in which the communication system S is used. As shown in FIG. 2, the security gate SG includes a revolving door. An authentication device 30 is connected to the security gate SG. The door of the security gate SG is locked by a lock mechanism. If the user is successfully authenticated, the lock will be released. For example, a security gate SG is placed in an arbitrary facility such as a company where one works or a public facility, and only users who are qualified to enter the facility can pass through the security gate SG.

In this embodiment, a two-step authentication including ID authentication and face authentication is taken as an example of an authentication method for authenticating a user. The authentication method is not limited to the example of this embodiment, and any other authentication method can be used. For example, biometric authentication other than face authentication may be used, such as fingerprint authentication, iris authentication, vein authentication, or voice authentication. Furthermore, other authentication methods than ID authentication and face authentication may be used, such as two-dimensional code authentication, passcode authentication, password authentication, electronic stamp authentication, or password authentication. Further, for example, the authentication may be performed in only one step, or may be performed in three or more steps.

ID authentication is authentication performed using a user ID issued in advance. The user ID is information that can identify the user. In this embodiment, a case will be described in which the user ID is a numerical value with a predetermined number of digits, but the user ID may have a different number of digits depending on the user. The user ID may be in any format and is not limited to numerical values. For example, the user ID may be a character string or a combination of numerical values (numbers) and characters. ID authentication is successful if a pre-issued user ID is input. In this embodiment, when any user ID registered in the server 10 is input into the authentication device 30, ID authentication is successful.

Face authentication is authentication performed using a face photo or facial features registered in advance. A face photo is an image of the user's face. The facial feature amount is information indicating the facial features shown in the facial photograph. In this embodiment, a case will be described in which the facial feature amount is a multidimensional vector, but the facial feature amount may be in any format, for example, an array or a single numerical value. In the present embodiment, if there is a facial photo or facial feature amount that is similar to or coincides with the user's facial photo or facial feature amount photographed by the authentication device 30 among the facial photos or facial feature amounts registered in the server 10, the facial Authentication is successful. For the face recognition itself, a known method can be used, and for example, a method such as principal component analysis, linear discriminant analysis, elastic matching, or hidden Markov model may be used. The feature amount may be calculated using a calculation formula according to these methods.

For example, when a user registers to use the authentication service by operating the user terminal 20, personal information such as the user's name and a photograph of the user's face are registered in the server 10. When the usage registration is completed, the user ID issued by the server 10 is stored in the storage unit 22 of the user terminal 20. Thereafter, the user can use the authentication service to pass through the security gate SG.

Although the same user ID may be used permanently, in this embodiment, it is assumed that the user ID is updated at a predetermined timing. When the user ID is updated, the old user ID that has been used until then becomes invalid. For example, an application for using an authentication service (hereinafter referred to as an authentication application) is installed on the user terminal 20, and the user ID is updated every time the authentication application is started.

Note that the timing for updating the user ID is not limited to the time when the authentication application is started, but may be at any timing. For example, the user ID may be updated when the user performs a predetermined operation within the authentication app, when ID authentication is successful, or when the expiration date set for the user ID expires.

As shown in FIG. 2, for example, the user approaches the security gate SG with the user terminal 20 in the pocket of his clothes. The wireless communication function of the communication unit 23 of the user terminal 20 is turned on in advance, and the user ID stored in the storage unit 22 is transmitted within the communication range. The wireless communication function may be automatically turned on when approaching the security gate SG, or may be turned on manually by the user. For wireless communication itself, any communication standard can be used, such as Bluetooth (registered trademark) or Wi-Fi (registered trademark).

In this embodiment, the user terminal 20 transmits the user ID using an advertising packet of BLE (Bluetooth Low Energy), which is a type of Bluetooth (registered trademark). Advertising packets are packets that are transmitted before pairing is performed, and the user terminal 20 transmits advertising packets to an unspecified number of devices within a communication range of several meters to several tens of meters. .

FIG. 3 is a diagram illustrating an example of the format of an advertising packet. The format of advertising packets is defined by wireless communication standards, and the details of the format are publicly available. Therefore, in this embodiment, the entire format will not be explained, but only the part used for transmitting the user ID will be explained.

As shown in FIG. 3, the advertising packet includes a data payload section for storing actual data. The size of the data payload section is variable and is 37 bytes (octets) at most. Actual data is stored in the AD data section of the data payload section. The type of actual data stored in the AD data section is specified by the AD type of the data payload section. The authentication device 30 can identify the type of actual data stored in the corresponding AD data section by referring to the AD type.

For example, the fact that the AD type is the first value means that the actual data stored in the AD data section is a service UUID. The service UUID is information that can identify a service. For example, the service UUID identifies the application that sent the advertising packet. The service UUID of the advertising packet sent by the authentication app identifies that the advertising packet was sent by the authentication app.

For example, the fact that the AD type is the second value means that the actual data stored in the AD data section is a local name. A local name is information that can identify a device. For example, the local name is the device name of the user terminal 20. Depending on the operating system of the user terminal 20, when an application such as an authentication application goes into background mode, or when a predetermined period of time has passed since the user terminal 20 went into sleep mode, in order to save power, Local names may be erased from memory and cannot be sent.

On the other hand, the same information can be sent for the service UUID as long as the application such as the authentication application is not deleted. Therefore, in this embodiment, by transmitting an advertising packet in which the user ID is embedded in a part of the service UUID, the user ID can be transmitted from the user terminal 20 to the authentication device 30 without pairing. There is.

The service UUID may use a format defined by the wireless communication standard. For example, a 128-bit service UUID consists of 36 digits including a 32-digit numerical value and four hyphens. The position of the hyphen within the 36 digits is predetermined. It is not necessary to use all of the service UUID to identify the service, so even if part of the service UUID is used for the user ID, the authentication device 30 cannot identify which service the advertising packet belongs to. Can be identified.

Since the authentication device 30 may receive advertising packets sent by applications other than the authentication app, it scans the advertising packets sent by the authentication app among the advertising packets sent to itself. . That is, the authentication device 30 processes advertising packets transmitted by the authentication application, and excludes advertising packets transmitted by other applications from the processing targets and discards them.

4 to 6 are diagrams showing how the authentication device 30 scans advertising packets. 4 and 5 are illustrated for reference, and FIG. 6 illustrates the method of this embodiment. Note that in this embodiment, the user ID is a four-digit numerical value from "0000" to "9999", and in FIGS. 4 to 6, a case where the user ID is "2791" will be explained.

In the service UUID in Figure 4, "68753A44-4D6F-1226-9C60-0050E4C0" is stored as the application identification ID in the 1st to 32nd digits, and "2791" is stored as the user ID in the 33rd to 36th digits. is stored. The application identification ID is information that can identify the authentication application. It is assumed that the application identification ID is stored in advance in the storage unit 22 of the user terminal 20.

The user terminal 20 creates an advertising packet including the service UUID shown in FIG. 4, and transmits the created advertising packet to the surrounding area. The authentication device 30 existing within the communication range of the user terminal 20 scans advertising packets that include the service UUID and the application identification ID of the authentication application among the advertising packets sent to itself. That is, the authentication device 30 determines that the AD type is the first value, and the 1st to 32nd digits of the service UUID stored in the AD data section are "68753A44-4D6F-1226-9C60-0050E4C0". Scan advertising packets. Other advertising packets are discarded without being scanned.

In the example of FIG. 4, the 33rd to 36th digits of the service UUID are arbitrary numbers, so the 33rd to 36th digits can be scanned in 10,000 ways, from "0000" to "9999." Since the authentication device 30 needs to scan a huge number of advertising packets, depending on the performance of the authentication device 30, it may not be possible to scan all advertising packets. For example, even if you try to have the authentication device 30 scan 10,000 ways, in reality it may only be able to scan a few hundred to several thousand ways, and the authentication device 30 cannot receive the user ID and cannot perform the authentication process. Sometimes.

