WO2013125414A1 - Mutual authentication system, mutual authentication server, mutual authentication method, and mutual authentication program - Google Patents

Mutual authentication system, mutual authentication server, mutual authentication method, and mutual authentication program Download PDF

Info

Publication number
WO2013125414A1
WO2013125414A1 PCT/JP2013/053414 JP2013053414W WO2013125414A1 WO 2013125414 A1 WO2013125414 A1 WO 2013125414A1 JP 2013053414 W JP2013053414 W JP 2013053414W WO 2013125414 A1 WO2013125414 A1 WO 2013125414A1
Authority
WO
WIPO (PCT)
Prior art keywords
mutual authentication
time
feature vector
feature vectors
terminal devices
Prior art date
Application number
PCT/JP2013/053414
Other languages
French (fr)
Japanese (ja)
Inventor
潤 野田
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Publication of WO2013125414A1 publication Critical patent/WO2013125414A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0872Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS TECHNIQUES OR SPEECH SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING TECHNIQUES; SPEECH OR AUDIO CODING OR DECODING
    • G10L17/00Speaker identification or verification techniques
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10LSPEECH ANALYSIS TECHNIQUES OR SPEECH SYNTHESIS; SPEECH RECOGNITION; SPEECH OR VOICE PROCESSING TECHNIQUES; SPEECH OR AUDIO CODING OR DECODING
    • G10L19/00Speech or audio signals analysis-synthesis techniques for redundancy reduction, e.g. in vocoders; Coding or decoding of speech or audio signals, using source filter models or psychoacoustic analysis
    • G10L19/012Comfort noise or silence coding

Definitions

  • the present invention relates to a mutual authentication system, a mutual authentication server, a mutual authentication method, and a mutual authentication program, and more particularly to a mutual authentication system for constructing an ad hoc connection relationship between specific devices.
  • Mutual authentication between devices is essential even when building such an ad hoc connection relationship.
  • PIN Personal Identification Number
  • Patent Document 1 discloses a communication function that detects that buttons provided on an apparatus are simultaneously pressed, generates a unique group connection ID, and uses this as a common key (authentication key) for mutual authentication. Is described.
  • Non-Patent Document 1 describes an outline of a technique in which keys are shared by holding devices provided with a non-contact IC reader and used for mutual authentication as an authentication key. Further, in Patent Documents 2 to 3 and Non-Patent Documents 2 to 4, a common change amount is detected by applying the same movement from the outside to the two devices including the acceleration sensor, thereby sharing the authentication key. The technology is described.
  • Patent Document 4 describes a mutual authentication system in which a mobile terminal reads a two-dimensional code generated by a web server and displayed on a terminal, thereby generating unique information for specifying a user.
  • Patent Document 5 describes an authentication method including a plurality of terminals and a session management apparatus, and exchanging key information between terminals via an encrypted channel established by the terminal-session management apparatus.
  • Patent Documents 2 to 3 and Non-Patent Documents 2 to 4 the user needs to perform operations such as shaking the two devices together.
  • operations such as shaking the two devices together.
  • there are many devices that cannot be operated due to physical reasons such as being large, heavy, and vulnerable to impact, and thus cannot be applied to such devices.
  • the technology that can solve this problem is not described in the remaining patent documents 4 to 5.
  • the technique described in Patent Document 4 is for authenticating that the terminal and the portable terminal are the same user, and does not construct an ad hoc connection relationship, so the object of the invention is different in the first place.
  • the technique described in Patent Document 5 is a technique for constructing a communication path for distributing an authentication key, and is not a technique for generating an authentication key.
  • An object of the present invention is to provide a mutual authentication system that does not require a complicated operation for a user, does not significantly increase costs, and can establish an ad hoc connection relationship between information devices with sufficient security, To provide a mutual authentication server, a mutual authentication method, and a mutual authentication program.
  • a mutual authentication system is configured by connecting a plurality of terminal devices and a mutual authentication server that generates and gives an authentication key to these terminal devices.
  • each terminal device includes voice data transmitting means for transmitting surrounding environmental sound to the mutual authentication server as time-series data representing a temporal change in sound volume.
  • a feature vector generation unit that analyzes a frequency component for each time-series data received from each terminal device and generates a feature vector, and compares the generated feature vectors between the terminal devices to determine whether they match.
  • a feature vector comparing means for determining whether or not, and a key sharing means for generating and transmitting an authentication key to each terminal device when the feature vectors match.
  • a mutual authentication server is a mutual authentication server that is mutually connected to a plurality of terminal devices and constitutes a mutual authentication system, and the volume of sound received from each terminal device.
  • the feature vector generation means for generating a feature vector by analyzing the frequency component for each of the time-series data representing the time variation of the time, and comparing the generated feature vector between the terminal devices, whether or not they match
  • a feature vector comparing means for determining whether or not and a key sharing means for generating and transmitting an authentication key to each terminal device when the feature vectors match.
  • a mutual authentication method is configured by connecting a plurality of terminal devices and a mutual authentication server that generates and gives an authentication key to these terminal devices.
  • the voice data transmitting means of each terminal device transmits surrounding environmental sounds to the mutual authentication server as time-series data representing the time change of the volume of the sound
  • the feature vector of the mutual authentication server The generation means analyzes the frequency component for each of the time-series data received from each terminal device to generate a feature vector, and the feature vector comparison means of the mutual authentication server transfers the generated feature vector between the terminal devices.
  • the key sharing means of the mutual authentication server generates and transmits an authentication key to each terminal device when the feature vectors match. And butterflies.
  • a mutual authentication program is configured by connecting a plurality of terminal devices and a mutual authentication server that generates and gives an authentication key to these terminal devices.
  • a procedure for generating a feature vector by analyzing a frequency component for each of time-series data representing a temporal change in sound volume received from each terminal device in a computer provided in the mutual authentication server in the mutual authentication system A procedure for comparing the generated feature vectors between the terminal devices to determine whether they match, and a procedure for generating and transmitting an authentication key to each terminal device if the feature vectors match Is executed.
  • the voice input means provided in many devices in advance is provided.
  • Mutual authentication can be performed by using it as it is.
  • a mutual authentication system, a mutual authentication server, a mutual authentication method, and a mutual authentication program can be provided.
  • FIG. 2 is an explanatory diagram showing the configuration of each of the data synchronization means to key sharing means shown in FIG. 1 in more detail. It is explanatory drawing shown about an example of the operation
  • FIG. 8 is an explanatory diagram illustrating examples of a plurality of types of quantization patterns prepared when the quantization function of the feature vector generation unit illustrated in FIG. 2 performs the processing illustrated in FIG. 7. It is explanatory drawing shown about the process which the feature vector comparison means shown in FIG. 1 performs. It is explanatory drawing shown about the process which the key sharing means 105 shown in FIG. 1 performs. It is explanatory drawing which shows the example of the mutual authentication system produced experimentally.
  • a mutual authentication system 1 includes a mutual authentication system configured by connecting a plurality of terminal devices 20 and a mutual authentication server 10 that generates and gives an authentication key to these terminal devices. It is.
  • Each terminal device 20 includes a voice data transmission unit 203 that transmits surrounding environmental sounds to the mutual authentication server as time-series data representing temporal changes in sound volume.
  • the mutual authentication server 10 compares the generated feature vector between the terminal devices and the feature vector generating unit 103 that generates a feature vector by analyzing the frequency component of each time-series data received from each terminal device.
  • the feature vector comparison unit 104 that determines whether or not they match, and the key sharing unit 105 that generates and transmits an authentication key to each terminal device when the feature vectors match.
  • Each terminal device 20 includes a sensing unit 202 that collects ambient environmental sounds as audio data, and the audio data transmission unit 203 extracts a plurality of representative values from the collected audio data and converts them into time-series data. Send as. Furthermore, each of the terminal device 20 and the mutual authentication server 10 includes time synchronization means 201 and 101 that synchronize time with each other in advance.
  • the mutual authentication server 10 detects a predetermined number of extreme values from each time series data received from each terminal device, and based on the timing at which these extreme values are detected, the time axis direction between the time series data
  • the data synchronization unit 102 corrects the deviation and outputs it to the feature vector generation unit 103.
  • the feature vector generation means 103 of the mutual authentication server 10 divides the time-series data into time windows with a constant time interval, performs FFT (Fast Fourier Transform) on each time window, and outputs a power spectrum.
  • 103a a quantization function 103c that outputs a feature vector for each frequency by collating the power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages, and a Fourier transform function 103a.
  • a cut-off function 103b that removes a frequency component equal to or higher than a predetermined cut-off frequency from the power spectrum and shifts it to the quantization function 103c.
  • the quantization function 103c of the mutual authentication server 10 provides a plurality of groups with a plurality of thresholds with respect to a preset level as one group, and outputs a feature vector for each group.
  • the feature vector comparison unit 104 compares a plurality of feature vectors generated in the same time window between the terminal devices, and if there is even one feature vector that matches between the terminal devices, It is determined that the feature vectors of the terminal device match.
  • the key sharing means 105 of the mutual authentication server 10 calculates the total value of the information amount per unit time of the feature vectors that coincide in the target time range of the time series data, and the calculated total value of the information amount is given in advance. Only when the value is equal to or greater than the predetermined value, the matched feature vectors are concatenated and a hash value of the concatenated matched feature vectors is generated as an authentication key.
  • the mutual authentication system 1 can construct an ad hoc connection relationship between the terminal devices 20 without requiring a complicated operation, without significantly increasing costs, and with sufficient safety. It becomes possible. Hereinafter, this will be described in more detail.
  • FIG. 1 is an explanatory diagram showing the configuration of the mutual authentication system 1 according to the first embodiment of the present invention.
  • the mutual authentication system 1 includes two terminal devices 20a and 20b (hereinafter collectively referred to as terminal devices 20) to be subjected to mutual authentication, and a mutual authentication server that generates and gives an authentication key to these terminal devices 20. 10 are connected to each other via a network 30.
  • the network 30 may be a wired connection or a wireless connection, and the connection form and protocol are not particularly limited.
  • the mutual authentication server 10 has a basic configuration as a computer device.
  • the computer 11 includes a processor 11 that is an operation subject of the computer program, a storage unit 12 that stores the program and data, and a communication unit 13 that performs data communication with each terminal device 20.
  • the processor 11 of the mutual authentication server 10 operates the time synchronization means 101 for matching the time with the terminal device 20 by the operation of the mutual authentication program, and the time axis direction deviation of the time series data received from each terminal device 20.
  • each of the key sharing means 105 functions to generate and transmit an authentication key to each terminal device 20.
  • the generated authentication key 111 is stored in the storage unit 12.
  • FIG. 2 is an explanatory diagram showing the configuration of each of the data synchronization means 102 to key sharing means 105 shown in FIG. 1 in more detail.
  • the feature vector generation unit 103 is further divided into three functional units, that is, a Fourier transform function 103a, a cutoff function 103b, and a quantization function 103c.
  • the Fourier transform function 103a performs FFT (Fast Fourier Transform) on the input time series data and outputs a power spectrum.
  • the cut-off function 103b cuts frequency components of the input power spectrum that are equal to or higher than a predetermined cut-off frequency.
  • the quantization function 103c collates the output power spectrum with a plurality of threshold values given in advance, and outputs a feature vector having the quantized value of the power spectrum for each frequency as an element.
  • the terminal devices 20 (20a and 20b) both have the same configuration, and all have a basic configuration as a computer device. That is, the voice data is transmitted by the processor 21 that is the main operating body of the computer program, the storage unit 22 that stores the program and data, the communication unit 23 that performs data communication with the mutual authentication server 10 and other terminal devices 20, and a microphone. Voice input means 24 for acquiring and inputting
  • the processor 21 of the terminal device 20 operates the time series of sound pressure by using the time synchronization unit 201 that synchronizes the time with the mutual authentication server 10 and the sound input unit 24 by operating the mutual authentication program.
  • Sensing means 202 that collects change data (voice data), voice data sending means 203 that compresses the amount of acquired voice data and sends it to the mutual authentication server 10, and receives an authentication key from the mutual authentication server 10 Function as mutual authentication means 204 for performing mutual authentication.
  • the storage unit 22 stores the authentication key 211 received from the mutual authentication server 10.
  • each time synchronization means 101 and 201 performs time synchronization processing for adjusting time between each other. This time synchronization process may be performed when the mutual authentication server 10 and the terminal device 20 are turned on, or may be performed periodically at a specific cycle.
  • An NTP (Network Time Protocol) protocol can be used for time synchronization.
  • the sensing means 202 of the terminal device 20 is based on the assumption that the time synchronization process is performed, and a reference time t0 that is set in advance as a common value between the mutual authentication server 10 and each terminal device 20.
  • a reference time t0 that is set in advance as a common value between the mutual authentication server 10 and each terminal device 20.
  • FIG. 3 is an explanatory diagram illustrating an example of an operation in which the audio data transmission unit 203 illustrated in FIG. 1 obtains a representative value of the environmental sound.
  • the voice data transmission unit 203 reduces the data amount of the sound pressure data 251 of the f / second environmental sound collected by the sensing unit 202 as data of fc (f> fc) / second.
  • the data is divided for each number of quotients obtained by dividing f by fc, and the maximum value obtained for each division is set as the representative value of the section to generate a total of fc time-series data 252.
  • the time-series data 252 is transmitted to the mutual authentication server 10 together with the label 252b indicating the sensing time in the sensing means 202.
  • the label 252b indicates a time range in which audio data is acquired, such as “t0 + ⁇ w to t0 + ( ⁇ + 1) w”.
  • an average value in the time range can be used as a representative value.
  • this “time range in which the audio data is acquired” is referred to as a target time range.
  • the voice data transmission unit 203 obtains an average value of every 80 sound pressure values, and obtains time series data 252 of 100 / unit time. Then, the obtained time series data is transmitted to the mutual authentication server 10.
  • the data synchronization means 102 waits for the arrival of the time series data 252 from the two terminal devices 20a and 20b, and corrects the deviation in the time axis direction for the time series data having the same label indicating the sensing time. .
  • This data synchronization means 102 absorbs the time lag of the time series data between the terminal devices. However, when the terminal time can be accurately synchronized, it is considered that such time lag does not occur at all. Therefore, this means may not be provided.
  • FIG. 4 is an explanatory diagram showing an example of an operation in which the data synchronization means 102 shown in FIG. 1 adjusts the time axis direction deviation of the time series data.
  • the data synchronization means 102 obtains, from the time series data received from the terminal device 20, a point where the slope of the sound pressure fluctuation graph changes from positive to negative, that is, a point that is convex upward as an extreme value.
  • the data synchronization means 102 has the smallest difference between possible values among the extreme values whose distance on the time axis is within a predetermined threshold when the waveforms received from the respective terminal devices 20 are superimposed.
  • the value is determined as an extreme value measured at the same timing.
  • an average value of distances in the time axis direction is calculated for a predetermined number (this number is a variable p_num) from the top of the value, and the calculation is performed. It operates to shift one data in the time axis direction by the average value.
  • the waveforms of the time series data received from the terminal devices 20a and 20b are displayed as 261 and 262, respectively.
  • p_num 4 that is, an average value of distances in the time axis direction is calculated for the top four extreme values 271 to 274 in the waveform within the target time range. Based on this average value, one waveform is shifted in the time axis direction by the average value.
  • the time series data of the terminal device on the time axis advanced side may be padded with zeros (so-called zero padding) for the time advanced to the head of the time series data.
  • zero padding when the data of the time slot
  • this processing by the data synchronization unit 102 is omitted, and the feature vector generation unit 103 that follows is obtained from each terminal device 20. It is also possible to pass time-series data as it is.
  • FIG. 5 is an explanatory diagram showing processing performed by the Fourier transform function 103a of the feature vector generation unit 103 shown in FIG.
  • the Fourier transform function 103a divides the time-series data whose time axis direction deviation is adjusted by the data synchronization means 102 into small intervals of a predetermined time interval. This is referred to herein as time windows 301-303.
  • the Fourier transform function 103a performs FFT (Fast Fourier Transform) on each time window, and outputs a power spectrum indicating the frequency characteristics.
  • FIG. 5 shows a power spectrum 311 output with respect to the time window 301.
  • the time-series data received from each terminal device 20 includes sound pressure values of 100 / unit time as described above.
  • 64 continuous sound pressure values are used as one time window 301.
  • 50% (32 pieces) of them are overlapped with the next time window 302.
  • the subsequent time window 303 is also overlapped with the previous time window 302 by 50% (32).
  • the rate at which the continuous time windows are overlapped can be arbitrarily set. By doing in this way, more time windows can be cut out as comparison target data from time series data in the same target time range.
  • FIG. 6 is an explanatory diagram showing processing performed by the cut-off function 103b of the feature vector generation unit 103 shown in FIG.
  • the cut-off function 103b may be realized in an analog manner by a so-called LPF (low-pass filter) placed before the Fourier transform function 103a.
  • LPF low-pass filter
  • FIG. 7 is an explanatory diagram showing processing performed by the quantization function 103c of the feature vector generation unit 103 shown in FIG.
  • the quantization function 103c performs a quantization process by applying a quantization pattern to the power spectrum 311 output from the Fourier transform function 103a.
  • the quantization pattern here is a pattern in which a plurality of threshold values are set for each component frequency given in advance at a cutoff frequency fm or lower. A plurality of quantization patterns are prepared in advance, which will be described later, and FIG. 7 shows processing by one quantization pattern.
  • one quantization pattern includes four threshold values T1 to T4 for each component frequency of the power spectrum 311.
  • the power at each component frequency is classified into five levels. ing.
  • the component frequency is set in increments of 1 Hz from 0 to 10 Hz.
  • the power corresponding to each component frequency means the maximum value of power in the frequency range of “0 Hz or more and less than 1 Hz”.
  • the step is obtained as fc / N from the number of data points fc per unit time of the data input to the FFT and the number N of data points in the time window.
  • Region (5) if the power corresponding to each component frequency is T4 or more, region (4) if T3 or more and less than T4, region (3) if T2 or more and less than T3, region if T1 or more and less than T2. (2) If it is less than T1, it is classified into region (1).
  • the number and value of each of these threshold values and component frequencies can be arbitrarily set. In the text of this specification, for example, “5 number” is written as “(5)”.
  • the feature vector generation unit 103 outputs the feature vector 321 with respect to the power spectrum 311 shown in FIG.
  • the feature vector here is an array of regions corresponding to the power at each frequency for each component frequency of 1 to 10 Hz.
  • FIG. 8 is an explanatory diagram showing examples of a plurality of quantization patterns prepared when the quantization function 103c of the feature vector generation unit 103 shown in FIG. 2 performs the processing shown in FIG.
  • four kinds of quantization patterns 331 to 334 are prepared, and each of them includes four threshold values as in the case shown in FIG.
  • the number of quantization patterns can also be set arbitrarily, but the number of threshold values is common among the quantization patterns.
  • the threshold value included in each quantization pattern is an exponentially widened value based on the maximum value of the power spectrum calculated from the time series data.
  • the threshold value is slightly different between the quantization patterns.
  • the quantization function 103c prepares a plurality of quantization patterns with the threshold values shifted little by little, and outputs a plurality of feature vectors from one time window.
  • FIG. 9 is an explanatory diagram showing processing performed by the feature vector comparison unit 104 shown in FIG.
  • the feature vector comparison unit 104 compares the plurality of feature vectors output from the quantization function 103c with respect to the same time window output from each terminal device 20a and 20b, and the environmental sound collected by each terminal device is It is determined whether or not they are the same.
  • c feature vectors are output from each of the terminal devices 20a and 20b in the same time window.
  • the “same time window” means a time window observed and processed in the same time range in each of the terminal devices 20a and 20b.
  • the feature vector comparison means 104 compares the feature vectors output c by way of the same time window in each of the terminal devices 20a and 20b, and performs a brute force comparison. It is determined that the time series data match between the devices 20a and 20b.
  • the feature vector comparison unit 104 finds that “(5) (1) (2) (1)” of the feature vector matches the third from the top of the feature vector 331 and the first from the top of the feature vector 332. Therefore, it is already determined that the time series data match between the terminal devices 20a and 20b.
  • FIG. 10 is an explanatory diagram showing processing performed by the key sharing unit 105 shown in FIG.
  • the key sharing unit 105 receives the comparison result, generates an authentication key 111 for the terminal devices 20a and 20b, stores the authentication key 111 in the storage unit 12, and transmits the authentication key to the terminal devices 20a and 20b.
  • the key sharing means 105 calculates the information amount from the generation probability of the matched feature vector, and the key length exceeds a certain threshold with the sum of the information amount of the matched feature vectors for each time window as the key length. Only in this case, the hash value of the concatenated matching time windows is set as the authentication key 111.
  • the amount of information here is a concept in information theory. If the probability of occurrence of a certain event is P, the amount of information I (bits) calculated by the following equation 1 is used. is there.
  • the key sharing means 105 counts the total number of matched feature vectors and the number of matching individual feature vectors in the time range to be compared, but this count is not reset in units of time windows.
  • the feature vectors that match in other time windows within the target time range are also accumulated and counted, and the total amount of information (bits) of the matched feature vectors is obtained.
  • the total number of feature vectors 341 that coincide between the terminal devices 20a and 20b is ten, of which “(5) (1) (4) (1)” is three, (5) (2) (4) (1) ", one" (5) (1) (4) (2) “,” (5) (1) (3) (1) " Three pieces, “(5) (2) (4) (2)”, coincide with two pieces.
  • the respective feature vectors are obtained from the time windows 301 or 262 obtained from the time series data waveforms 261 and 262 obtained from the terminal devices 20a and 20b, and matched by the feature vector comparison means. Is observed.
  • FIG. 11 is an explanatory diagram showing an example of a mutual authentication system 401 created experimentally.
  • This mutual authentication system 401 is configured by connecting three terminal devices 420a to 420c and a mutual authentication server 410 via a wireless network.
  • Each of the terminal devices 420a to 420c has the same configuration as that of the terminal device 20 shown in FIGS.
  • the mutual authentication server 410 has the same configuration as the mutual authentication server 10 shown in FIGS.
  • the terminal devices 420a and 420b are installed in the same room 421, and the terminal device 420c is installed in the adjacent room 422.
  • FIG. 12 is a graph showing changes with respect to the measurement time of the total amount of information calculated between the terminal devices 420a and 420b and between the terminal devices 420a and 420c in the mutual authentication system 401 shown in FIG. .
  • the sum total of the information amount calculated between the terminal devices 420a and 420b is represented as a graph 431
  • the sum total of the information amount calculated between the terminal devices 420a and 420c is represented as a graph 432.
  • the graph 431 represents the total amount of information calculated in each case in the situation where the same environmental sound should be observed, whereas the graph 432 represents the situation where the same environmental sound should not be observed. ing. As clearly shown in FIG. 12, the graphs 431 and 432 clearly differ in the total amount of information. Therefore, an appropriate value in the middle is set in advance as the threshold value 433, and the length of the target time when sensing is performed. It is possible to detect whether or not the environmental sounds are the same by comparing the corresponding threshold value with the total amount of information obtained.
  • the key sharing unit 105 When it is determined that the environmental sounds are the same, the key sharing unit 105 generates a hash value of the concatenated feature vectors 341 concatenated as the authentication key 111 and causes the storage unit 12 to store the hash value. And 20b.
  • the hash value here is an output value obtained by inputting the concatenated feature vectors 341 into an irreversible function.
  • the mutual authentication unit 204 receives the authentication key 211 (111) and stores it in the storage unit 22, and the terminal devices 20a and 20b perform mutual authentication using the authentication key.
  • the authentication key 111 (211) is preferably transmitted and received by a secure communication method such as SSL (Secure Socket Layer).
  • SSL Secure Socket Layer
  • the mutual authentication operation can use a known technique such as challenge-response authentication.
  • FIG. 13 is a flowchart showing the mutual authentication operation performed between the mutual authentication server 10 and the terminal device 20 shown in FIG.
  • the respective time synchronization means 101 and 201 perform time synchronization processing for adjusting the time between them (steps S101 and 201).
  • the sensing means 202 acquires the environmental sound as voice data via the voice input means 24 (step S202).
  • voice data transmission means 203 of the terminal device 20 produces the time series data which removed the high frequency component from the acquired audio
  • the data synchronization means 102 waits for reception of time-series data from the terminal devices 20a and 20b, and corrects the time-axis direction deviation of the time-series data received from both terminal devices (step S102). Then, the feature vector generation unit 103 divides this time series data into time windows to form time windows, and applies c quantization patterns prepared in advance to each time window to obtain c feature vectors. Generate (step S103).
  • the feature vector comparison means 104 compares the c feature vectors generated in the same time window for both terminal devices in a brute force manner, and if even one feature vector is common, the feature vectors match. Determination is made (step S104). If the feature vectors do not match, the process ends abnormally.
  • the key sharing unit 105 that has received the comparison result calculates the information amount of each matched feature vector from the generation probability of the matched feature vector, and the matched feature vector only when the sum exceeds a given threshold value. Are transmitted as an authentication key to each terminal (steps S105 to S106). Even when the information amount of the feature vector does not exceed a certain threshold, the process ends abnormally.
  • the mutual authentication means 204 of the terminal devices 20a and 20b performs mutual authentication using the received authentication key (step S204).
  • this mutual authentication system can generate and issue an effective authentication key with sufficient strength by voice input alone. No special operation is required for this, and since many devices are equipped in advance with hardware and software necessary for voice input, the installation cost is small.
  • the mutual authentication method according to the present embodiment is a mutual authentication system in which a plurality of terminal devices 20 and a mutual authentication server 10 that generates and gives authentication keys to these terminal devices are connected to each other. Then, the voice data transmitting means of each terminal device transmits the surrounding environmental sound to the mutual authentication server as time-series data representing the time change of the sound volume (FIG. 13, steps S202 to 203).
  • the feature vector generating unit of the authentication server analyzes the frequency component for each of the time series data received from each terminal device to generate a feature vector (FIG.
  • step S103 and the feature vector comparing unit of the mutual authentication server Compares the generated feature vectors between the terminal devices to determine whether or not they match (FIG. 13, step S104), and the key sharing means of the mutual authentication server It generates and transmits an authentication key to each terminal device when the feature vectors are matched (13 steps S105 ⁇ 106).
  • the process of generating the feature vector by the feature vector generating means shown in step S103 of FIG. 13 is performed by dividing the time series data into time windows having a constant time interval by the Fourier transform function and performing FFT ( (Fast Fourier Transform) is performed to output a power spectrum, and the output power spectrum is collated with a plurality of thresholds to which a quantization function is given in advance to output a feature vector for each given frequency. Further, here, a plurality of feature vectors are output for each of a plurality of patterns given in advance for a combination of a plurality of threshold values.
  • FFT Fast Fourier Transform
  • step S104 in FIG. 13 compares the plurality of feature vectors generated in the same time window between the terminal devices, and the feature between the terminal devices. If even one of the vectors matches, it is determined that the feature vectors of the terminal devices match.
  • each of the above-described operation steps may be programmed to be executable by a computer, and may be executed by the processor 11 of the mutual authentication server 10 that directly executes each of the steps.
  • the program may be recorded on a non-temporary recording medium, such as a DVD, a CD, or a flash memory. In this case, the program is read from the recording medium by a computer and executed.
  • the first point is that the vibration that is the subject of authentication in this prior art is at most several times per second, but the voice is, for example, in the specification of a microphone for voice calls of a mobile phone terminal. Since sampling at 8 kHz and 8 bits is required at least, if this is transmitted as it is, a huge amount of communication (8 kilobytes / second) occurs during transmission, and the amount of processing at the time of determination is also huge It will be a thing.
  • the second point is that it is not always appropriate to share a key for mutual authentication even among users under similar environmental sounds.
  • the third point is that it is greatly influenced by differences in observation locations and acoustic characteristics between devices. From the above three points, it is very difficult to replace “vibration” in the prior art with “environmental sound” as it is.
  • the sound pressure data is compressed from 8000 to 100 per second and transmitted. This not only reduces the amount of communication during transmission (corresponding to the first point), but also incorrectly issues an authentication key to an unauthorized user, that is, the risk of false positive occurrence. The effect of reducing can also be acquired. This will be described in more detail below.