Furthermore, noise may occur when the user terminal 20 converts an advertising packet created as digital data into an analog electrical signal. Noise may also be caused by other factors. For example, noise may be generated due to external factors in the air, or noise may be generated when the authentication device 30 converts received analog electrical signals into digital data. Therefore, even if the user terminal 20 repeatedly transmits advertising packets including the same service UUID, the user ID may be rewritten due to the influence of noise.

In the example of FIG. 4, noise occurs in three of the four advertising packets that the authentication device 30 receives from the user terminal 20. Although the same user ID is supposed to be stored in these four advertising packets, at least one value in the 33rd to 36th digits, for example, may be rewritten due to the influence of noise. In this case, the authentication device 30 cannot determine which user ID is the correct user ID.

It is conceivable that all four types of advertising packets received by the authentication device 30 are considered to be correct user IDs and that the authentication process is performed in a brute force manner, but in this case, it is necessary to perform the authentication process many times. Therefore, the processing load on the server 10 and the authentication device 30 increases. Furthermore, there is a possibility that the user in front of the security gate SG may be erroneously authenticated as another user with a similar face. In the example shown in Figure 4, if the user with the user ID "2791" and the users with the user IDs "1791", "2795", and "8791" have similar faces, erroneous authentication may occur. there is a possibility.

In this regard, as shown in Figure 5, the influence of noise is reduced by dividing the user ID "2791" into individual digits and storing two duplicate individual digits in each of the four service UUIDs. It is also possible to do so. In the example of FIG. 5, the first to 32nd digits of the service UUID are the same as in FIG. 4, and are the application identification ID. In the 33rd and 34th digits of the service UUID, "00" is stored as padding to make the service UUID 36 digits. In the 35th and 36th digits of the service UUID, the numerical values of the individual digits of the user ID are stored redundantly.

For example, the 35th and 36th digits of the first service UUID become "22" by duplicating the first digit "2" of the user ID. For example, the 35th and 36th digits of the second service UUID are "77", which is obtained by inserting two duplicates of "7", which is the second digit of the user ID. Further, for example, the 35th and 36th digits of the third service UUID are "99", which is obtained by inserting two duplicate "9"s, which are the second digit of the user ID. Further, for example, the 35th and 36th digits of the fourth service UUID become "11" by duplicating two "1"s, which are the fourth digit of the user ID.

In the case of FIG. 5, the authentication device 30 only needs to scan advertising packets in which the 35th and 36th digits match, so the 35th and 36th digits are "00" to "99". There are 10 matches. Since the number of objects to be scanned is significantly reduced compared to the case of FIG. 4, the processing load on the authentication device 30 is reduced and all streets can be reliably scanned. Therefore, it is possible to prevent the user ID from being omitted from the scan target and the authentication process being unable to be executed.

Furthermore, since scanning is not performed unless the 35th and 36th digits match, the influence of noise can be eliminated to some extent. For example, if the 35th and 36th digits are "22", which indicates the first digit of the user ID, even if it becomes "24" due to noise, the 35th and 36th digits will not match. Since advertising packets that are affected by noise are not scanned, advertising packets that are affected by noise can be excluded and discarded. However, as shown in Figure 5, if both the 35th and 36th digits are affected by noise and "22" is rewritten to "55", the advertising packet affected by such noise cannot be excluded.

Further, in the case of FIG. 5, since the four-digit user ID is divided into four advertising packets and transmitted, the authentication device 30 may not be able to specify the order of the individual digits. For example, even if the first service UUID to the fourth service UUID are transmitted in order, the authentication device 30 does not necessarily receive them in the order in which they were sent. It may not be the ID. Furthermore, depending on the operating system of the authentication device 30, the received service UUIDs may be sorted in ascending order. In this case, the individual numerical values of the user ID "2791" may be sorted in ascending order and become "1279", which may not be an accurate user ID.

Therefore, in this embodiment, as shown in FIG. 6, order information is included in the service UUID. The order information is information regarding the order of individual digits in the user ID. In this embodiment, since the four-digit user ID is divided into individual digits, the order information is information indicating which digit of the user ID. In the example of FIG. 6, "A", "B", "C", and "D" indicate the first, second, third, and fourth digits, respectively. The order information can be expressed in any other format, and may be expressed as a numerical value from "1" to "4", for example. Further, the order of letters and the order of digits may not match, for example, "A" indicates the fourth digit and "B" indicates the first digit.

In the example of FIG. 6, "68753A44-4D6F-" from the 1st to 14th digits of the service UUID and "-9C60-0050E4C0" from the 19th to 32nd digits are application identification IDs. Although the application identification ID in FIG. 6 has fewer digits than the application identification ID in FIGS. 4 and 5, it has a sufficient number of digits to identify the application, so the authentication device 30 can identify the authentication application. It can be identified as an advertising packet.

Note that the application identification ID may have any number of digits, but if the number of digits is too small, it may overlap with other applications and cannot be distinguished, so it must have a certain number of digits (for example, 10 or more digits). shall have the following. Since a service UUID has an upper limit on the number of digits (for example, 36 digits), the number of digits in the user ID and the number of order information are determined so that a certain number of digits can be secured as an application identification ID. ing. Conversely, if the number of digits of the user ID and the number of order information are too small, the effect of reducing the influence of noise will be weakened, so these numbers are also ensured to a certain extent.

As shown in FIG. 6, the 15th to 18th digits of the service UUID store four pieces of order information, and the 33rd to 36th digits of the service UUID store individual digits of the user ID. Four numerical values are stored in duplicate.

For example, in the 15th to 18th digits of the first service UUID, four "A"s indicating that it is the first digit are inserted twice to become "AAAA", and in the 33rd to 36th digits. The first digit of the user ID, "2", is entered four times, resulting in "2222". For example, in the 15th to 18th digits of the second service UUID, four "B"s indicating that it is the second digit are inserted twice to become "BBBB", and in the 33rd to 36th digits. The second digit of the user ID, "7", is entered four times, resulting in "7777".

For example, in the 15th to 18th digits of the third service UUID, four "C"s indicating that it is the third digit are inserted twice to become "CCCC", and the 33rd to 36th digits are duplicated. The third digit of the user ID, "9", is entered four times, resulting in "9999". For example, in the 15th to 18th digits of the fourth service UUID, four "D"s indicating that it is the fourth digit are inserted twice, resulting in "DDDD", and in the 33rd to 36th digits. The fourth digit of the user ID, "1", is entered four times, resulting in "1111".

In the case of Figure 6, the scan target is the 4 ways of "AAAA" to "DDDD" in the 15th to 18th digits, multiplied by 10 ways of "0000" to "9999" in the 33rd to 36th digits. There are 40 ways. Although the number of objects to be scanned increases somewhat compared to the case of FIG. 5, the number of objects to be scanned is significantly smaller than that of the case of FIG. 4, so that the authentication device 30 can reliably scan all streets. Further, the authentication device 30 can specify the order of individual digits using the order information and accurately acquire the user ID. Furthermore, compared to the case of FIG. 5, the order information and the individual digits of the user ID overlap by four each, which increases the number of overlaps, so the effect of noise reduction is also greater.

Upon acquiring the user ID, the authentication device 30 photographs the user's face with the photographing unit 36 to acquire a facial photograph. The authentication device 30 transmits a user ID and a facial photo to the server 10. The server 10 performs ID authentication and face authentication based on the user ID and face photo, and transmits an authentication result indicating success or failure of authentication to the authentication device 30. If the authentication is successful, the authentication device 30 unlocks the security gate SG and causes the display unit 35 to display a message urging the user to pass. If the authentication fails, the authentication device 30 displays a predetermined error message on the display unit 35 without unlocking the security gate SG.