  • Environmental sounds can be broadly divided into “steady sound systems” that occur periodically and “pulse systems” that occur suddenly, but the environmental sounds of “steady sound systems” are not physically close to each other. There are many cases where the same sound is observed even in a place. Therefore, in order to apply the environmental sound for the purpose of “mutual authentication” of the present application, it is not a “steady sound system”, but whether or not it is coincident with the “pulse system” environmental sound that is observed only at that time. It is necessary to judge.
  • the mutual authentication system 501 in addition to the configuration of the first embodiment, when the key sharing unit 605 of the mutual authentication server 510 has a total amount of information equal to or less than a predetermined value, The feature vector is temporarily stored in a storage means provided in advance, and the feature vector stored temporarily is further concatenated with the feature vector generated from the time-series data sent from the same set of terminal devices. It was assumed that the hash value of what was created was generated as the authentication key.
  • FIG. 14 is an explanatory diagram showing the configuration of the mutual authentication system 501 according to the second embodiment of the present invention.
  • the mutual authentication system 501 is the mutual authentication system 1 shown in the first embodiment, in which the mutual authentication server 10 is replaced with another mutual authentication server 510.
  • the terminal device 20 is the same as that in the first embodiment.
  • the mutual authentication server 510 has the same hardware configuration as the mutual authentication server 10, and the software configuration that operates on the processor 11 is replaced by another key sharing unit 605 instead of the key sharing unit 105. It is the same except that an area for storing the feature vector 612 is added to the means 12. Therefore, only the differences will be described here.
  • FIG. 15 is a flowchart showing the mutual authentication operation performed between the mutual authentication server 510 and the terminal device 20 shown in FIG. It goes without saying that the operation of the terminal device 20 is the same as that of the first embodiment shown in FIG. 13, but the operation of the mutual authentication server 510 and steps S101 to S106 are also shown in FIG. It is the same as the operation of the form.
  • the only operation different from that of the first embodiment is that the key sharing unit 605 stores the feature vector 612 in the storage unit 12 when the total amount of information (key length) of the matched feature vectors does not exceed a certain threshold. (Step S107). Then, when new time-series data is sent from the same set of terminal devices 20 in the subsequent operation, the key sharing means 605 stores the feature vector generated from the new time-series data. The feature vectors 612 are further concatenated and the hash values are transmitted as authentication keys to each terminal.
  • one mutual authentication system may include three or more terminal devices, and these terminal devices may perform mutual authentication with a set of three or more devices.
  • One of the terminal devices included in one mutual authentication system may also have a function as a mutual authentication server.
  • the user designates a specific time range, and only the designated time range is set as a target time range to be authenticated in the present invention, or conversely, excluded from the target time range to be authenticated in the present invention. It is also possible to adopt a configuration that does this.
  • a mutual authentication system configured by connecting a plurality of terminal devices and a mutual authentication server that generates and gives an authentication key to these terminal devices,
  • Each terminal device includes voice data transmitting means for transmitting surrounding environmental sound to the mutual authentication server as time-series data representing a temporal change in sound volume
  • the mutual authentication server is Feature vector generation means for generating a feature vector by analyzing a frequency component for each of the time-series data received from each terminal device; Comparing the generated feature vectors between the terminal devices and determining whether or not they match,
  • a mutual authentication system comprising key sharing means for generating and transmitting an authentication key to each of the terminal devices when the feature vectors match.
  • each of the terminal device and the mutual authentication server has a time synchronization means for adjusting the time between each other in advance.
  • the mutual authentication server is A predetermined number of extreme values are detected from each of the time series data received from each terminal device, and a time axis direction shift between the time series data is detected based on the timing at which the extreme values are detected.
  • the feature vector generation means of the mutual authentication server includes: A Fourier transform function that divides the time-series data into time windows with a constant time interval and performs FFT (Fast Fourier Transform) on each time window to output a power spectrum; Supplementary note 1 characterized by having a quantization function that outputs a feature vector for each frequency by collating the power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages.
  • FFT Fast Fourier Transform
  • the feature vector generation means of the mutual authentication server includes: Appendix 5 characterized by having a cut-off function for removing a frequency component equal to or higher than a predetermined cut-off frequency from the power spectrum obtained by the Fourier transform function and shifting the power component to the quantization function.
  • Appendix 5 characterized by having a cut-off function for removing a frequency component equal to or higher than a predetermined cut-off frequency from the power spectrum obtained by the Fourier transform function and shifting the power component to the quantization function.
  • the quantization function of the mutual authentication server is: 6.
  • the feature vector comparison unit of the mutual authentication server compares the plurality of feature vectors generated in the same time window between the terminal devices, and the feature vector is 1 between the terminal devices.
  • the key sharing unit of the mutual authentication server calculates a total value of information amounts per unit time of the feature vectors that match in the target time range of the time series data, and the calculated information amount Note that only when the total value is equal to or greater than a predetermined value, the matched feature vectors are concatenated and a hash value of the concatenated matched feature vectors is generated as the authentication key. 8.
  • the key sharing means of the mutual authentication server calculates a total value of information amounts per unit time of the feature vectors that coincide in the target time range of the time series data, and the calculated information amount
  • a hash value of the concatenated feature vectors and the concatenated feature vectors is generated as the authentication key
  • the total value of the information amount is
  • the feature vector is temporarily stored in a storage unit provided in advance, and further added to the feature vector generated from the time-series data sent from the same set of terminal devices.
  • a mutual authentication server that is mutually connected to a plurality of terminal devices to constitute a mutual authentication system, Feature vector generating means for generating a feature vector by analyzing a frequency component for each of the time-series data representing a temporal change in the volume of sound received from each terminal device; Comparing the generated feature vectors between the terminal devices and determining whether or not they match,
  • a mutual authentication server comprising: key sharing means for generating and transmitting an authentication key to each of the terminal devices when the feature vectors match.
  • the feature vector generation means includes A Fourier transform function that divides the time-series data into time windows with a constant time interval and performs FFT (Fast Fourier Transform) on each time window to output a power spectrum; Appendix 11 has a quantization function for outputting a feature vector for each frequency by collating the power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages.
  • FFT Fast Fourier Transform
  • the quantization function is 13.
  • the said feature vector comparison means compares the said several feature vectors produced
  • the key sharing unit calculates a total value of information amounts per unit time of the feature vectors that match in the target time range of the time series data, and the total value of the calculated information amounts is given in advance.
  • the mutual feature according to appendix 14 characterized in that only when the predetermined feature value is greater than or equal to the predetermined value, the matched feature vectors are concatenated and a hash value of the concatenated matched feature vectors is generated as the authentication key.
  • Authentication server characterized in that only when the predetermined feature value is greater than or equal to the predetermined value, the matched feature vectors are concatenated and a hash value of the concatenated matched feature vectors is generated as the authentication key.
  • the voice data transmitting means of each terminal device transmits surrounding environmental sound to the mutual authentication server as time-series data representing a temporal change in sound volume
  • the feature vector generation means of the mutual authentication server generates a feature vector by analyzing a frequency component for each of the time-series data received from each terminal device
  • the feature vector comparison means of the mutual authentication server compares the generated feature vectors between the terminal devices to determine whether or not they match.
  • a mutual authentication method wherein the key sharing means of the mutual authentication server generates and transmits an authentication key to each terminal device when the feature vectors match.
  • the process in which the feature vector generation unit generates the feature vector includes: The Fourier transform function divides the time series data into time windows with a constant time interval, performs FFT (Fast Fourier Transform) on each time window, and outputs a power spectrum, The feature vector for each frequency is output by collating the power level for each frequency of the output power spectrum with a threshold value for which a quantization function is set in advance in a plurality of stages.
  • FFT Fast Fourier Transform
  • the process in which the quantization function outputs the feature vector includes: 18.
  • the feature vector comparing means compares the feature vectors.
  • the plurality of feature vectors generated in the same time window are compared between the terminal devices, and when there is even one feature vector that matches between the terminal devices, the terminal device of the terminal device 19.
  • the key sharing means generates and transmits an authentication key. Only when the total value of the information amount per unit time of the feature vector matched in the target time range of the time series data is calculated and the calculated total amount of information amount is equal to or greater than a predetermined value
  • the procedure for generating the feature vector includes: A step of dividing the time series data into time windows at regular time intervals and performing FFT (Fast Fourier Transform) on each time window to output a power spectrum; And appending the power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages to output a feature vector for each frequency.
  • FFT Fast Fourier Transform
  • the procedure for outputting the feature vector includes: The mutual authentication program according to appendix 22, characterized by including a procedure in which a plurality of the thresholds for a preset level are set as one group, a plurality of the groups are provided, and the feature vector is output for each group. .
  • the procedure for comparing the feature vectors includes: The plurality of feature vectors generated in the same time window are compared between the terminal devices, and when there is even one feature vector that matches between the terminal devices, the terminal device of the terminal device.
  • the procedure for generating and transmitting the authentication key is as follows. Only when the total value of the information amount per unit time of the feature vector matched in the target time range of the time series data is calculated and the calculated total amount of information amount is equal to or greater than a predetermined value 25.
  • the present invention can be used in a mutual authentication system for constructing an ad hoc (non-permanent, temporary) connection relationship between specific devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

[Problem] To provide a mutual authentication system for creating an ad-hoc connection between information devices. [Solution] The mutual authentication system (1) according to the present invention is configured by connecting a plurality of terminal devices (20) to a mutual authentication server (10) which generates and assigns an authentication key to the terminal devices. Each terminal device (20) is provided with a sound data transmission means (203) for transmitting the ambient sound of the surroundings to the mutual authentication server as time-series data representing the change in volume of sound over time. The mutual authentication server (10) is provided with a feature vector generation means (103) for subjecting the time-series data received from each terminal device to a fast Fourier transform (FFT) and generating feature vectors, a feature vector comparison means (104) for comparing the generated feature vectors for the terminal devices and determining whether there is a match, and a key sharing means (105) for generating and transmitting the authentication key to each terminal device when the feature vectors match.

Description

相互認証システム、相互認証サーバ、相互認証方法および相互認証プログラムMutual authentication system, mutual authentication server, mutual authentication method, and mutual authentication program
 本発明は相互認証システム、相互認証サーバ、相互認証方法および相互認証プログラムに関し、特に特定の機器間でのアドホックな接続関係を構築するための相互認証システム等に関する。 The present invention relates to a mutual authentication system, a mutual authentication server, a mutual authentication method, and a mutual authentication program, and more particularly to a mutual authentication system for constructing an ad hoc connection relationship between specific devices.
 情報機器相互間でのデータ通信の技術は最近とみに発達しているが、その中でも特定の機器間で「アドホックな(恒常的でない、一時的な)」接続関係を構築したい場合が出てきている。たとえば、ある会社の社員と出入り業者が業務上の打ち合わせをする時に、その打ち合わせの出席者間で資料や議事録などを共有したい場合がそうである。あるいは、特定の場所(たとえば飲食店の店頭、コンサートやスポーツ試合の会場など)にいる特に接点のない人たち同士でコミュニティを構築したい場合などもそうである。 The technology of data communication between information devices has been developed recently, but there are cases where it is desired to establish an "ad hoc (non-permanent, temporary)" connection relationship between specific devices. . For example, when a company employee and a trader have a business meeting, they may want to share materials, minutes, etc. between the attendees of the meeting. Or it may be the case where people who have no particular contact in a specific place (for example, a restaurant or a concert or sports game venue) want to build a community.
 そのようなアドホックな接続関係を構築する場合にも機器間の相互認証は必須である。この場合の相互認証は、たとえば長い桁数のPIN(Personal Identification Number)やパスワードなどをユーザに入力させるような煩雑な操作ではなく、ユーザにとってより単純な操作で行えることが望ましい。 相互 Mutual authentication between devices is essential even when building such an ad hoc connection relationship. In this case, it is desirable that the mutual authentication can be performed by a simpler operation for the user, rather than a complicated operation in which the user inputs, for example, a long-digit PIN (Personal Identification Number) or a password.
 これに関連する技術として、以下のような技術文献がある。特許文献1には、装置に設けられたボタンが同時に押されたことを検出して固有のグループ接続用IDを生成し、これを共通鍵(認証鍵)として相互認証に利用するという、通信機能を備えた装置のグループ化方法が記載されている。 There are the following technical documents as related technologies. Patent Document 1 discloses a communication function that detects that buttons provided on an apparatus are simultaneously pressed, generates a unique group connection ID, and uses this as a common key (authentication key) for mutual authentication. Is described.
 非特許文献1には、非接触ICリーダを備えた装置間をかざしあって鍵共有を行い、これを認証鍵として相互認証に利用するという技術の概要が記載されている。また、特許文献2~3および非特許文献2~4には、加速度センサを備えた2つの装置に外部から同じ動きを加えることによって共通の変化量を検出し、このことによって認証鍵を共有するという技術が記載されている。 Non-Patent Document 1 describes an outline of a technique in which keys are shared by holding devices provided with a non-contact IC reader and used for mutual authentication as an authentication key. Further, in Patent Documents 2 to 3 and Non-Patent Documents 2 to 4, a common change amount is detected by applying the same movement from the outside to the two devices including the acceleration sensor, thereby sharing the authentication key. The technology is described.
 また、特許文献4には、ウェブサーバが生成して端末に表示された二次元コードを携帯端末が読み取り、これによってユーザを特定する固有情報を生成するという相互認証システムが記載されている。特許文献5には、複数の端末とセッション管理装置からなり、端末-セッション管理装置で確立された暗号化チャネルを介して端末間で鍵情報を交換するという認証方法が記載されている。 Patent Document 4 describes a mutual authentication system in which a mobile terminal reads a two-dimensional code generated by a web server and displayed on a terminal, thereby generating unique information for specifying a user. Patent Document 5 describes an authentication method including a plurality of terminals and a session management apparatus, and exchanging key information between terminals via an encrypted channel established by the terminal-session management apparatus.
特許第3707660号公報Japanese Patent No. 3707660 特開2008-311726号公報JP 2008-31726 A 特開2010-187282号公報JP 2010-187282 A 特開2009-124311号公報JP 2009-124311 A 特開2005-160005号公報JP 2005-160005 A
 前述した各々の相互認証の方法であるが、特許文献1に記載の技術では、ボタンを押すという操作は第三者によっても容易になしうる行為であるので、正当ではない第三者に対して認証鍵を発行してしまう危険性がある。また、ボタンを同時に押す操作でタイミングがズレると、正当なユーザであっても正常に認証できない場合がありうるので、このシステムによる利便性は高くない。非特許文献1に記載の技術では、各装置に非接触ICリーダを装備する必要があるので、コスト上の問題がある。 Although each of the above-described mutual authentication methods, in the technique described in Patent Document 1, an operation of pressing a button is an action that can be easily performed by a third party. There is a risk of issuing an authentication key. Further, if the timing is shifted by the operation of simultaneously pressing the buttons, even a legitimate user may not be able to authenticate normally, so the convenience of this system is not high. The technique described in Non-Patent Document 1 has a problem in cost because it is necessary to equip each device with a non-contact IC reader.
 特許文献2~3および非特許文献2~4に記載の技術では、ユーザが装置2つを合わせて振るなどのような操作が必要となる。たとえば大きい、重い、衝撃に弱いなどのような物理的な理由でそのような操作ができない機器も多く存在するので、それらの機器に対しては適用できない。 In the techniques described in Patent Documents 2 to 3 and Non-Patent Documents 2 to 4, the user needs to perform operations such as shaking the two devices together. For example, there are many devices that cannot be operated due to physical reasons such as being large, heavy, and vulnerable to impact, and thus cannot be applied to such devices.
 この問題を解決しうる技術は、残る特許文献4~5にも記載されていない。特許文献4に記載の技術は、端末と携帯端末が各々同一ユーザの物であることを認証するためのものであり、アドホックな接続関係を構築するものではないので、そもそもの発明の目的が異なる。特許文献5に記載の技術は、認証鍵を配送するための通信経路を構築する技術であり、認証鍵生成の技術ではない。 The technology that can solve this problem is not described in the remaining patent documents 4 to 5. The technique described in Patent Document 4 is for authenticating that the terminal and the portable terminal are the same user, and does not construct an ad hoc connection relationship, so the object of the invention is different in the first place. . The technique described in Patent Document 5 is a technique for constructing a communication path for distributing an authentication key, and is not a technique for generating an authentication key.
 本発明の目的は、ユーザにとって煩雑な操作を必要とせず、コストを大幅に増大させず、かつ十分な安全性をもって情報機器間でアドホックな接続関係を構築することを可能とする相互認証システム、相互認証サーバ、相互認証方法および相互認証プログラムを提供することにある。 An object of the present invention is to provide a mutual authentication system that does not require a complicated operation for a user, does not significantly increase costs, and can establish an ad hoc connection relationship between information devices with sufficient security, To provide a mutual authentication server, a mutual authentication method, and a mutual authentication program.
 上記目的を達成するため、本発明に係る相互認証システムは、複数台の端末装置と、これらの端末装置に対して認証鍵を生成して与える相互認証サーバとが相互に接続されて構成される相互認証システムであって、各端末装置が、周辺の環境音を音の大きさの時間変化を表す時系列データとして相互認証サーバに対して送信する音声データ送信手段を備え、相互認証サーバが、各端末装置から受信した時系列データの各々に対して周波数成分を解析して特徴ベクトルを生成する特徴ベクトル生成手段と、生成された特徴ベクトルを各端末装置間で比較してこれらが一致するか否かを判定する特徴ベクトル比較手段と、特徴ベクトルが一致する場合に各端末装置に対して認証鍵を生成して送信する鍵共有手段とを有することを特徴とする。 In order to achieve the above object, a mutual authentication system according to the present invention is configured by connecting a plurality of terminal devices and a mutual authentication server that generates and gives an authentication key to these terminal devices. In the mutual authentication system, each terminal device includes voice data transmitting means for transmitting surrounding environmental sound to the mutual authentication server as time-series data representing a temporal change in sound volume. A feature vector generation unit that analyzes a frequency component for each time-series data received from each terminal device and generates a feature vector, and compares the generated feature vectors between the terminal devices to determine whether they match. A feature vector comparing means for determining whether or not, and a key sharing means for generating and transmitting an authentication key to each terminal device when the feature vectors match.
 上記目的を達成するため、本発明に係る相互認証サーバは、複数台の端末装置と相互に接続されて相互認証システムを構成する相互認証サーバであって、各端末装置から受信した音の大きさの時間変化を表す時系列データの各々に対して周波数成分を解析して特徴ベクトルを生成する特徴ベクトル生成手段と、生成された特徴ベクトルを各端末装置間で比較してこれらが一致するか否かを判定する特徴ベクトル比較手段と、特徴ベクトルが一致する場合に各端末装置に対して認証鍵を生成して送信する鍵共有手段とを有することを特徴とする。 In order to achieve the above object, a mutual authentication server according to the present invention is a mutual authentication server that is mutually connected to a plurality of terminal devices and constitutes a mutual authentication system, and the volume of sound received from each terminal device. The feature vector generation means for generating a feature vector by analyzing the frequency component for each of the time-series data representing the time variation of the time, and comparing the generated feature vector between the terminal devices, whether or not they match A feature vector comparing means for determining whether or not and a key sharing means for generating and transmitting an authentication key to each terminal device when the feature vectors match.
 上記目的を達成するため、本発明に係る相互認証方法は、複数台の端末装置と、これらの端末装置に対して認証鍵を生成して与える相互認証サーバとが相互に接続されて構成される相互認証システムにあって、各端末装置の音声データ送信手段が、周辺の環境音を音の大きさの時間変化を表す時系列データとして相互認証サーバに対して送信し、相互認証サーバの特徴ベクトル生成手段が、各端末装置から受信した時系列データの各々に対して周波数成分を解析して特徴ベクトルを生成し、相互認証サーバの特徴ベクトル比較手段が、生成された特徴ベクトルを各端末装置間で比較してこれらが一致するか否かを判定し、相互認証サーバの鍵共有手段が、特徴ベクトルが一致する場合に各端末装置に対して認証鍵を生成して送信することを特徴とする。 In order to achieve the above object, a mutual authentication method according to the present invention is configured by connecting a plurality of terminal devices and a mutual authentication server that generates and gives an authentication key to these terminal devices. In the mutual authentication system, the voice data transmitting means of each terminal device transmits surrounding environmental sounds to the mutual authentication server as time-series data representing the time change of the volume of the sound, and the feature vector of the mutual authentication server The generation means analyzes the frequency component for each of the time-series data received from each terminal device to generate a feature vector, and the feature vector comparison means of the mutual authentication server transfers the generated feature vector between the terminal devices. The key sharing means of the mutual authentication server generates and transmits an authentication key to each terminal device when the feature vectors match. And butterflies.
 上記目的を達成するため、本発明に係る相互認証プログラムは、複数台の端末装置と、これらの端末装置に対して認証鍵を生成して与える相互認証サーバとが相互に接続されて構成される相互認証システムにあって、相互認証サーバが備えるコンピュータに、各端末装置から受信した音の大きさの時間変化を表す時系列データの各々に対して周波数成分を解析して特徴ベクトルを生成する手順、生成された特徴ベクトルを各端末装置間で比較してこれらが一致するか否かを判定する手順、および特徴ベクトルが一致する場合に各端末装置に対して認証鍵を生成して送信する手順を実行させることを特徴とする。 In order to achieve the above object, a mutual authentication program according to the present invention is configured by connecting a plurality of terminal devices and a mutual authentication server that generates and gives an authentication key to these terminal devices. A procedure for generating a feature vector by analyzing a frequency component for each of time-series data representing a temporal change in sound volume received from each terminal device in a computer provided in the mutual authentication server in the mutual authentication system A procedure for comparing the generated feature vectors between the terminal devices to determine whether they match, and a procedure for generating and transmitting an authentication key to each terminal device if the feature vectors match Is executed.
 本発明は、上記したように、端末装置周辺の環境音の特徴ベクトルが一致する場合に相互認証サーバが認証鍵を生成するように構成したので、多くの機器が予め備えている音声入力手段をそのまま利用して相互認証を行うことができる。これによって、ユーザにとって煩雑な操作を必要とせず、コストを大幅に増大させず、かつ十分な安全性をもって情報機器間でアドホックな接続関係を構築することが可能であるという、優れた特徴を持つ相互認証システム、相互認証サーバ、相互認証方法および相互認証プログラムを提供することができる。 Since the present invention is configured such that the mutual authentication server generates the authentication key when the feature vectors of the environmental sounds around the terminal device match as described above, the voice input means provided in many devices in advance is provided. Mutual authentication can be performed by using it as it is. As a result, there is an excellent feature that it is possible to construct an ad hoc connection relationship between information devices with sufficient safety without requiring a complicated operation for the user and without significantly increasing the cost. A mutual authentication system, a mutual authentication server, a mutual authentication method, and a mutual authentication program can be provided.
本発明の第1の実施形態に係る相互認証システムの構成について示す説明図である。It is explanatory drawing shown about the structure of the mutual authentication system which concerns on the 1st Embodiment of this invention. 図1に示したデータ同期手段~鍵共有手段の各手段の構成をさらに詳しく示す説明図である。FIG. 2 is an explanatory diagram showing the configuration of each of the data synchronization means to key sharing means shown in FIG. 1 in more detail. 図1に示した音声データ送信手段が環境音の代表値を得る動作の一例について示す説明図である。It is explanatory drawing shown about an example of the operation | movement in which the audio | voice data transmission means shown in FIG. 1 obtains the representative value of environmental sound. 図1に示したデータ同期手段が時系列データの時間軸方向のズレを調整する動作の一例について示す説明図である。It is explanatory drawing shown about an example of the operation | movement in which the data synchronization means shown in FIG. 1 adjusts the shift | offset | difference of the time-axis direction of time series data. 図2に示した特徴ベクトル生成手段のフーリエ変換機能が行う処理について示す説明図である。It is explanatory drawing shown about the process which the Fourier-transform function of the feature vector production | generation means shown in FIG. 2 performs. 図2に示した特徴ベクトル生成手段のカットオフ機能が行う処理について示す説明図である。It is explanatory drawing shown about the process which the cutoff function of the feature vector production | generation means shown in FIG. 2 performs. 図2に示した特徴ベクトル生成手段の量子化機能が行う処理について示す説明図である。It is explanatory drawing shown about the process which the quantization function of the feature vector production | generation means shown in FIG. 2 performs. 図2に示した特徴ベクトル生成手段の量子化機能が図7に示した処理を行うに当たって、用意している複数通りの量子化パターンの例について示す説明図である。FIG. 8 is an explanatory diagram illustrating examples of a plurality of types of quantization patterns prepared when the quantization function of the feature vector generation unit illustrated in FIG. 2 performs the processing illustrated in FIG. 7. 図1に示した特徴ベクトル比較手段が行う処理について示す説明図である。It is explanatory drawing shown about the process which the feature vector comparison means shown in FIG. 1 performs. 図1に示した鍵共有手段105が行う処理について示す説明図である。It is explanatory drawing shown about the process which the key sharing means 105 shown in FIG. 1 performs. 実験的に作成された相互認証システムの例を示す説明図である。It is explanatory drawing which shows the example of the mutual authentication system produced experimentally. 図11に示した相互認証システムで、各端末装置の間で算出された情報量の総和の測定時間に対する変化を示すグラフである。It is a graph which shows the change with respect to the measurement time of the sum total of the information content calculated between each terminal device in the mutual authentication system shown in FIG. 図1に示した相互認証サーバと端末装置との間で行われる相互認証の動作について示すフローチャートである。It is a flowchart shown about operation | movement of the mutual authentication performed between the mutual authentication server shown in FIG. 1, and a terminal device. 本発明の第2の実施形態に係る相互認証システムの構成について示す説明図である。It is explanatory drawing shown about the structure of the mutual authentication system which concerns on the 2nd Embodiment of this invention. 図14に示した相互認証サーバおよび端末装置の間で行われる相互認証の動作について示すフローチャートである。It is a flowchart shown about the operation | movement of the mutual authentication performed between the mutual authentication server shown in FIG. 14, and a terminal device.
(第1の実施形態)
 以下、本発明の実施形態の構成について添付図1~2に基づいて説明する。
 最初に、本実施形態の基本的な内容について説明し、その後でより具体的な内容について説明する。
 本実施形態に係る相互認証システム1は、複数台の端末装置20と、これらの端末装置に対して認証鍵を生成して与える相互認証サーバ10とが相互に接続されて構成される相互認証システムである。各端末装置20は、周辺の環境音を音の大きさの時間変化を表す時系列データとして相互認証サーバに対して送信する音声データ送信手段203を備える。相互認証サーバ10は、各端末装置から受信した時系列データの各々に対して周波数成分を解析して特徴ベクトルを生成する特徴ベクトル生成手段103と、生成された特徴ベクトルを各端末装置間で比較してこれらが一致するか否かを判定する特徴ベクトル比較手段104と、特徴ベクトルが一致する場合に各端末装置に対して認証鍵を生成して送信する鍵共有手段105とを有する。 (First embodiment)
Hereinafter, the configuration of the embodiment of the present invention will be described with reference to the accompanying FIGS.
First, the basic content of the present embodiment will be described, and then more specific content will be described.
A mutual authentication system 1 according to the present embodiment includes a mutual authentication system configured by connecting a plurality of terminal devices 20 and a mutual authentication server 10 that generates and gives an authentication key to these terminal devices. It is. Each terminal device 20 includes a voice data transmission unit 203 that transmits surrounding environmental sounds to the mutual authentication server as time-series data representing temporal changes in sound volume. The mutual authentication server 10 compares the generated feature vector between the terminal devices and the feature vector generating unit 103 that generates a feature vector by analyzing the frequency component of each time-series data received from each terminal device. The feature vector comparison unit 104 that determines whether or not they match, and the key sharing unit 105 that generates and transmits an authentication key to each terminal device when the feature vectors match.
 また、各端末装置20は、周辺の環境音を音声データとして収集するセンシング手段202を備え、音声データ送信手段203が、収集された音声データから複数の代表値を抽出すると共にこれを時系列データとして送信する。さらに、端末装置20と相互認証サーバ10が各々、事前に相互間で時刻を合わせる時刻同期手段201、101を有する。 Each terminal device 20 includes a sensing unit 202 that collects ambient environmental sounds as audio data, and the audio data transmission unit 203 extracts a plurality of representative values from the collected audio data and converts them into time-series data. Send as. Furthermore, each of the terminal device 20 and the mutual authentication server 10 includes time synchronization means 201 and 101 that synchronize time with each other in advance.