As described above, in this embodiment, by using advertising packets, authentication processing can be performed without pairing between the user terminal 20 and the authentication device 30. Furthermore, each advertising packet includes a plurality of overlapping order information and a plurality of overlapping individual digits of the user ID, so as to cope with the influence of noise, it is possible to prevent the authentication device 30 from inputting the user ID. It is designed to be retrieved accurately. Hereinafter, details of the communication system S will be explained.

[3. Functions realized in communication systems]
FIG. 7 is a functional block diagram showing an example of functions realized in the communication system S. Here, functions realized by each of the server 10, user terminal 20, and authentication device 30 will be explained.

[3-1. Functions realized on the server]
As shown in FIG. 7, the server 10 implements a data storage section 100, an issuing section 101, and an execution section 102. The data storage unit 100 is mainly realized by the storage unit 12. Each of the issuing unit 101 and the executing unit 102 is realized mainly by the control unit 11.

[Data storage]
The data storage unit 100 stores data necessary for providing authentication services. In this embodiment, a user database DB will be described as an example of data stored in the data storage unit 100.

FIG. 8 is a diagram showing an example of data storage in the user database DB. As shown in FIG. 8, the user database DB is a database that stores various information regarding each of a plurality of users who have completed usage registration. For example, the user database DB stores a user account, a user's name, a password, a user ID, uploaded facial photo data, and facial feature amounts calculated from the facial photo.

A user account is information that can identify a user. A user account has a similar concept to a user ID, but in this embodiment, the user ID is updated every time the authentication app is started, whereas a user account is, in principle, used permanently without being updated. be done. In addition, in this embodiment, user IDs are allowed to overlap if the users do not have similar faces, whereas user accounts can, in principle, be used between users regardless of whether they have similar faces. Not duplicate. A user's email address may be used as a user account.

When the server 10 receives a usage registration from a user, it creates a new record in the user database DB, and stores various information regarding the user who has registered for usage. For example, the server 10 calculates the feature amount of the facial photo uploaded by the user and stores it in the user database DB. An initial value of the user ID is issued by the issuing unit 101, which will be described later, and in this embodiment, the user ID is updated to a new user ID every time the authentication application is started. Other information such as a facial photograph may also be changeable after the fact.

Note that the data stored by the data storage unit 100 is not limited to the user database DB, and the data storage unit 100 can store any data. For example, when a plurality of authentication devices 30 are included in the communication system S, the data storage unit 100 may store a database in which various information regarding each of the plurality of authentication devices 30 is stored.

[Publishing department]
The issuing unit 101 issues user IDs for each of the plurality of users based on ID issuing rules. The ID issuing rule may be any predetermined rule, for example, it may be a rule to issue user IDs at random, or it may be a rule to issue the youngest number among available numbers as a user ID. There may be. In this embodiment, an example will be described in which the ID issuing rule is a rule for issuing a random user ID so as not to overlap with the user ID of another user with a similar face.

For example, when issuing a user ID for a certain user (hereinafter referred to as a user to be issued), the issuing unit 101 randomly generates a four-digit numerical value as a user ID candidate. The issuing unit 101 refers to the user database DB and determines whether or not the face of the user to be issued is similar to the face of the user associated with the same user ID as the generated candidate. Various methods used in face recognition can be used to determine the similarity of faces. In this embodiment, facial features are expressed in a vector format, so two facial features in a vector space can be Similarity determination is performed based on the distance between the two. A distance less than a threshold means that the faces are similar. A distance greater than or equal to the threshold means that the faces are not similar.

When the issuing unit 101 determines that they are not similar in the above determination, the issuing unit 101 determines the current candidate as the user ID of the user to be issued. If the issuing unit 101 determines that they are similar in the above determination, it randomly generates another four-digit numerical value and acquires it as a new candidate. Thereafter, the issuing unit 101 generates new candidates until a candidate determined to be dissimilar in the above determination is found.

The issuing unit 101 stores the determined user ID in the user database DB as the user ID of the user to be issued. The issuing unit 101 transmits the determined user ID to the user terminal 20. When the user terminal 20 receives the user ID, it records it as a new user ID in the data storage unit 200, which will be described later, and erases the old user ID. In this embodiment, the issuing unit 101 issues a user ID when a user registers for use or when an authentication application is started, but as described above, the timing of issuing the user ID is as follows: It is not limited to the example of this embodiment.

[Execution part]
The execution unit 102 executes a predetermined process based on a request from the authentication device 30. The predetermined process may be any process that corresponds to the service to which the communication system S is applied. In this embodiment, since an example of application to an authentication service is described, an authentication process will be described as an example of a predetermined process. The execution unit 102 receives a user ID acquired by a user ID acquisition unit 303 (described later) from the authentication device 30, and executes authentication processing based on the user ID.

In this embodiment, two-step authentication of ID authentication and face authentication is used, so the execution unit 102 determines whether or not the user ID received from the authentication device 30 exists in the user database DB. Perform authentication. If the user ID exists in the user database DB, ID authentication is successful. If the user ID does not exist in the user database DB, ID authentication will fail.

When ID authentication is successful, the execution unit 102 calculates the facial feature amount of the user to be processed based on the facial photo received from the authentication device 30. The execution unit 102 performs the calculation based on the calculated facial feature amount and the correct facial feature amount stored in the user database DB (the facial feature amount associated with the user ID received from the authentication device 30). , perform facial recognition. If these distances are less than the threshold, face recognition is successful. If these distances are greater than or equal to the threshold, face authentication will fail. The execution unit 102 transmits the authentication results of ID authentication and face authentication to the authentication device 30.

Note that in this embodiment, a case will be described in which the user ID and the facial feature amount are stored in one user database DB, but the database storing the facial feature amount may be separated for each user ID. In this case, the data storage unit 100 stores a plurality of databases, and the user ID is used as a query to search the databases. The execution unit 102 refers to the database associated with the user ID received from the authentication device 30 and determines whether there is a facial feature amount similar to the facial feature amount calculated based on the facial photo received from the authentication device 30. All you have to do is decide whether or not. In this case, since ID authentication is not performed, the authentication process consists of only one stage of face authentication.

[3-2. Functions realized on user terminal]
As shown in FIG. 7, the user terminal 20 implements a data storage section 200, a division section 201, a creation section 202, and a transmission section 203. The data storage section 200 is mainly realized by the storage section 22. Each of the dividing section 201, the creating section 202, and the transmitting section 203 is realized mainly by the control section 21. In this embodiment, an authentication application is installed in the user terminal 20, and each process of the dividing unit 201, the creating unit 202, and the transmitting unit 203 is executed as an application process.

[Data storage unit]
The data storage unit 200 stores data necessary for the user to use the authentication service. For example, the data storage unit 200 stores data of a user's face photo, a user ID issued by the issuing unit 101, an authentication app, and an app identification ID of the authentication app. The user ID and application identification ID may be stored in the data storage unit 200 as part of the authentication application.

[Divided part]
The dividing unit 201 divides the data to be transmitted into a plurality of data parts. It is assumed that this division rule is defined in the authentication application. In this embodiment, the dividing unit 201 divides the user ID into individual digits. The user ID is an example of data to be transmitted, and each digit is an example of a data portion. Therefore, in this embodiment, the part where the user ID is explained can be read as the transmission target data, and the part where the individual digits are explained can be read as the data part.

The transmission target data is data transmitted from the user terminal 20 to the authentication device 30. In other words, the data to be transmitted is the data before division, and is the data from which the data portion is divided. The data to be transmitted may be any data as long as it is data according to the service to which the communication system S is applied. In this embodiment, a case will be described in which a user ID, which is an example of data to be transmitted, is stored in the data storage unit 200. The information may be stored on an information storage medium. Further, authentication information other than the user ID may correspond to the data to be transmitted. For example, authentication information such as a password, passcode, telephone number, email address, or individual identification information of the user terminal 20 may correspond to the data to be transmitted.