 相互認証サーバ10は、各端末装置から受信した各々の時系列データから予め与えられた個数の極値を検出し、この極値が検出されたタイミングに基づいて時系列データ相互間の時間軸方向のズレを修正して特徴ベクトル生成手段103に出力するデータ同期手段102を有する。 The mutual authentication server 10 detects a predetermined number of extreme values from each time series data received from each terminal device, and based on the timing at which these extreme values are detected, the time axis direction between the time series data The data synchronization unit 102 corrects the deviation and outputs it to the feature vector generation unit 103.
 相互認証サーバ10の特徴ベクトル生成手段103は、時系列データを一定時間間隔の時間窓に分割して各々の時間窓に対してFFT(高速フーリエ変換)を行ってパワースペクトルを出力するフーリエ変換機能103aと、出力されたパワースペクトルの周波数ごとのパワーレベルを予め複数段階に設定された閾値と照合することにより周波数ごとの特徴ベクトルを出力する量子化機能103cと、さらにフーリエ変換機能103aによって得られたパワースペクトルから予め定められたカットオフ周波数以上の周波数成分を除去してこれを量子化機能103cに移行するカットオフ機能103bを有する。 The feature vector generation means 103 of the mutual authentication server 10 divides the time-series data into time windows with a constant time interval, performs FFT (Fast Fourier Transform) on each time window, and outputs a power spectrum. 103a, a quantization function 103c that outputs a feature vector for each frequency by collating the power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages, and a Fourier transform function 103a. A cut-off function 103b that removes a frequency component equal to or higher than a predetermined cut-off frequency from the power spectrum and shifts it to the quantization function 103c.
 相互認証サーバ10の量子化機能103cは、予め設定されたレベルに対する複数の閾値を一つのグループとして、当該グループを複数設け、各グループごとに特徴ベクトルを出力する。そして特徴ベクトル比較手段104は、同一の時間窓において生成された複数の特徴ベクトルを各端末装置間で比較し、当該端末装置間で特徴ベクトルが1つでも一致するものがある場合に、当該各端末装置の特徴ベクトルが一致すると判定する。 The quantization function 103c of the mutual authentication server 10 provides a plurality of groups with a plurality of thresholds with respect to a preset level as one group, and outputs a feature vector for each group. The feature vector comparison unit 104 compares a plurality of feature vectors generated in the same time window between the terminal devices, and if there is even one feature vector that matches between the terminal devices, It is determined that the feature vectors of the terminal device match.
 そして相互認証サーバ10の鍵共有手段105は、時系列データの対象時間範囲において一致した特徴ベクトルの単位時間当たりの情報量の合計値を算出し、この算出された情報量の合計値が予め与えられた一定値以上である場合にのみ、一致した特徴ベクトルを連接すると共にこの一致した特徴ベクトルを連接したもののハッシュ値を認証鍵として生成する。 Then, the key sharing means 105 of the mutual authentication server 10 calculates the total value of the information amount per unit time of the feature vectors that coincide in the target time range of the time series data, and the calculated total value of the information amount is given in advance. Only when the value is equal to or greater than the predetermined value, the matched feature vectors are concatenated and a hash value of the concatenated matched feature vectors is generated as an authentication key.
 以上の構成を備えることにより、相互認証システム1は、煩雑な操作を必要とせず、コストを大幅に増大させず、かつ十分な安全性をもって端末装置20間でアドホックな接続関係を構築することが可能となる。
 以下、これをより詳細に説明する。 By providing the above configuration, the mutual authentication system 1 can construct an ad hoc connection relationship between the terminal devices 20 without requiring a complicated operation, without significantly increasing costs, and with sufficient safety. It becomes possible.
Hereinafter, this will be described in more detail.
 図1は、本発明の第1の実施形態に係る相互認証システム1の構成について示す説明図である。相互認証システム1は、相互認証を行う対象となる2台の端末装置20aと20b(以後総称して端末装置20という)、およびこれら端末装置20に対して認証鍵を生成して与える相互認証サーバ10とがネットワーク30を介して相互に接続されて構成される。ここで、ネットワーク30は有線接続であっても無線接続であってもよく、その接続形態やプロトコルなどは特に問わない。 FIG. 1 is an explanatory diagram showing the configuration of the mutual authentication system 1 according to the first embodiment of the present invention. The mutual authentication system 1 includes two terminal devices 20a and 20b (hereinafter collectively referred to as terminal devices 20) to be subjected to mutual authentication, and a mutual authentication server that generates and gives an authentication key to these terminal devices 20. 10 are connected to each other via a network 30. Here, the network 30 may be a wired connection or a wireless connection, and the connection form and protocol are not particularly limited.
 相互認証サーバ10は、コンピュータ装置としての基本的な構成を備えている。即ち、コンピュータプログラムの動作主体であるプロセッサ11と、プログラムおよびデータを記憶する記憶手段12と、各端末装置20とのデータ通信を行う通信手段13とを備える。 The mutual authentication server 10 has a basic configuration as a computer device. In other words, the computer 11 includes a processor 11 that is an operation subject of the computer program, a storage unit 12 that stores the program and data, and a communication unit 13 that performs data communication with each terminal device 20.
 相互認証サーバ10のプロセッサ11は、相互認証プログラムが動作することにより、端末装置20との間で時刻を合わせる時刻同期手段101、各端末装置20から受信した時系列データの時間軸方向のズレを吸収するデータ同期手段102、その時系列データから特徴ベクトルを生成する特徴ベクトル生成手段103、生成された特徴ベクトルを比較して一致するか否かを判定する特徴ベクトル比較手段104、および特徴ベクトルが一致した場合に各端末装置20に対して認証鍵を生成して送信する鍵共有手段105の各々として機能する。また記憶手段12には生成された認証鍵111が記憶される。 The processor 11 of the mutual authentication server 10 operates the time synchronization means 101 for matching the time with the terminal device 20 by the operation of the mutual authentication program, and the time axis direction deviation of the time series data received from each terminal device 20. Data synchronization unit 102 to absorb, feature vector generation unit 103 that generates a feature vector from the time-series data, feature vector comparison unit 104 that compares the generated feature vectors to determine whether they match, and the feature vectors match In this case, each of the key sharing means 105 functions to generate and transmit an authentication key to each terminal device 20. The generated authentication key 111 is stored in the storage unit 12.
 図2は、図1に示したデータ同期手段102~鍵共有手段105の各手段の構成をさらに詳しく示す説明図である。特徴ベクトル生成手段103は、さらに3つの機能部、即ちフーリエ変換機能103a、カットオフ機能103b、および量子化機能103cに分かれる。 FIG. 2 is an explanatory diagram showing the configuration of each of the data synchronization means 102 to key sharing means 105 shown in FIG. 1 in more detail. The feature vector generation unit 103 is further divided into three functional units, that is, a Fourier transform function 103a, a cutoff function 103b, and a quantization function 103c.
 フーリエ変換機能103aは、入力された時系列データに対してFFT(高速フーリエ変換)を行い、パワースペクトルを出力する。カットオフ機能103bは、入力されたパワースペクトルの、予め与えられたカットオフ周波数以上の周波数成分をカットする。量子化機能103cは、出力されたこのパワースペクトルを、予め与えられた複数の閾値と照合することによって、周波数ごとのパワースペクトルの量子化値を要素とする特徴ベクトルを出力する。 The Fourier transform function 103a performs FFT (Fast Fourier Transform) on the input time series data and outputs a power spectrum. The cut-off function 103b cuts frequency components of the input power spectrum that are equal to or higher than a predetermined cut-off frequency. The quantization function 103c collates the output power spectrum with a plurality of threshold values given in advance, and outputs a feature vector having the quantized value of the power spectrum for each frequency as an element.
 図1に戻って、端末装置20(20aおよび20b)はいずれも同一の構成を備え、またいずれもコンピュータ装置としての基本的な構成を備えている。即ち、コンピュータプログラムの動作主体であるプロセッサ21と、プログラムおよびデータを記憶する記憶手段22と、相互認証サーバ10や他の端末装置20とのデータ通信を行う通信手段23と、マイクロフォンなどによって音声データを取得して入力する音声入力手段24とを備える。 Referring back to FIG. 1, the terminal devices 20 (20a and 20b) both have the same configuration, and all have a basic configuration as a computer device. That is, the voice data is transmitted by the processor 21 that is the main operating body of the computer program, the storage unit 22 that stores the program and data, the communication unit 23 that performs data communication with the mutual authentication server 10 and other terminal devices 20, and a microphone. Voice input means 24 for acquiring and inputting
 端末装置20のプロセッサ21は、相互認証プログラムが動作することにより、相互認証サーバ10との間で時刻を合わせる時刻同期手段201、音声入力手段24を介して取得した環境音を音圧の時系列変化のデータ(音声データ)として収集するセンシング手段202、取得した音声データのデータ量を圧縮した上で相互認証サーバ10に送信する音声データ送信手段203、および相互認証サーバ10から認証鍵を受信して相互認証を行う相互認証手段204の各々として機能する。また記憶手段22には、相互認証サーバ10から受信した認証鍵211が記憶される。 The processor 21 of the terminal device 20 operates the time series of sound pressure by using the time synchronization unit 201 that synchronizes the time with the mutual authentication server 10 and the sound input unit 24 by operating the mutual authentication program. Sensing means 202 that collects change data (voice data), voice data sending means 203 that compresses the amount of acquired voice data and sends it to the mutual authentication server 10, and receives an authentication key from the mutual authentication server 10 Function as mutual authentication means 204 for performing mutual authentication. The storage unit 22 stores the authentication key 211 received from the mutual authentication server 10.
(時刻同期手段)
 次に、相互認証サーバ10および端末装置20の各手段の動作について説明する。相互認証サーバ10と端末装置20で、各々の時刻同期手段101および201は、相互間で時刻を合わせる時刻同期処理を実施する。この時刻同期処理は、相互認証サーバ10および端末装置20の各々の電源投入時に行うようにしてもよく、また特定の周期で定期的に行うようにしてもよい。時刻同期には、NTP(Network Time Protocol)プロトコルを利用することができる。 (Time synchronization means)
Next, the operation of each means of the mutual authentication server 10 and the terminal device 20 will be described. In the mutual authentication server 10 and the terminal device 20, each time synchronization means 101 and 201 performs time synchronization processing for adjusting time between each other. This time synchronization process may be performed when the mutual authentication server 10 and the terminal device 20 are turned on, or may be performed periodically at a specific cycle. An NTP (Network Time Protocol) protocol can be used for time synchronization.
(センシング手段)
 端末装置20のセンシング手段202は、上記の時刻同期処理が行われていることが前提で、あらかじめ相互認証サーバ10と各端末装置20の相互間で共通の値として設定されている基準時刻t0と時間間隔wとに基づいて、現時刻(基準時間からの経過時間)t(ただしt0+(α-1)w<t<t0+αw、αは自然数)としたとき、t=(t0+αw)時点から時間w分の環境音を音声入力手段24を介して取得し、これを相互認証サーバ10と各端末装置20の相互間で共通の値として設定されているサンプリングレートf(単位Hz)でサンプリングして、音圧データとして取得する。 (Sensing means)
The sensing means 202 of the terminal device 20 is based on the assumption that the time synchronization process is performed, and a reference time t0 that is set in advance as a common value between the mutual authentication server 10 and each terminal device 20. Based on the time interval w, when the current time (elapsed time from the reference time) t (where t0 + (α−1) w <t <t0 + αw, α is a natural number), the time w from the time point t = (t0 + αw) Minute environmental sound is obtained via the voice input means 24, and this is sampled at a sampling rate f (unit: Hz) set as a common value between the mutual authentication server 10 and each terminal device 20, Acquired as sound pressure data.
 ここで、t0、w、およびfの値は、時刻同期処理の際に共通の値として設定するようにしてもよい。たとえば、t0=0、w=3、t=10、f=8000(8kHz)といった値が設定されている場合、時刻12~15秒の間、環境音を8000個/秒の音圧値からなる時系列の音声データとして収集するということを意味する。 Here, the values of t0, w, and f may be set as common values in the time synchronization process. For example, when values such as t0 = 0, w = 3, t = 10, and f = 8000 (8 kHz) are set, the environmental sound is composed of sound pressure values of 8000 sounds / second for 12 to 15 seconds. It means that it is collected as time-series audio data.
(音声データ送信手段)
 図3は、図1に示した音声データ送信手段203が環境音の代表値を得る動作の一例について示す説明図である。音声データ送信手段203は、センシング手段202によって収集されたf個/秒の環境音の音圧データ251に対して、これをfc(f>fc)個/秒のデータとしてデータ量を削減する。 (Voice data transmission means)
FIG. 3 is an explanatory diagram illustrating an example of an operation in which the audio data transmission unit 203 illustrated in FIG. 1 obtains a representative value of the environmental sound. The voice data transmission unit 203 reduces the data amount of the sound pressure data 251 of the f / second environmental sound collected by the sensing unit 202 as data of fc (f> fc) / second.
 より具体的には、fをfcで除算して得る商の個数毎にデータを分割し、分割毎に求める最大値をその区間の代表値とし、計fc個の時系列データ252を生成する。そして、相互認証サーバ10に対して、その時系列データ252を、センシング手段202でのセンシング時間を示すラベル252bと共に、相互認証サーバ10に送信する。ここでいうラベル252bとは、たとえば「t0+αw~t0+(α+1)w」などのように、音声データを取得した時間範囲を示すものである。また、最大値のかわりに当該時間範囲の平均値を代表値とすることもできる。以後、この「音声データを取得した時間範囲」を、対象時間範囲という。 More specifically, the data is divided for each number of quotients obtained by dividing f by fc, and the maximum value obtained for each division is set as the representative value of the section to generate a total of fc time-series data 252. Then, the time-series data 252 is transmitted to the mutual authentication server 10 together with the label 252b indicating the sensing time in the sensing means 202. Here, the label 252b indicates a time range in which audio data is acquired, such as “t0 + αw to t0 + (α + 1) w”. Further, instead of the maximum value, an average value in the time range can be used as a representative value. Hereinafter, this “time range in which the audio data is acquired” is referred to as a target time range.