The data portion is part of the data to be transmitted. Individual data portions are indicated by at least one number or letter. The numbers "0" to "9" used to express numerical values are a type of character. The number of data portions may be predetermined or may be dynamically changed. When the number of data parts is made variable, it is necessary for the authentication device 30 to recognize how many data parts it is divided into. shall be sent using. A specifying unit 302, which will be described later, refers to this information and specifies the number of data portions.

Further, the information amount (for example, number of digits) of each data portion may be the same or different. For example, instead of all data parts being one-digit numbers as in this embodiment, some data parts are two-digit numbers, and other data parts are one-digit numbers. The number of digits may differ depending on the That is, the number of digits of the user ID and the number of data parts do not have to match. When the amount of information in each data portion is made different, it is necessary for the authentication device 30 to recognize the amount of information in the data portion included in a certain advertising packet, so in this case, the information indicating the amount of information in the data portion is , shall be transmitted using advertising packets, etc.

Note that in this embodiment, a case will be described in which all users have four-digit user IDs, but the user IDs may have different numbers of digits depending on the users. For example, in this embodiment, even if the number is "67", "00" is added to make it a four-digit user ID and "0067" is used as the user ID, but the two-digit number "67" is may be used as the user ID. In this case, only two advertising packets are required to transmit the user ID. However, since it is necessary for the authentication device 30 to recognize how many digits the user ID has, in this case, information indicating how many digits the user ID has is sent using an advertising packet or the like. shall be

[Creation Department]
The creation unit 202 creates each of a plurality of packets transmitted from the user terminal 20 to the authentication device 30. In this embodiment, a case will be described in which each of the plurality of packets is an advertising packet according to a predetermined wireless communication standard, but communication may be performed using packets other than advertising packets. Therefore, the portions where advertising packets are described in this embodiment can be read as packets of any communication standard.

For example, in this embodiment, a case will be described in which pairing is not required, but the user ID may be transmitted after pairing. In this case, the creation unit 202 sends a normal Create a packet. For example, if another wireless communication standard such as Wi-Fi (registered trademark) is used between the user terminal 20 and the authentication device 30, the creation unit 202 creates packets that can be transmitted using that standard. Just create one. Further, for example, the user terminal 20 and the authentication device 30 may communicate by wire, and in this case, the creation unit 202 may create a packet that can be transmitted according to the wire communication standard.

The creation unit 202 generates a plurality of advertising packets so that each of the plurality of advertising packets includes a plurality of overlapping at least one digit of the user ID, and includes order information regarding the order of the digit in the user ID. Create each of the packets. In this embodiment, one advertising packet includes one digit of the user ID, and a case will be explained in which the number of created advertising packets and the number of digits of the user ID match, but they do not match. You don't have to. Further, the number of digits included in one advertising packet is not limited to four, but may be two, three, or five or more. Further, the number of duplicate digits may be different for each advertising packet.

For example, regarding the user ID "2791", the first advertising packet contains multiple duplicates of "27", and the second advertising packet contains multiple duplicates of "91". , one advertising packet may include multiple digits of the user ID. In this case, the 33rd to 36th digits of the first advertising packet will be like "2727", and the 33rd to 36th digits of the second advertising packet will be like "9191". . Order information such as "ABAB" or "CDCD" may be stored in the 15th to 18th digits of these advertising packets. Alternatively, the 33rd to 36th digits of the first advertising packet will be like "2277", and the 33rd to 36th digits of the second advertising packet will be like "9911". Order information such as "AABB" or "CCDD" may be stored in the 15th to 18th digits of these advertising packets.

Further, for example, the number of digits included in one advertising packet may be different from the number of digits included in another advertising packet. For example, the first advertising packet contains multiple duplicates of only the first digit of the user ID, and the second advertising packet contains multiple duplicates of the second to fourth digits of the user ID. It may be included. In this way, each advertising packet may include a plurality of duplicated at least one digit of the user ID.

Although each advertising packet may include only one piece of order information, in the present embodiment, the creation unit 202 creates a configuration in which each of a plurality of advertising packets includes a plurality of duplicate order information. Then, each of the plurality of advertising packets is created. The number of pieces of order information included in one advertising packet is not limited to four pieces, but may be two pieces, three pieces, or five or more pieces. Further, the number of duplicate order information may be different for each advertising packet. Further, the number of order information included in one advertising packet and the number of digits of the user ID may be different. For example, one advertising packet may contain only two pieces of order information and four individual digits of the user ID.

In the present embodiment, the creation unit 202 creates each of the plurality of advertising packets so that each of the plurality of advertising packets includes a plurality of sequential pieces of overlapping order information. Continuous here means that the data areas within the advertising packet are continuous. For example, order information is stored consecutively in the 15th to 18th digits, and each of the four pieces of order information is stored in a continuous data area within the advertising packet. Other information such as application identification ID does not exist between the order information. Note that the four pieces of order information stored in one advertising packet may be stored separately, such as in the 10th digit, 14th digit, 16th digit, and 20th digit, without being consecutive.

In the present embodiment, the creation unit 202 creates each of the plurality of advertising packets such that at least one duplicate digit and the order information are separated by a predetermined distance or more in each of the plurality of advertising packets. . The distance here is the distance in the data area within the advertising packet. The distance can also be referred to as the number of digits or characters. A part of the application identification ID exists between the user ID and the order information. In the example in Figure 6, between the four order information in the 15th to 18th digits and the four digits in the 33rd to 36th digits, there are 19th to 32nd digits. There is a part of the eye app identification ID. Therefore, the order information and the digits are separated by a distance of 14 digits. Note that the order information and the individual digits of the user ID may be stored consecutively.

In the present embodiment, the creation unit 202 creates each of the plurality of advertising packets so that each of the plurality of advertising packets includes at least one consecutive data portion that overlaps. The meaning of continuity is as described above. For example, individual digits of the user ID are stored consecutively in the 33rd to 36th digits, and each of the four digits is stored in a consecutive data area within the advertising packet. There is no other information such as an application identification ID between the individual digits. Note that the four digits stored in one advertising packet may not be stored consecutively but may be stored separately, such as the 25th digit, 30th digit, 32nd digit, and 36th digit.

In the present embodiment, the creation unit 202 includes, in each of the plurality of advertising packets, at least one overlapping digit of the user ID as part of the service UUID in the wireless communication standard, and also includes order information. Each of the plurality of advertising packets is created as follows. It is assumed that the positions of individual digits of the user ID, the position of the order information, and the position of the application identification ID in the service UUID are determined in advance. In this embodiment, a case will be described in which one service UUID is stored in one advertising packet, but due to revisions of wireless communication standards, a plurality of service UUIDs may be stored in one advertising packet.

Note that the service UUID is not limited to the 128-bit type described in this embodiment, and other types may be used. Furthermore, other UUIDs such as characteristic UUIDs may be used instead of service UUIDs. Also, data other than the UUID may be used, and individual digits of the user ID may be stored in the local name, provided that the specifications of a particular operating system are not taken into account. For example, data other than UUID and local name may be used.

[Transmitter]
The transmitter 203 transmits each of the plurality of packets to the authentication device 30. In this embodiment, the transmitter 203 transmits each of the plurality of advertising packets using a wireless communication standard. Although each advertising packet may be transmitted only once, in this embodiment, the transmitter 203 repeatedly transmits each of the plurality of advertising packets multiple times. Furthermore, the transmitter 203 may transmit each advertising packet separately, or may transmit multiple advertising packets at once.

The transmitting unit 203 converts the advertising packet as digital data created by the creating unit 202 into an analog electrical signal, and transmits the advertising packet converted into the analog electrical signal to the authentication device 30. The electrical signal conversion procedure may be performed in accordance with the wireless communication standard. If another communication standard is used, the transmitter 203 may transmit the packet in accordance with the communication standard to be used.