 この例では、f=8000、fc=100として、音声データ送信手段203は音圧値の80個毎の平均値を求め、100個/単位時間の時系列データ252を得る。そして、得られたこの時系列データを、相互認証サーバ10に送信する。w=3である場合、3秒毎に300個の時系列データが得られることとなる。この処理によって、音声データに含まれる高周波成分を取り除いた時系列データとすることができる。 In this example, assuming that f = 8000 and fc = 100, the voice data transmission unit 203 obtains an average value of every 80 sound pressure values, and obtains time series data 252 of 100 / unit time. Then, the obtained time series data is transmitted to the mutual authentication server 10. When w = 3, 300 time-series data are obtained every 3 seconds. By this processing, it is possible to obtain time-series data from which high-frequency components included in the audio data are removed.
(データ同期手段)
 相互認証サーバ10では、データ同期手段102が2台の端末装置20aと20bからの時系列データ252の到着を待ち、センシング時間を示すラベルが等しい時系列データについて、時間軸方向のズレを修正する。このデータ同期手段102は、端末装置間での時系列データの時刻のズレを吸収するものであるが、端末時刻を正確に同期できる場合にはそもそもそのような時刻のズレは生じないと考えてもよいので、この手段を設けないようにしてもよい。 (Data synchronization means)
In the mutual authentication server 10, the data synchronization means 102 waits for the arrival of the time series data 252 from the two terminal devices 20a and 20b, and corrects the deviation in the time axis direction for the time series data having the same label indicating the sensing time. . This data synchronization means 102 absorbs the time lag of the time series data between the terminal devices. However, when the terminal time can be accurately synchronized, it is considered that such time lag does not occur at all. Therefore, this means may not be provided.
 図4は、図1に示したデータ同期手段102が時系列データの時間軸方向のズレを調整する動作の一例について示す説明図である。データ同期手段102は、端末装置20から受信された時系列データから、音圧の変動グラフの傾きが正から負になる点、即ち上に凸である点を極値として求める。 FIG. 4 is an explanatory diagram showing an example of an operation in which the data synchronization means 102 shown in FIG. 1 adjusts the time axis direction deviation of the time series data. The data synchronization means 102 obtains, from the time series data received from the terminal device 20, a point where the slope of the sound pressure fluctuation graph changes from positive to negative, that is, a point that is convex upward as an extreme value.
 データ同期手段102はその際、各端末装置20から受信した波形を重ね合わせた際に時間軸における距離が事前に定めた閾値以内となる極値のうち、とりうる値の差分がもっとも小さくなる極値を同一のタイミングで計測した極値と判断する。そして、同一タイミングの極値と判断した極値の中から、その値の上位から予め決められた個数(この個数を変数p_numとする)分に関して時間軸方向の距離の平均値を算出し、算出した平均値分だけ一方のデータを時間軸方向にずらすように動作する。 At this time, the data synchronization means 102 has the smallest difference between possible values among the extreme values whose distance on the time axis is within a predetermined threshold when the waveforms received from the respective terminal devices 20 are superimposed. The value is determined as an extreme value measured at the same timing. Then, from the extreme values determined to be extreme values at the same timing, an average value of distances in the time axis direction is calculated for a predetermined number (this number is a variable p_num) from the top of the value, and the calculation is performed. It operates to shift one data in the time axis direction by the average value.
 図4では、端末装置20aおよび20bから受信した時系列データの波形を各々261および262として表示している。これらの波形261および262に対して、p_num=4、即ち対象時間範囲内の波形の中で上位4個の極値271~274について時間軸方向の距離の平均値を算出する。そしてこの平均値に基づいて、一方の波形を時間軸方向にその平均値分ずらす。 In FIG. 4, the waveforms of the time series data received from the terminal devices 20a and 20b are displayed as 261 and 262, respectively. For these waveforms 261 and 262, p_num = 4, that is, an average value of distances in the time axis direction is calculated for the top four extreme values 271 to 274 in the waveform within the target time range. Based on this average value, one waveform is shifted in the time axis direction by the average value.
 このとき、時間軸を進められる側の端末装置の時系列データについては、当該時系列データの先頭に進められる時間の分だけゼロを埋める(いわゆるゼロパディング)ものとしてもよい。または、当該端末装置の対象時間範囲よりも前の時間帯のデータを取得可能な場合は、そこから進められる時間の分のデータを補充してもよい。あるいは、前述のように、端末時刻を正確に同期することが可能である場合にはデータ同期手段102によるこの処理を省略して、後に続く特徴ベクトル生成手段103に各端末装置20から得られた時系列データをそのまま渡すようにすることもできる。 At this time, the time series data of the terminal device on the time axis advanced side may be padded with zeros (so-called zero padding) for the time advanced to the head of the time series data. Or when the data of the time slot | zone before the target time range of the said terminal device are acquirable, you may supplement the data for the time advanced from there. Alternatively, as described above, when it is possible to accurately synchronize the terminal time, this processing by the data synchronization unit 102 is omitted, and the feature vector generation unit 103 that follows is obtained from each terminal device 20. It is also possible to pass time-series data as it is.
(特徴ベクトル生成手段・フーリエ変換機能)
 図5は、図2に示した特徴ベクトル生成手段103のフーリエ変換機能103aが行う処理について示す説明図である。フーリエ変換機能103aは、データ同期手段102によって時間軸方向のズレを調整された時系列データを、予め与えられた一定時間間隔の小区間に分割する。これをここでは時間窓301~303という。そして、フーリエ変換機能103aは各々の時間窓に対してFFT(Fast Fourier Transform、高速フーリエ変換)を行い、その周波数特性を示すパワースペクトルを出力する。図5には、時間窓301に対して出力されたパワースペクトル311を示している。 (Feature vector generation means / Fourier transform function)
FIG. 5 is an explanatory diagram showing processing performed by the Fourier transform function 103a of the feature vector generation unit 103 shown in FIG. The Fourier transform function 103a divides the time-series data whose time axis direction deviation is adjusted by the data synchronization means 102 into small intervals of a predetermined time interval. This is referred to herein as time windows 301-303. The Fourier transform function 103a performs FFT (Fast Fourier Transform) on each time window, and outputs a power spectrum indicating the frequency characteristics. FIG. 5 shows a power spectrum 311 output with respect to the time window 301.
 各端末装置20から受信する時系列データは、前述のように100個/単位時間の音圧値を含む。図5に示した例では、連続した64個の音圧値を1つの時間窓301としている。かつ、そのうちの50%(32個)を次の時間窓302と重ねられた形としている。これに続く時間窓303も、前の時間窓302と50%(32個)が重複した形となっている。この連続する時間窓が重ねられる割合は任意に設定することができる。このようにすることによって、同じ対象時間範囲の時系列データからより多くの時間窓を比較対象データとして切り出すことができる。 The time-series data received from each terminal device 20 includes sound pressure values of 100 / unit time as described above. In the example shown in FIG. 5, 64 continuous sound pressure values are used as one time window 301. In addition, 50% (32 pieces) of them are overlapped with the next time window 302. The subsequent time window 303 is also overlapped with the previous time window 302 by 50% (32). The rate at which the continuous time windows are overlapped can be arbitrarily set. By doing in this way, more time windows can be cut out as comparison target data from time series data in the same target time range.
(特徴ベクトル生成手段・カットオフ機能)
 図6は、図2に示した特徴ベクトル生成手段103のカットオフ機能103bが行う処理について示す説明図である。カットオフ機能103bは、出力されたパワースペクトル311から、予め与えられたカットオフ周波数fm以上の周波数成分をカットする。図6に示した例ではfm=10Hzとしているが、このカットオフ周波数は任意に設定できる。あるいは、カットオフ機能103bを、フーリエ変換機能103aの前段に置かれたいわゆるLPF(ローパスフィルタ)によってアナログ的に実現してもよい。 (Feature vector generation means / cut-off function)
FIG. 6 is an explanatory diagram showing processing performed by the cut-off function 103b of the feature vector generation unit 103 shown in FIG. The cut-off function 103b cuts a frequency component having a frequency equal to or higher than a predetermined cut-off frequency fm from the output power spectrum 311. In the example shown in FIG. 6, fm = 10 Hz, but this cutoff frequency can be set arbitrarily. Alternatively, the cut-off function 103b may be realized in an analog manner by a so-called LPF (low-pass filter) placed before the Fourier transform function 103a.
 ただし、fmは音声データ送信手段203が時系列データ作成に使用したfcの半分以下の値でなければならない。本明細書で示した例ではfc=100Hzであるので、fm=10Hzは十分その条件を満たす。 However, fm must be a value less than or equal to half of the fc used by the voice data transmission means 203 to create time series data. In the example shown in this specification, since fc = 100 Hz, fm = 10 Hz sufficiently satisfies the condition.
(特徴ベクトル生成手段・量子化機能)
 図7は、図2に示した特徴ベクトル生成手段103の量子化機能103cが行う処理について示す説明図である。量子化機能103cは、フーリエ変換機能103aから出力されたパワースペクトル311に対して量子化パターンを適用して量子化処理を行う。ここでいう量子化パターンとは、カットオフ周波数fm以下で予め与えられた各成分周波数に対して、複数の閾値を設定したものである。量子化パターンは複数パターンが予め用意されているが、これについては後述することにし、図7では1つの量子化パターンによる処理を示している。 (Feature vector generation means / quantization function)
FIG. 7 is an explanatory diagram showing processing performed by the quantization function 103c of the feature vector generation unit 103 shown in FIG. The quantization function 103c performs a quantization process by applying a quantization pattern to the power spectrum 311 output from the Fourier transform function 103a. The quantization pattern here is a pattern in which a plurality of threshold values are set for each component frequency given in advance at a cutoff frequency fm or lower. A plurality of quantization patterns are prepared in advance, which will be described later, and FIG. 7 shows processing by one quantization pattern.
 図7に示した例では、1つの量子化パターンには、パワースペクトル311の各成分周波数に対して4つの閾値T1~T4が含まれており、各々の成分周波数におけるパワーを5段階に分類している。ここでは、成分周波数を0~10Hzの1Hz刻みに設定している。たとえば成分周波数「0Hz」の場合、この各成分周波数に対応するパワーとは「0Hz以上1Hz未満」の周波数範囲におけるパワーの最大値を意味する。1Hz以上の成分周波数に対しても同様である。なお、実運用においては、上記刻みは、FFTの入力とするデータの単位時間あたりのデータ点数fcと時間窓内のデータ点数Nから、fc/Nとして求められるものである。 In the example shown in FIG. 7, one quantization pattern includes four threshold values T1 to T4 for each component frequency of the power spectrum 311. The power at each component frequency is classified into five levels. ing. Here, the component frequency is set in increments of 1 Hz from 0 to 10 Hz. For example, when the component frequency is “0 Hz”, the power corresponding to each component frequency means the maximum value of power in the frequency range of “0 Hz or more and less than 1 Hz”. The same applies to component frequencies of 1 Hz or higher. In actual operation, the step is obtained as fc / N from the number of data points fc per unit time of the data input to the FFT and the number N of data points in the time window.
 各成分周波数に対応するパワーがT4以上であれば領域(5)、T3以上T4未満であれば領域(4)、T2以上T3未満であれば領域(3)、T1以上T2未満であれば領域(2)、T1未満であれば領域(1)に分類される。これらの閾値および成分周波数の、各々の個数と値は任意に設定することができる。なお、本明細書の本文中では、たとえば「5の丸数字」を「(5)」と表記するようにしている。 Region (5) if the power corresponding to each component frequency is T4 or more, region (4) if T3 or more and less than T4, region (3) if T2 or more and less than T3, region if T1 or more and less than T2. (2) If it is less than T1, it is classified into region (1). The number and value of each of these threshold values and component frequencies can be arbitrarily set. In the text of this specification, for example, “5 number” is written as “(5)”.
 以上、図7で示したパワースペクトル311に対して、特徴ベクトル生成手段103は特徴ベクトル321を出力する。ここでいう特徴ベクトルとは、各成分周波数1~10Hzに対して、当該周波数におけるパワーが対応する領域を並べたものである。 As described above, the feature vector generation unit 103 outputs the feature vector 321 with respect to the power spectrum 311 shown in FIG. The feature vector here is an array of regions corresponding to the power at each frequency for each component frequency of 1 to 10 Hz.
 図8は、図2に示した特徴ベクトル生成手段103の量子化機能103cが図7に示した処理を行うに当たって、用意している複数通りの量子化パターンの例について示す説明図である。図8に示した例では、4通りの量子化パターン331~334が用意されており、その各々が図7に示したものと同様に4つの閾値を含んでいる。 FIG. 8 is an explanatory diagram showing examples of a plurality of quantization patterns prepared when the quantization function 103c of the feature vector generation unit 103 shown in FIG. 2 performs the processing shown in FIG. In the example shown in FIG. 8, four kinds of quantization patterns 331 to 334 are prepared, and each of them includes four threshold values as in the case shown in FIG.
 この量子化パターンの数も任意に設定できるが、各量子化パターンの間で閾値の数は共通する。各量子化パターンに含まれる閾値は、時系列データから算出したパワースペクトルの最大値を基準にして、指数関数的に幅を広げたものである。そして、各量子化パターンの間では、この閾値は少しずつ異なる。 The number of quantization patterns can also be set arbitrarily, but the number of threshold values is common among the quantization patterns. The threshold value included in each quantization pattern is an exponentially widened value based on the maximum value of the power spectrum calculated from the time series data. The threshold value is slightly different between the quantization patterns.
 詳しくは後述するが、パワーが閾値付近にある場合、音響特性や音源からの位置などが僅かに異なるだけでも、得られたパワーの値が閾値より高いか低いかが変わる場合がある。その結果として、同じ環境音から得られた時間窓であっても、異なる特徴ベクトルが出力される場合がある。そのため、量子化機能103cでは閾値を少しずつずらした複数通りの量子化パターンを用意して、1つの時間窓から複数通りの特徴ベクトルを出力するようにしている。 As will be described in detail later, when the power is in the vicinity of the threshold, whether the obtained power value is higher or lower than the threshold may change even if the acoustic characteristics and the position from the sound source are slightly different. As a result, different feature vectors may be output even for time windows obtained from the same environmental sound. For this reason, the quantization function 103c prepares a plurality of quantization patterns with the threshold values shifted little by little, and outputs a plurality of feature vectors from one time window.