[3-3. Functions realized in the authentication device]
As shown in FIG. 7, the authentication device 30 implements a data storage section 300, a reception section 301, a specification section 302, a user ID acquisition section 303, a biometric information acquisition section 304, and an execution section 305. The data storage section 300 is mainly realized by the storage section 32. Each of the receiving section 301, the identifying section 302, the user ID acquiring section 303, the biometric information acquiring section 304, and the executing section 305 is realized mainly by the controlling section 31.

[Data storage unit]
The data storage unit 300 stores data necessary for providing authentication services. In this embodiment, not all advertising packets are scanned, but some advertising packets are scanned, so the data storage unit 300 stores scan setting data DT in which advertising packets to be scanned are defined. . Note that scanning in this embodiment means validating an advertising packet, and means making it a target of processing to obtain a user ID.

FIG. 9 is a diagram showing an example of data storage of scan setting data DT. As shown in FIG. 9, the scan setting data DT includes information that allows identification of advertising packets to be scanned. In this embodiment, the following four conditions are defined in the scan setting data DT. (Condition 1) Service UUID is included. (Condition 2) The application identification ID must be included in the 1st to 14th digits and the 19th to 32nd digits of the service UUID. (Condition 3) The 15th to 18th digits are the same, and each digit is one of "A" to "D". (Condition 4) The 33rd to 36th digits are the same, and each digit is one of "0" to "9".

Note that in the data storage example of FIG. 9, the scan setting data DT is shown as data in a table format, but the scan setting data DT may be data in any format. For example, the scan setting data DT may be in a CSV format, a text format, or a mathematical formula format, or may be defined as part of a program code. Furthermore, the data stored in the data storage section 300 is not limited to the scan setting data DT, but the data storage section 300 can store any data.

[Receiving section]
The receiving unit 301 receives each of a plurality of packets from the user terminal 20. In this embodiment, the receiving unit 301 receives each of the plurality of advertising packets using a wireless communication standard. Since individual advertising packets may be repeatedly transmitted, receiving section 301 may repeatedly receive each of the plurality of advertising packets a plurality of times. The receiving unit 301 first receives all advertising packets, and based on the scan setting data DT, the advertising packets to be processed are scanned by the user ID acquisition unit 303, which will be described later. Receiving section 301 may receive multiple advertising packets separately or may receive multiple advertising packets at once.

[Specific part]
The specifying unit 302 specifies the number of data portions. In this embodiment, the data to be transmitted is a numerical value with a predetermined number of digits, each of the plurality of data parts is an individual digit included in the numerical value (the 4-digit numerical value indicated by the user ID), and the order information is , is a value indicating what digit in this numerical value, so the specifying unit 302 specifies the number of digits (the number of digits in the user ID) as the number. In this embodiment, since the four-digit user ID is divided into four numerical values, the specifying unit 302 specifies four as the number of data parts. For example, it is assumed that the number of data portions is stored in the data storage unit 300. This number may be defined as part of the program code, or may be defined as a setting value separate from the program code.

[User ID acquisition unit]
The user ID acquisition unit 303 combines a plurality of digits to obtain a user ID based on at least one duplicate digit included in each of the plurality of advertising packets and order information regarding the order of the digits. get. In the present embodiment, the user ID acquisition unit 303 acquires the user ID based on at least one duplicate digit and order information that are included as part of the service UUID in each of the plurality of advertising packets. get. The user ID acquisition unit 303 identifies the order of each of the plurality of digits based on the order information included in each of the plurality of advertising packets. The user ID acquisition unit 303 combines each of the plurality of digits in the specified order to acquire the user ID.

In this embodiment, each of the plurality of advertising packets includes at least one overlapping digit in the 33rd to 36th digits of the service UUID, and the digits in the 15th to 18th digits of the service UUID are arranged in order. Contains information. The 33rd to 36th digits of the service UUID are an example of the first data area, and the 15th to 18th digits of the service UUID are an example of the second data area. Therefore, in this embodiment, the part where the 33rd to 36th digits of the service UUID are explained can be read as the first data area, and the part where the 15th to 18th digits of the service UUID are explained. The location can be read as the second data area.

The first data area is a predetermined area for storing individual digits of the user ID. The data area is a part of the advertising packet. For example, the area from the first bit to the second bit counted from the beginning of the AD data portion of the advertising packet is the first data area. In this embodiment, a case will be described in which the size of the first data area (the size from the first bit to the second bit) is four digits, but the size of the first data area is It can be any size. The first data area does not have to be a continuous area, and may be an isolated area such as the 25th digit, 28th digit, 30th digit, and 34th digit of the service UUID.

The second data area is a predetermined area for storing order information. For example, the area from the third bit to the fourth bit counted from the beginning of the AD data portion of the advertising packet is the second data area. In this embodiment, a case will be described in which the size of the second data area (the size from the third bit to the fourth bit) is four digits, but the size of the second data area is Like the first data area, it may have any size. Like the first data area, the second data area does not need to be a continuous area. The size of the first data area and the size of the second data area may be different.

In this embodiment, the user ID acquisition unit 303 scans advertising packets in which the values included in the 33rd to 36th digits of the service UUID are the same, and acquires the user ID based on the scanned advertising packets. get. Based on Condition 1 and Condition 4 defined in the scan setting data DT, the user ID acquisition unit 303 determines that the 33rd to 36th digits of the service UUID are all the same and are "0" to "9". It is determined whether either of the following is true. The user ID acquisition unit 303 discards advertising packets for which this determination is not positive without scanning them, and scans advertising packets for which this determination is positive and makes them processing targets.

Note that each advertising packet may include only one piece of order information, but in this embodiment, the user ID acquisition unit 303 collects duplicate pieces of order information included in each of a plurality of advertising packets. A user ID is obtained based on at least one digit and a plurality of duplicate order information.

For example, the user ID acquisition unit 303 scans advertising packets in which the values included in the 15th to 18th digits of the service UUID are the same, and acquires the data to be transmitted based on the scanned advertising packet. Based on Condition 1 and Condition 3 defined in the scan setting data DT, the user ID acquisition unit 303 determines that the 15th to 18th digits of the service UUID are all the same and "A" to "D". It is determined whether either of the following is true. The user ID acquisition unit 303 discards advertising packets for which this determination is not positive without scanning them, and scans advertising packets for which this determination is positive and makes them processing targets.

Note that the user ID digits and order information included in each advertising packet may be used for purposes other than scanning as described above. For example, if the individual digits included in a certain advertising packet are different from each other or the individual order information is different from each other, the user ID acquisition unit 303 may acquire all user IDs for the time being. Similarly, when an advertising packet includes only one piece of order information, the user ID acquisition unit 303 first acquires all user IDs when the individual digits included in a certain advertising packet are different from each other. Good too. Although the processing load on the server 10 and the authentication device 30 increases somewhat, and the possibility of erroneous authentication increases somewhat, the authentication process may be executed for all user IDs.

In this embodiment, the user ID acquisition unit 303 acquires at least one digit and order information of the user ID from each of the plurality of advertising packets until a predetermined number (the number identified by the identification unit 302) is reached, When a predetermined number is reached, a user ID is acquired. For example, the user ID acquisition unit 303 refers to the order information of the advertising packet and determines whether all digits have been received. When determining that all digits have been received, the user ID acquisition unit 303 combines the individual digits received so far to acquire the user ID.

The authentication device 30 is capable of communicating with each of the plurality of user terminals 20, and each of the plurality of advertising packets includes identification information that can identify the user terminal 20 that has transmitted the advertising packet, and includes a user ID. The acquisition unit 303 acquires the user ID for each user terminal 20 based on the identification information included in each of the plurality of advertising packets. This identification information may be any information, for example, the address of the user terminal 20 or the computer name of the user terminal 20. In this embodiment, the access address part or the advertising address part in the format shown in FIG. 3 corresponds to the above-mentioned identification information.

In this embodiment, the service UUID includes an application identification ID that can identify the application, and the user ID acquisition unit 303 scans the advertising packet whose service UUID includes the application identification ID, and obtains the user ID. get. The user ID acquisition unit 303 determines whether the service UUID and the application identification ID of the authentication application are included based on conditions 1 and 2 defined in the scan setting data DT. . The user ID acquisition unit 303 discards advertising packets that do not satisfy conditions 1 and 2 without scanning them, and scans advertising packets that satisfy conditions 1 and 2 to be processed.

[Biological information acquisition unit]
The biological information acquisition unit 304 acquires the user's biological information. In this embodiment, facial authentication will be described as an example of biometric authentication, so the biometric information acquisition unit 304 acquires a photograph of the user's face or facial features. In this embodiment, a case will be described in which a face photo is acquired by the biometric information acquisition unit 304 and facial feature amounts are calculated by the server 10, but the biometric information acquisition unit 304 may also calculate the facial feature amounts. . The biometric information may be acquired by a method according to the biometric authentication used in the communication system S.

[Execution part]
The execution unit 305 executes predetermined processing based on the user ID. In this embodiment, the data to be transmitted is a user ID that can identify the user of the user terminal 10, and the predetermined process is an authentication process executed based on the user ID. This is as described for the execution unit 102. For example, the execution unit 305 executes authentication processing based on the user ID and biometric information. In this embodiment, the validity of the user ID and the similarity of the faces are determined by the execution unit 102 of the server 10, so the authentication process executed by the execution unit 305 of the authentication device 30 is to send the user ID and face photo to the server. 10.

[4. Processing executed in the communication system]
Next, processing executed in the communication system S will be explained. Here, a startup process that is executed when a user launches an authentication app, and an authentication process for the user to pass through the security gate SG will be described. The process described below is an example of the process executed by the functional blocks shown in FIG.

[4-1. Start process]
FIG. 10 is a flow diagram illustrating an example of startup processing. The startup process shown in FIG. 10 is executed by the control units 11 and 21 operating according to programs stored in the storage units 12 and 22, respectively. Note that it is assumed that the user has completed usage registration before the startup process is executed.

As shown in FIG. 10, the user terminal 20 determines whether to start the authentication application based on the detection signal from the operation unit 24 (S100). The authentication app is activated by an arbitrary operation, for example, when an operation of selecting an authentication app from a menu screen displayed on the display unit 25 is performed.

If it is not determined that the authentication app should be started (S100; N), this process ends. In this case, the user ID stored in the storage unit 22 of the user terminal 20 is not updated. On the other hand, if it is determined that the authentication app should be started (S100; Y), the user terminal 20 starts the authentication app (S101), and sends an authentication app activation notification to the server 10 (S102). The activation notification is a notification indicating that the authentication application has been activated. The activation notification includes information that can identify at least one of the user terminal 20, the user, and the authentication application, and includes, for example, the user ID stored in the storage unit 22 of the user terminal 20.

Upon receiving the activation notification, the server 10 issues a new user ID to the user who sent the activation notification (S103). The new user ID is a different user ID from the current user ID. In S103, the server 10 issues a user ID based on predetermined ID issuing rules. For example, the server 10 may issue a user ID so that the user ID does not overlap with any other users, or may issue a user ID so that the user ID does not overlap with other users with similar facial features. The server 10 stores the newly issued user ID in the user database DB instead of the user ID included in the startup notification.

The server 10 transmits a new user ID to the user terminal 20 (S104). When the user terminal 20 receives the new user ID, it deletes the old user ID from the storage unit 22, records the new user ID in the storage unit 22 (S105), and ends this process. Thereafter, the user terminal 20 can transmit a new user ID using advertising packets.

[4-2. Authentication processing]
FIG. 11 is a flow diagram illustrating an example of authentication processing. The authentication process shown in FIG. 11 is executed by the control units 11, 21, and 31 operating according to programs stored in the storage units 12, 22, and 32, respectively. Note that it is assumed that usage registration has been completed before the authentication process is executed. When the activation process shown in FIG. 10 is executed after usage registration, the authentication process described below is executed based on the updated new user ID. The authentication process may be executed while the authentication app is activated, the authentication app goes into background mode, or the user terminal 20 goes into sleep mode.

As shown in FIG. 11, the user terminal 20 divides the user ID stored in the storage unit 22 into individual digits (S200). In S200, the user terminal 20 divides the four-digit user ID into the first, second, third, and fourth digits.

The user terminal 20 creates a plurality of advertising packets so that each digit is included in a plurality of duplicates, and the order information is included in a plurality of duplicates (S201). In S201, the user terminal 20 creates four advertising packets each including four service UUIDs as described with reference to FIG. 6 for each digit divided in S200.

The user terminal 20 transmits each of a plurality of advertising packets to the authentication device 30 (S202). In S202, the user terminal 20 repeatedly transmits each of the four advertising packets created in S201. If an application other than the authentication application is installed on the user terminal 20 and advertising packets are also used for the other application, the user terminal 20 may use other advertising packets other than the four advertising packets created in S201. Send a packet.

The authentication device 30 receives an advertising packet from the user terminal 20 or another computer (S203). At the time of S203, the authentication device 30 cannot determine what data is stored in the advertising packet, so it receives all advertising packets for the time being. The authentication device 30 scans the advertising packet defined in the scan setting data among the received advertising packets, and acquires the user ID (S204).

FIG. 12 is a diagram showing details of the process in S204. As shown in FIG. 12, the authentication device 30 refers to the AD type of the advertising packet received in S203 and determines whether a service UUID is stored (S2040). If it is determined that the service UUID is not stored (S2040; N), the authentication device 30 discards the advertising packet received in S203 without scanning it (S2041), and this process ends.

On the other hand, if it is determined that the service UUID is stored (S2040; Y), the authentication device 30 refers to the 1st to 14th digits and 19th to 32nd digits of this service UUID, and It is determined whether the application identification ID of is stored (S2042). If it is not determined that the application identification ID of the authentication application is stored (S2042; N), the advertising packet is sent by an application unrelated to the authentication service, so the process moves to S2041 and the advertising packet is discarded. .

On the other hand, if it is determined that the application identification ID of the authentication application is stored (S2042; Y), the authentication device 30 determines that the 15th to 18th digits of the service UUID all match, and "A" to It is determined whether it is one of "D" (S2043). If it is determined that the 15th to 18th digits of the service UUID do not match, or if it is determined that the 15th to 18th digits of the service UUID are not one of "A" to "D" ( S2043; N) Since the advertising packet may have been affected by noise, the process moves to S2041 and the advertising packet is discarded.

On the other hand, if the 15th to 18th digits of the service UUID all match and it is determined that they are any of "A" to "D" (S2043; Y), the authentication device 30 It is determined whether the 33rd to 36th digits (lower four digits) all match and are any of "0" to "9" (S2044). If it is determined that the last four digits of the service UUID do not match, or if it is determined that the last four digits of the service UUID are not one of "0" to "9" (S2044; N), the influence of noise Since there is a possibility that the advertising packet has been received, the process moves to S2041 and the advertising packet is discarded.

If it is determined that the last four digits of the service UUID all match and are any of "0" to "9" (S2044; Y), the authentication device 30 scans the advertising packet being processed. , the digits of the user ID are held in the storage unit 22 based on the order information of the 15th to 18th digits of the service UUID and the last four digits of the service UUID (S2045). In S2045, the authentication device 30 stores in the storage unit 32 an array UserID[i] that stores the digits of the user ID for each piece of identification information such as the address of the user terminal 20 that is stored in the scanned advertising packet. i is the order of digits and can be any one of "1" to "4". Each element of this array is a digit stored in a received advertising packet. In S2045, the authentication device 30 converts any one of "A" to "D" indicated by the order information to any one of "1" to "4", and stores the received digits in an array.