(特徴ベクトル比較手段)
 図9は、図1に示した特徴ベクトル比較手段104が行う処理について示す説明図である。特徴ベクトル比較手段104は、量子化機能103cが出力した複数通りの特徴ベクトルを、各端末装置20aおよび20bで出力された同一の時間窓について比較し、これらの各端末装置が収集した環境音が同一であるか否かを判定する。その際、量子化機能103cで用意された量子化パターンがc通りであるとすると、同一の時間窓で各端末装置20aおよび20bの各々からc個の特徴ベクトルが出力される。ここでいう「同一の時間窓」とは、各端末装置20aおよび20bで全く同じ時間範囲で観測および処理された時間窓という意味である。 (Feature vector comparison means)
FIG. 9 is an explanatory diagram showing processing performed by the feature vector comparison unit 104 shown in FIG. The feature vector comparison unit 104 compares the plurality of feature vectors output from the quantization function 103c with respect to the same time window output from each terminal device 20a and 20b, and the environmental sound collected by each terminal device is It is determined whether or not they are the same. At this time, assuming that there are c quantization patterns prepared by the quantization function 103c, c feature vectors are output from each of the terminal devices 20a and 20b in the same time window. Here, the “same time window” means a time window observed and processed in the same time range in each of the terminal devices 20a and 20b.
 特徴ベクトル比較手段104は、各端末装置20aおよび20bで同一の時間窓を対象としてc通りずつ出力された特徴ベクトルに対して、総当たりで比較を行い、1つでも一致したものがあれば端末装置20aおよび20b間で時系列データが一致していると判断する。 The feature vector comparison means 104 compares the feature vectors output c by way of the same time window in each of the terminal devices 20a and 20b, and performs a brute force comparison. It is determined that the time series data match between the devices 20a and 20b.
 図9で示した例では、同一の時間範囲において各端末装置20aおよび20bから各々特徴ベクトル341および342が出力されている。量子化パターン数は各々c=4であるので、出力された特徴ベクトル341および342は各々4通りずつである。この特徴ベクトル341および342は、いずれも0~3Hzの1Hz刻みの各成分周波数に対応するパワーが各々図7~8のどの領域に該当するかを表している。 In the example shown in FIG. 9, feature vectors 341 and 342 are output from the terminal devices 20a and 20b, respectively, in the same time range. Since the number of quantization patterns is c = 4, there are four output feature vectors 341 and 342, respectively. Each of the feature vectors 341 and 342 represents which region in FIGS. 7 to 8 corresponds to the power corresponding to each component frequency in increments of 1 Hz from 0 to 3 Hz.
 なお、図9および後述の図10では、説明を平易なものとするために、各特徴ベクトルを「0~3Hzの1Hz刻み」の各成分周波数に対応するパワーのみを表示している。「各成分周波数に対応するパワー」の定義は、図7と同様である。たとえば成分周波数「0Hz」の場合、この各成分周波数に対応するパワーとは「0Hz以上1Hz未満」の周波数範囲におけるパワーの最大値を意味する。1Hz以上の成分周波数に対しても同様である。 In FIG. 9 and FIG. 10 to be described later, in order to simplify the description, only the power corresponding to each component frequency of “0 to 3 Hz in 1 Hz increments” is displayed for each feature vector. The definition of “power corresponding to each component frequency” is the same as in FIG. For example, when the component frequency is “0 Hz”, the power corresponding to each component frequency means the maximum value of power in the frequency range of “0 Hz or more and less than 1 Hz”. The same applies to component frequencies of 1 Hz or higher.
 特徴ベクトル比較手段104は、このうちの「(5)(1)(2)(1)」が、特徴ベクトル331の上から3番目と特徴ベクトル332の上から1番目とで一致したことを発見したので、もうこれで端末装置20aおよび20b間で時系列データが一致したと判断する。 The feature vector comparison unit 104 finds that “(5) (1) (2) (1)” of the feature vector matches the third from the top of the feature vector 331 and the first from the top of the feature vector 332. Therefore, it is already determined that the time series data match between the terminal devices 20a and 20b.
(鍵共有手段)
 図10は、図1に示した鍵共有手段105が行う処理について示す説明図である。鍵共有手段105は、この比較結果を受けて、端末装置20aおよび20bに対して認証鍵111を生成して記憶手段12に記憶すると共に、この認証鍵を端末装置20aおよび20bに送信する。 (Key sharing means)
FIG. 10 is an explanatory diagram showing processing performed by the key sharing unit 105 shown in FIG. The key sharing unit 105 receives the comparison result, generates an authentication key 111 for the terminal devices 20a and 20b, stores the authentication key 111 in the storage unit 12, and transmits the authentication key to the terminal devices 20a and 20b.
 その際、鍵共有手段105は、一致した特徴ベクトルの生成確率から情報量を計算し、時間窓毎で一致した特徴ベクトルの情報量の総和を鍵長として、この鍵長が一定の閾値を超える場合にのみ、一致した時間窓を連接したもののハッシュ値を認証鍵111とする。ここでいう情報量(選択情報量、自己エントロピー)とは、情報理論でいう概念であり、ある事象の発生する確率をPとすると、以下の数1で計算される情報量I(ビット)である。
Figure JPOXMLDOC01-appb-M000001
 At this time, the key sharing means 105 calculates the information amount from the generation probability of the matched feature vector, and the key length exceeds a certain threshold with the sum of the information amount of the matched feature vectors for each time window as the key length. Only in this case, the hash value of the concatenated matching time windows is set as the authentication key 111. The amount of information here (selected information amount, self-entropy) is a concept in information theory. If the probability of occurrence of a certain event is P, the amount of information I (bits) calculated by the following equation 1 is used. is there.
Figure JPOXMLDOC01-appb-M000001
 鍵共有手段105は、比較対象となる時間範囲の中で、一致した特徴ベクトルの総数、および個々の特徴ベクトルの一致回数をカウントするが、このカウントは時間窓単位でリセットされるものではなく、対象時間範囲内の他の時間窓において一致した特徴ベクトルについても累積してカウントし、一致した特徴ベクトルの情報量(ビット)の総和を求める。 The key sharing means 105 counts the total number of matched feature vectors and the number of matching individual feature vectors in the time range to be compared, but this count is not reset in units of time windows. The feature vectors that match in other time windows within the target time range are also accumulated and counted, and the total amount of information (bits) of the matched feature vectors is obtained.
 図10に示した例では、端末装置20aおよび20bの間で一致した特徴ベクトル341の総数が10個あり、その中で「(5)(1)(4)(1)」が3個、「(5)(2)(4)(1)」が1個、「(5)(1)(4)(2)」が1個、「(5)(1)(3)(1)」が3個、「(5)(2)(4)(2)」が2個一致している。その各々の特徴ベクトルは、端末装置20aおよび20bから得られた時系列データの波形261および262から、特定の対象時間範囲において得られた時間窓301または302から得られ、特徴ベクトル比較手段で一致が観測されたものである。 In the example illustrated in FIG. 10, the total number of feature vectors 341 that coincide between the terminal devices 20a and 20b is ten, of which “(5) (1) (4) (1)” is three, (5) (2) (4) (1) ", one" (5) (1) (4) (2) "," (5) (1) (3) (1) " Three pieces, “(5) (2) (4) (2)”, coincide with two pieces. The respective feature vectors are obtained from the time windows 301 or 262 obtained from the time series data waveforms 261 and 262 obtained from the terminal devices 20a and 20b, and matched by the feature vector comparison means. Is observed.
 この場合、たとえば「(5)(1)(4)(1)」の場合は10個中3個が一致したので、確率P=3/10を上記の数1に適用すると、情報量I=1.737ビットと求められる。他の特徴ベクトルについても同様に情報量を算出して、その合計を鍵長として求めると12.44ビットと求められる。この例では閾値を10ビットに設定しているので、ここで算出された「12.44ビット」はこの閾値を超える。 In this case, for example, in the case of “(5) (1) (4) (1)”, three of the ten pieces matched, so when the probability P = 3/10 is applied to the above equation 1, the information amount I = 1.737 bits are required. Similarly, when the amount of information is calculated for other feature vectors and the total is obtained as the key length, 12.44 bits are obtained. In this example, since the threshold value is set to 10 bits, “12.44 bits” calculated here exceeds this threshold value.
 図11は、実験的に作成された相互認証システム401の例を示す説明図である。この相互認証システム401は、端末装置420a~cという3台の端末装置と、相互認証サーバ410とが無線ネットワークを介して接続されて構成される。端末装置420a~cは各々、図1~2に示した端末装置20と同一の構成を持つ。相互認証サーバ410は、図1~2に示した相互認証サーバ10と同一の構成を持つ。端末装置420aおよび420bは同一の室内421に、端末装置420cはその隣室422に、それぞれ設置されている。 FIG. 11 is an explanatory diagram showing an example of a mutual authentication system 401 created experimentally. This mutual authentication system 401 is configured by connecting three terminal devices 420a to 420c and a mutual authentication server 410 via a wireless network. Each of the terminal devices 420a to 420c has the same configuration as that of the terminal device 20 shown in FIGS. The mutual authentication server 410 has the same configuration as the mutual authentication server 10 shown in FIGS. The terminal devices 420a and 420b are installed in the same room 421, and the terminal device 420c is installed in the adjacent room 422.
 そして、端末装置420aおよび420bの間と、端末装置420aおよび420cの間とで、各々図10までで説明した手法によって、一致した特徴ベクトルの情報量の総和を算出した。図12は、図11に示した相互認証システム401で、端末装置420aおよび420bの間と、端末装置420aおよび420cの間とで算出された情報量の総和の測定時間に対する変化を示すグラフである。端末装置420aおよび420bの間で算出された情報量の総和をグラフ431、端末装置420aおよび420cの間で算出された情報量の総和をグラフ432として表している。 Then, the sum of the information amounts of the matched feature vectors was calculated between the terminal devices 420a and 420b and between the terminal devices 420a and 420c by the method described up to FIG. FIG. 12 is a graph showing changes with respect to the measurement time of the total amount of information calculated between the terminal devices 420a and 420b and between the terminal devices 420a and 420c in the mutual authentication system 401 shown in FIG. . The sum total of the information amount calculated between the terminal devices 420a and 420b is represented as a graph 431, and the sum total of the information amount calculated between the terminal devices 420a and 420c is represented as a graph 432.
 言い換えるなら、グラフ431は同一の環境音が観測されるべき状況、これに対してグラフ432は同一の環境音が観測されるべきでない状況で、各々の場合に算出された情報量の総和を表している。図12で一目瞭然となっているように、グラフ431および432は情報量の総和が明らかに異なるので、その中間の適切な値を閾値433として予め設定し、センシングを行った対象時間の長さに対応する閾値を得られた情報量の総和と比較して、環境音が同一であるか否かを検出することができる。 In other words, the graph 431 represents the total amount of information calculated in each case in the situation where the same environmental sound should be observed, whereas the graph 432 represents the situation where the same environmental sound should not be observed. ing. As clearly shown in FIG. 12, the graphs 431 and 432 clearly differ in the total amount of information. Therefore, an appropriate value in the middle is set in advance as the threshold value 433, and the length of the target time when sensing is performed. It is possible to detect whether or not the environmental sounds are the same by comparing the corresponding threshold value with the total amount of information obtained.
 そして、環境音が同一であると判定された場合に、鍵共有手段105が、一致した特徴ベクトル341を連接したもののハッシュ値を認証鍵111として生成して記憶手段12に記憶させ、端末装置20aおよび20bに送信する。ここでいうハッシュ値は、一致した特徴ベクトル341を連接したものを非可逆関数に入力して得られた出力値である。 When it is determined that the environmental sounds are the same, the key sharing unit 105 generates a hash value of the concatenated feature vectors 341 concatenated as the authentication key 111 and causes the storage unit 12 to store the hash value. And 20b. The hash value here is an output value obtained by inputting the concatenated feature vectors 341 into an irreversible function.
(相互認証手段)
 端末装置20aおよび20bでは、相互認証手段204がこの認証鍵211(111)を受信して記憶手段22に記憶すると共に、この認証鍵によって端末装置20aおよび20bが相互認証を行う。この認証鍵111(211)の送受信は、SSL(Secure Socket Layer)などのようなセキュアな通信方式によって行うことが望ましい。また、相互認証の動作は、チャレンジレスポンス認証などのような公知技術を利用することができる。 (Mutual authentication means)
In the terminal devices 20a and 20b, the mutual authentication unit 204 receives the authentication key 211 (111) and stores it in the storage unit 22, and the terminal devices 20a and 20b perform mutual authentication using the authentication key. The authentication key 111 (211) is preferably transmitted and received by a secure communication method such as SSL (Secure Socket Layer). The mutual authentication operation can use a known technique such as challenge-response authentication.
(フローチャート)
 図13は、図1に示した相互認証サーバ10と端末装置20との間で行われる相互認証の動作について示すフローチャートである。まず、相互認証サーバ10と端末装置20で、各々の時刻同期手段101および201は、相互間で時刻を合わせる時刻同期処理を実施する(ステップS101および201)。 (flowchart)
FIG. 13 is a flowchart showing the mutual authentication operation performed between the mutual authentication server 10 and the terminal device 20 shown in FIG. First, in the mutual authentication server 10 and the terminal device 20, the respective time synchronization means 101 and 201 perform time synchronization processing for adjusting the time between them (steps S101 and 201).
 次に、端末装置20の側で、センシング手段202が音声入力手段24を介して環境音を音声データとして取得する(ステップS202)。そして、端末装置20の音声データ送信手段203が、取得された音声データから高周波成分を取り除いてデータ量を削減した時系列データを作成して、これを相互認証サーバ10に送信する(ステップS203)。 Next, on the terminal device 20 side, the sensing means 202 acquires the environmental sound as voice data via the voice input means 24 (step S202). And the audio | voice data transmission means 203 of the terminal device 20 produces the time series data which removed the high frequency component from the acquired audio | voice data, and reduced the data amount, and transmits this to the mutual authentication server 10 (step S203). .