The authentication device 30 determines whether the acquisition of the user ID is completed (S2046). In S2046, the authentication device 30 determines whether digits are stored in all four elements of the array. If it is determined that digits have been stored in all four elements, the authentication device 30 combines the numerical values of each element to acquire the user ID, and determines that the acquisition of the user ID is complete.

If it is determined that the acquisition of the user ID has not been completed (S2046; N), the process returns to S203 and reception of advertising packets is continued. On the other hand, if it is determined that the acquisition of the user ID has been completed (S2046; Y), returning to FIG. 11, the authentication device 30 acquires a facial photograph based on the detection signal of the photographing unit 36 (S205). The authentication device 30 transmits to the server 10 an authentication request including the user ID whose acquisition was determined to be completed in S204 and the facial photograph acquired in S205 (S206). The authentication request is a predetermined request for requesting execution of authentication processing.

Upon receiving the authentication request, the server 10 executes ID authentication and face authentication based on the user database DB (S207). In S207, the server 10 determines whether the user ID included in the authentication request exists in the user database DB. If the user ID exists, the server 10 calculates facial feature amounts based on the facial photo included in the authentication request. The server 10 calculates the distance between the facial feature amount associated with the user ID in the user database DB and the facial feature amount calculated from the facial photo included in the authentication request. If this distance is less than the threshold, face recognition is successful. If this distance is greater than or equal to the threshold, face authentication will fail.

If the authentication fails (S207; failure), the server 10 sends an error message to the authentication device 30 (S208), and the process ends. In this case, an error message is displayed on the display unit 35 of the authentication device 30 to notify the user that the authentication was not successful.

On the other hand, if the authentication is successful (S207; success), the server 10 transmits a success notification indicating that the authentication was successful to the authentication device 30 (S209). In the authentication device 30, upon receiving the success notification, the control unit 31 of the authentication device 30 unlocks the security gate SG (S210), and this process ends. Thereafter, a message indicating that the authentication was successful is displayed on the display unit 35 of the authentication device 30, and the user passes through the security gate SG.

According to the communication system S of the present embodiment, the user terminal 20 creates each of the plurality of advertising packets so that at least one digit of the user ID overlaps and contains order information. and send. The authentication device 30 combines the plurality of digits to obtain a user ID based on at least one duplicated digit and order information included in each of the plurality of advertising packets, and performs predetermined processing. Execute. Thereby, even if the advertising packet is affected by noise, it is possible to transmit an accurate user ID, and it is possible to cope with the influence of noise. Authentication accuracy can also be improved by transmitting an accurate user ID. In addition, if the number of digits included in each advertising packet is too small, it will be susceptible to noise; conversely, if the number of digits is too large, it may be impossible to distinguish between authentication apps and other applications, but By putting the number in the advertising packet, it is less susceptible to noise, and it is possible to distinguish the authentication application from other applications. Furthermore, by including the order information in each advertising packet, the authentication device 30 can accurately grasp the order of the individual digits even if the digits of the user ID are received separately.

Furthermore, the communication system S scans advertising packets in which the values included in the 33rd to 36th digits of the service UUID are the same, and obtains a user ID based on the scanned advertising packet. The number of advertising packets to be scanned can be reduced, and the processing load on the authentication device 30 can be reduced. Furthermore, the authentication device 30 can be caused to scan all advertising packets that are determined to be scanned, and the user ID can be reliably acquired. Therefore, even if the performance of the authentication device 30 is low, the user ID can be reliably acquired.

Furthermore, the communication system S performs authentication by acquiring a user ID based on at least one duplicate digit and a plurality of duplicate order information included in each of the plurality of advertising packets. The reliability of having the device 30 acquire the user ID can be further increased.

Furthermore, the communication system S scans advertising packets in which the values included in the 15th to 18th digits of the service UUID are the same, and obtains a user ID based on the scanned advertising packet. The number of advertising packets to be scanned can be reduced, and the processing load on the authentication device 30 can be reduced. Furthermore, the authentication device 30 can be caused to scan all advertising packets that are determined to be scanned, and the user ID can be reliably acquired. Therefore, even if the performance of the authentication device 30 is low, the user ID can be reliably acquired.

Further, the communication system S creates each of the plurality of advertising packets so that each of the plurality of advertising packets includes a plurality of consecutive pieces of overlapping order information. By referring to the area, multiple pieces of order information can be obtained. Therefore, compared to the case where a plurality of pieces of order information are stored in separate areas, the processing for acquiring order information can be simplified and the processing load on the authentication device 30 can be reduced.

Furthermore, the communication system S creates each of the plurality of advertising packets such that at least one of the duplicated digits and the order information are separated by a predetermined distance or more in each of the plurality of advertising packets. It becomes easier to deal with the effects of noise. For example, if service UUIDs within a certain range are simultaneously received, other electrical signals that do not have a large difference in electrical signals may be received as noise, but by separating the individual digits of the user ID and the order information to some extent, (In the example of FIG. 6, by inserting the 19th to 32nd digits of the application identification ID between them), the difference between each electrical signal increases and noise is less likely to occur.

Furthermore, the communication system S creates each of the plurality of advertising packets so that each of the plurality of advertising packets includes at least one consecutive digit, so that the authentication device 30 can: Multiple digits can be obtained by referring to consecutive areas. Therefore, compared to the case where a plurality of digits are stored in separate areas, the process of acquiring a plurality of digits can be simplified and the processing load on the authentication device 30 can be reduced.

Furthermore, the communication system S acquires at least one digit and order information from each of the plurality of advertising packets until a predetermined number is reached, and when the predetermined number is reached, the communication system S performs authentication by acquiring a user ID. The reliability of having the device 30 acquire the user ID can be further increased.

Furthermore, the communication system S increases the reliability of having the authentication device 30 acquire the user ID by identifying the number of digits of the entire user ID and repeating the process for acquiring the user ID until the number of digits is reached. can be increased.

Furthermore, the communication system S acquires a user ID for each user terminal 20 based on identification information such as the address of the user terminal 20 included in each of the plurality of advertising packets, thereby providing multiple services around the authentication device 30. Even if there are 20 user terminals 20, the user ID of each user terminal 20 can be reliably acquired.

Furthermore, the communication system S obtains a user ID based on at least one duplicated digit and order information included as part of the service UUID in each of the plurality of advertising packets. The reliability of having the authentication device 30 acquire the user ID can be further increased. For example, even if your operating system loses the local name when an authentication app goes into background mode, you can still send individual digits of the user ID by using the service UUID. , the authentication device 30 can reliably acquire the user ID.

In addition, the communication system S can reduce the number of advertising packets to be scanned and reduce the processing load on the authentication device 30 by scanning advertising packets whose service UUID includes an application identification ID and acquiring the user ID. . Furthermore, the authentication device 30 can be caused to scan all advertising packets that are determined to be scanned, and the user ID can be reliably acquired. Therefore, even if the performance of the authentication device 30 is low, the user ID can be reliably acquired.

Furthermore, the communication system S can cope with noise in the authentication service by executing authentication processing based on the user ID.

Moreover, the communication system S can cope with noise in an authentication service that provides two-step authentication by executing authentication processing based on the user ID and biometric information.

[5. Modified example]
Note that the present disclosure is not limited to the embodiments described above. Changes can be made as appropriate without departing from the spirit of the present disclosure.

(1) For example, in the embodiment, a scene in which a user passes through a security gate SG is given as an example, but even if the communication system S is applied to an authentication service, it can be applied to authentication in any other scene. It is possible. For example, it can be applied to authentication when a user purchases a product or uses a service. In this case, for example, the authentication device 30 is a vending machine, a ticket vending machine, a POS terminal, or a payment terminal at a store. If the authentication is successful, payment processing is executed and the user can purchase products or use services.

In modification example (1), payment information may be registered in the user database DB, and when a certain user is successfully authenticated, the execution unit 102 may execute payment processing based on the payment information of that user. . The payment information referred to during payment processing is payment information associated with a user who has been successfully authenticated.

Payment information is information necessary to make a payment, such as credit card information, electronic value (e.g., electronic money or points) account information, virtual currency account information, bank account information, or debit card information. It is. It is assumed that the payment information is registered at the time of user registration, and, for example, is stored in the user database DB in association with the user account. Note that the payment information may be stored in a database different from the user database DB.

The execution unit 102 does not execute the payment process if either the ID authentication or the face authentication fails, but executes the payment process if the ID authentication and the face authentication are successful. When the payment process is executed, a notification to that effect is displayed on the display unit 35 of the authentication device 30 or the terminal at the store, and the user receives the product or uses the service. In addition, for example, the communication system S can be used for any authentication such as authentication in user behavior analysis, authentication when entering an event, authentication when entering a test venue, or authentication when voting in an election.

(2) Also, for example, the communication system S can be used for services other than the authentication service. For example, the communication system S may be applied to a distribution service that distributes coupons. In this case, the communication system S includes a distribution device that distributes coupons, the distribution device corresponds to a transmitting device, and the user terminal 20 corresponds to a receiving device. The data to be transmitted is a coupon ID that can identify the coupon, and the distribution device divides the coupon ID into individual digits, stores them together with order information in an advertising packet, and transmits the divided digits. The user terminal 20 receives the advertising packet containing the individual digits and order information and obtains the coupon ID. The user terminal 20 transmits the acquired coupon ID to the server 10, and the user acquires the coupon.

(3) Also, for example, the communication system S may not include the server 10. In this case, the authentication device 30 may execute the authentication process described as being executed by the server 10. Furthermore, for example, the communication system S may not include the authentication device 30, and the server 10 may correspond to the receiving device. In this case, a plurality of advertising packets are transmitted from the user terminal 20 to the server 10 using wireless communication or wired communication. The server 10 may execute the user ID acquisition process described as being executed by the authentication device 30.

S communication system, N network, 10 server, 20 user terminal, 30 authentication device, 11, 21, 31 control unit, 12, 22, 32 storage unit, 13, 23, 33 communication unit, 24, 34 operation unit, 25, 35 display unit, 26, 36 photographing unit, DB user database, DT scan setting data, SG security gate, 100 data storage unit, 101 issuing unit, 102 execution unit, 200 data storage unit, 201 dividing unit, 202
Creation unit, 203 Transmission unit, 300 Data storage unit, 301 Receiving unit, 302 Identification unit, 303 User ID acquisition unit, 304 Biological information acquisition unit, 305 Execution unit.

Claims (15)

An authentication system including a transmitting device and a receiving device,
The transmitting device includes:
dividing means for dividing the authentication information of the user of the transmitting device into a plurality of data parts;
The plurality of packets are arranged so that each of the plurality of packets includes a plurality of duplicates of at least one of the data portions, and a plurality of duplicates of order information regarding the order of the data portions in the authentication information. creating means for creating each of the packets;
Transmitting means for transmitting each of the plurality of packets to the receiving device;
including;
The receiving device includes:
receiving means for receiving each of the plurality of packets from the transmitting device;
The plurality of data parts are combined to generate the authentication information based on the plurality of duplicated at least one data parts and the plurality of duplicated order information included in each of the plurality of packets. an acquisition means to acquire;
Execution means for executing authentication processing based on the authentication information;
Authentication system including. Each of the plurality of packets includes a plurality of overlapping at least one data portions in a first data area, and includes the order information in a second data area,
The acquisition means scans packets for which values included in the first data area are determined to be the same, and acquires the authentication information based on the scanned packets.
The authentication system according to claim 1. Each of the plurality of packets includes a plurality of the at least one data portion in a first data area, and a plurality of the order information in a second data area,
The acquisition means scans packets for which values included in the second data area are determined to be the same, and acquires the authentication information based on the scanned packets.
The authentication system according to claim 1 or 2. The creation means creates each of the plurality of packets so that each of the plurality of packets includes a plurality of successive pieces of the order information in duplicate.
The authentication system according to any one of claims 1 to 3. The creation means creates each of the plurality of packets such that in each of the plurality of packets, the plurality of duplicated at least one data portions and the order information are separated by a predetermined distance or more.
The authentication system according to any one of claims 1 to 4. The creating means creates each of the plurality of packets so that each of the plurality of packets includes a plurality of consecutive overlapping data portions,
The authentication system according to any one of claims 1 to 5. The receiving device further includes specifying means for specifying the number of the data portions,
The acquisition means acquires the at least one data portion and the order information from each of the plurality of packets until the number reaches the number, and acquires the authentication information when the number reaches the number.
The authentication system according to any one of claims 1 to 6. The receiving device is capable of communicating with each of the plurality of transmitting devices,
Each of the plurality of packets includes identification information that can identify the transmitting device that transmitted the packet,
The acquisition means acquires the authentication information for each of the transmitting devices based on the identification information included in each of the plurality of packets.
The authentication system according to any one of claims 1 to 7. The authentication information is a user ID that can identify the user,
The authentication process is performed based on the user ID.
The authentication system according to any one of claims 1 to 8. The receiving device further includes biometric information acquisition means for acquiring biometric information of the user as the authentication information,
The execution means executes the authentication process based on the biometric information.
The authentication system according to any one of claims 1 to 9. a dividing means for dividing the user's authentication information into a plurality of data parts;
The plurality of packets are arranged such that each of the plurality of packets includes a plurality of duplicates of at least one data portion, and a plurality of duplicates of order information regarding the order of the data portion in the authentication information. creating means for creating each of the packets;
transmitting means for transmitting each of the plurality of packets to a receiving device;
a transmitting device including; receiving means for receiving each of the plurality of packets from the transmitting device;
Based on at least one overlapping data part included in each of the plurality of packets and a plurality of overlapping pieces of order information regarding the order of the data parts, an acquisition means for combining the data portions to acquire authentication information of a user of the transmitting device;
Execution means for executing authentication processing based on the authentication information;
a receiving device including; a dividing step of dividing the authentication information of the user of the transmitting device into a plurality of data parts;
The plurality of packets are arranged so that each of the plurality of packets includes a plurality of duplicates of at least one of the data portions, and a plurality of duplicates of order information regarding the order of the data portions in the authentication information. a creation step of creating each of the packets;
a transmitting step of transmitting each of the plurality of packets to a receiving device;
a receiving step of receiving each of the plurality of packets from a transmitting device;
The plurality of data parts are combined to generate the authentication information based on the plurality of duplicated at least one data parts and the plurality of duplicated order information included in each of the plurality of packets. an acquisition step to acquire;
an execution step of executing an authentication process based on the authentication information;
Authentication methods, including: a dividing means for dividing the user's authentication information into multiple data parts;
The plurality of packets are arranged such that each of the plurality of packets includes a plurality of duplicates of at least one data portion, and a plurality of duplicates of order information regarding the order of the data portion in the authentication information. creating means for creating each of the packets;
transmitting means for transmitting each of the plurality of packets to the receiving device;
A program that allows a computer to function as a computer. receiving means for receiving each of the plurality of packets from the transmitting device;
Based on at least one overlapping data part included in each of the plurality of packets and a plurality of overlapping pieces of order information regarding the order of the data parts, an acquisition means for combining the data portions to acquire authentication information of a user of the transmitting device;
Execution means for executing authentication processing based on the authentication information;
A program that allows a computer to function as a computer.

Images