 相互認証サーバ10では、データ同期手段102が端末装置20aおよび20bから時系列データの受信を待ち受け、両方の端末装置から受信した時系列データの時間軸方向のズレを修正する(ステップS102)。そして、特徴ベクトル生成手段103がこの時系列データを時間範囲ごとに区切って時間窓とし、各々の時間窓に対して予め用意されたc通りの量子化パターンを適用してc個の特徴ベクトルを生成する(ステップS103)。 In the mutual authentication server 10, the data synchronization means 102 waits for reception of time-series data from the terminal devices 20a and 20b, and corrects the time-axis direction deviation of the time-series data received from both terminal devices (step S102). Then, the feature vector generation unit 103 divides this time series data into time windows to form time windows, and applies c quantization patterns prepared in advance to each time window to obtain c feature vectors. Generate (step S103).
 そして、特徴ベクトル比較手段104が、両方の端末装置について、同一の時間窓で生成された各c個ずつの特徴ベクトルを総当たりで比較し、1個でも特徴ベクトルが共通であれば一致したと判定する(ステップS104)。特徴ベクトルが一致しなければ、処理は異常終了となる。 Then, the feature vector comparison means 104 compares the c feature vectors generated in the same time window for both terminal devices in a brute force manner, and if even one feature vector is common, the feature vectors match. Determination is made (step S104). If the feature vectors do not match, the process ends abnormally.
 この比較結果を受けた鍵共有手段105は、一致した特徴ベクトルの生成確率から、各一致した特徴ベクトルの情報量を計算し、その総和が与えられた閾値を超える場合にのみ、一致した特徴ベクトルを連接したもののハッシュ値を認証鍵として、各端末に送信する(ステップS105~106)。その特徴ベクトルの情報量が一定の閾値を超えない場合にも、処理は異常終了となる。端末装置20aおよび20bの相互認証手段204は、受信したこの認証鍵によって相互認証を行う(ステップS204)。 The key sharing unit 105 that has received the comparison result calculates the information amount of each matched feature vector from the generation probability of the matched feature vector, and the matched feature vector only when the sum exceeds a given threshold value. Are transmitted as an authentication key to each terminal (steps S105 to S106). Even when the information amount of the feature vector does not exceed a certain threshold, the process ends abnormally. The mutual authentication means 204 of the terminal devices 20a and 20b performs mutual authentication using the received authentication key (step S204).
 以上に示した処理により、この相互認証システムでは、音声入力だけで十分な強度を持った有効な認証鍵を生成して発行することが可能となる。これには特別な操作は特に必要ではなく、また音声入力に必要なハードウェアやソフトウェアなども多くの機器が予め備えているので、導入にかかるコストも小さい。 Through the processing described above, this mutual authentication system can generate and issue an effective authentication key with sufficient strength by voice input alone. No special operation is required for this, and since many devices are equipped in advance with hardware and software necessary for voice input, the installation cost is small.
(第1の実施形態の全体的な動作)
 次に、上記の実施形態の全体的な動作について説明する。
 本実施形態に係る相互認証方法は、複数台の端末装置20と、これらの端末装置に対して認証鍵を生成して与える相互認証サーバ10とが相互に接続されて構成される相互認証システムにあって、各端末装置の音声データ送信手段が、周辺の環境音を音の大きさの時間変化を表す時系列データとして相互認証サーバに対して送信し(図13・ステップS202~203)、相互認証サーバの特徴ベクトル生成手段が、各端末装置から受信した時系列データの各々に対して周波数成分を解析して特徴ベクトルを生成し(図13・ステップS103)、相互認証サーバの特徴ベクトル比較手段が、生成された特徴ベクトルを各端末装置間で比較してこれらが一致するか否かを判定し(図13・ステップS104)、相互認証サーバの鍵共有手段が、特徴ベクトルが一致する場合に各端末装置に対して認証鍵を生成して送信する(図13・ステップS105~106)。 (Overall operation of the first embodiment)
Next, the overall operation of the above embodiment will be described.
The mutual authentication method according to the present embodiment is a mutual authentication system in which a plurality of terminal devices 20 and a mutual authentication server 10 that generates and gives authentication keys to these terminal devices are connected to each other. Then, the voice data transmitting means of each terminal device transmits the surrounding environmental sound to the mutual authentication server as time-series data representing the time change of the sound volume (FIG. 13, steps S202 to 203). The feature vector generating unit of the authentication server analyzes the frequency component for each of the time series data received from each terminal device to generate a feature vector (FIG. 13, step S103), and the feature vector comparing unit of the mutual authentication server Compares the generated feature vectors between the terminal devices to determine whether or not they match (FIG. 13, step S104), and the key sharing means of the mutual authentication server It generates and transmits an authentication key to each terminal device when the feature vectors are matched (13 steps S105 ~ 106).
 また、図13・ステップS103に示した特徴ベクトル生成手段が特徴ベクトルを生成する処理が、時系列データをフーリエ変換機能が一定時間間隔の時間窓に分割して各々の時間窓に対してFFT(高速フーリエ変換)を行ってパワースペクトルを出力し、出力されたパワースペクトルを量子化機能が予め与えられた複数の閾値と照合することによって予め与えられた周波数ごとの特徴ベクトルを出力する。またここで、複数の閾値の組み合わせについて予め与えられた複数のパターンごとに複数の特徴ベクトルを出力する。 Further, the process of generating the feature vector by the feature vector generating means shown in step S103 of FIG. 13 is performed by dividing the time series data into time windows having a constant time interval by the Fourier transform function and performing FFT ( (Fast Fourier Transform) is performed to output a power spectrum, and the output power spectrum is collated with a plurality of thresholds to which a quantization function is given in advance to output a feature vector for each given frequency. Further, here, a plurality of feature vectors are output for each of a plurality of patterns given in advance for a combination of a plurality of threshold values.
 そして、図13・ステップS104に示した特徴ベクトル比較手段が特徴ベクトルを比較する処理が、同一の時間窓において生成された複数の特徴ベクトルを各端末装置間で比較し、当該端末装置間で特徴ベクトルが1つでも一致するものがある場合に、当該各端末装置の特徴ベクトルが一致すると判定する。 Then, the process of comparing the feature vectors by the feature vector comparison unit shown in step S104 in FIG. 13 compares the plurality of feature vectors generated in the same time window between the terminal devices, and the feature between the terminal devices. If even one of the vectors matches, it is determined that the feature vectors of the terminal devices match.
 さらに、図13・ステップS105~106に示した鍵共有手段が認証鍵を生成して送信する処理が、時系列データの対象時間範囲において一致した特徴ベクトルの単位時間当たりの情報量の合計値を算出し、この算出された情報量の合計値が一定以上である場合にのみ、一致した特徴ベクトルを連接したもののハッシュ値を認証鍵として生成する。 Further, the process of generating and transmitting the authentication key by the key sharing means shown in steps S105 to S106 in FIG. Only when the calculated total amount of information is greater than or equal to a certain value, the hash value of the concatenated matched feature vectors is generated as the authentication key.
 ここで、上記各動作ステップについては、これをコンピュータで実行可能にプログラム化し、これらを前記各ステップを直接実行する相互認証サーバ10のプロセッサ11に実行させるようにしてもよい。本プログラムは、非一時的な記録媒体、例えば、DVD、CD、フラッシュメモリ等に記録されてもよい。その場合、本プログラムは、記録媒体からコンピュータによって読み出され、実行される。
 この動作により、本実施形態は以下のような効果を奏する。 Here, each of the above-described operation steps may be programmed to be executable by a computer, and may be executed by the processor 11 of the mutual authentication server 10 that directly executes each of the steps. The program may be recorded on a non-temporary recording medium, such as a DVD, a CD, or a flash memory. In this case, the program is read from the recording medium by a computer and executed.
By this operation, this embodiment has the following effects.
(本実施形態によって得られる効果)
 音も、広い意味での「振動」である。従って、環境音を認証に利用する本実施形態は、前述の特許文献2~3および非特許文献2~4に記載の、ユーザが「装置2つを合わせて振る」という先行技術に類似した部分は確かにある。 (Effect obtained by this embodiment)
Sound is also “vibration” in a broad sense. Therefore, this embodiment using environmental sound for authentication is similar to the prior art described in Patent Documents 2 to 3 and Non-Patent Documents 2 to 4, in which the user “shakes two devices together”. Is certainly.
 しかしながら、環境音を認証に利用する場合、以下の3点が問題となる。
 第1点は、この先行技術で認証の操作対象となっている振動は、多くてもせいぜい1秒に数回程度であるが、音声は、たとえば携帯電話端末の音声通話用のマイクの仕様では、最低でも8kHz、8ビットでのサンプリングが必要になるので、これをそのまま送信すると、送信する際に膨大な通信量(8キロバイト/秒)が発生し、判定の際の処理量もまた膨大なものとなるという点である。
 第2点は、類似する環境音の下にあるユーザ同士であっても、必ずしも相互認証のための鍵を共有することが適切であるとは限らないという点である。
 第3点は、観測場所の違いや装置間の音響特性などの違いによる影響が大きい点である。
 以上の3点により、先行技術における「振動」をそのまま「環境音」に置き換えることは非常に困難である。 However, when environmental sound is used for authentication, the following three points are problematic.
The first point is that the vibration that is the subject of authentication in this prior art is at most several times per second, but the voice is, for example, in the specification of a microphone for voice calls of a mobile phone terminal. Since sampling at 8 kHz and 8 bits is required at least, if this is transmitted as it is, a huge amount of communication (8 kilobytes / second) occurs during transmission, and the amount of processing at the time of determination is also huge It will be a thing.
The second point is that it is not always appropriate to share a key for mutual authentication even among users under similar environmental sounds.
The third point is that it is greatly influenced by differences in observation locations and acoustic characteristics between devices.
From the above three points, it is very difficult to replace “vibration” in the prior art with “environmental sound” as it is.
 本実施形態では、端末装置20で収集した環境音データを相互認証サーバ10に送信する際に、音圧データを1秒当たり8000個から100個に圧縮して送信している。これは送信する際の通信量を低減する(上記第1点への対応)だけではなく、正当でないユーザに対して認証鍵を誤発行する、即ちフォールス・ポジティブ(false positive)発生の危険性を低減するという効果を得ることもできる。以下、これについてより詳しく説明する。 In this embodiment, when the environmental sound data collected by the terminal device 20 is transmitted to the mutual authentication server 10, the sound pressure data is compressed from 8000 to 100 per second and transmitted. This not only reduces the amount of communication during transmission (corresponding to the first point), but also incorrectly issues an authentication key to an unauthorized user, that is, the risk of false positive occurrence. The effect of reducing can also be acquired. This will be described in more detail below.
 環境音は、周期的に発生する「定常音系」と突発的に発生する「パルス系」とに大きく分けることができるが、「定常音系」の環境音は物理的に近接していない異なる場所であっても同一の音が観測される場合が多くある。従って、環境音を本願の「相互認証」という目的に対して適用するには「定常音系」ではなく、その時・その場でしか観測されない「パルス系」の環境音について一致するか否かを判断する必要がある。 Environmental sounds can be broadly divided into “steady sound systems” that occur periodically and “pulse systems” that occur suddenly, but the environmental sounds of “steady sound systems” are not physically close to each other. There are many cases where the same sound is observed even in a place. Therefore, in order to apply the environmental sound for the purpose of “mutual authentication” of the present application, it is not a “steady sound system”, but whether or not it is coincident with the “pulse system” environmental sound that is observed only at that time. It is necessary to judge.
 「定常音系」の環境音は周波数が比較的高いことが多いのに対し、「パルス系」の環境音は周波数が比較的低いことが多い。音圧データを端末装置側で圧縮して送信することにより、いわゆるローパスフィルタを通すことと同様の効果が得られるので、周波数が比較的高い「定常音系」の環境音による影響を低減することができる。 “Environmental sound of“ stationary sound system ”often has a relatively high frequency, whereas environmental sound of“ pulse system ”often has a relatively low frequency. By compressing and transmitting the sound pressure data on the terminal device side, the same effect as passing through a so-called low-pass filter can be obtained, so the influence of environmental sound of a “steady sound system” having a relatively high frequency can be reduced. Can do.
 また、一致した特徴ベクトルの情報量を計算することによって、主に「定常音系」の環境音から生成される頻繁に出現する特徴ベクトルが一致するユーザ間よりも、主に「パルス系」から生成される滅多に現れない特徴ベクトルが一致するユーザ間のほうが、より鍵が共有しやすいように制御できる。これは正当でないユーザに対して認証鍵を誤発行する、即ちフォールス・ポジティブ(false positive)発生の危険性を低減することができるという効果がある(上記第2点への対応)。 Also, by calculating the amount of information of the matched feature vectors, it is mainly from the “pulse system” rather than between users whose feature vectors that appear frequently from the environmental sound of the “steady sound system” match. It is possible to control so that keys are more easily shared between users whose feature vectors that rarely appear are matched. This has the effect of falsely issuing an authentication key to an unauthorized user, ie, reducing the risk of false positive (corresponding to the second point).
 さらに、閾値を少しずつ変化させた複数の量子化パターンを用意しておき、これを利用して複数の特徴ベクトルを生成および比較することにより、観測場所の違いや機器同士での音響特性の違いなどによる影響を低減する効果を得ることもできる(上記第3点への対応)。 Furthermore, by preparing multiple quantization patterns with threshold values changed little by little, and using them to generate and compare multiple feature vectors, differences in observation locations and differences in acoustic characteristics between devices It is also possible to obtain an effect of reducing the influence of the above (corresponding to the third point).
 これによって、本実施形態によれば、正当でないユーザに対して認証鍵を誤発行する危険の少ない、確実な相互認証を実現することが可能となる。その際に必要となるのは、装置周辺の音声を入力することだけであるので、多くの機器が標準的に備えているハードウェアおよびソフトウェアのみで実施可能である。 Thus, according to the present embodiment, it is possible to realize reliable mutual authentication with less risk of erroneously issuing an authentication key to an unauthorized user. In that case, all that is required is to input the sound around the apparatus, and therefore, it can be implemented only with hardware and software that are provided as standard in many devices.
(第2の実施形態)
 本発明の第2の実施形態に係る相互認証システム501は、第1の実施形態の構成に加えて、相互認証サーバ510の鍵共有手段605が、情報量の合計値が一定値以下の場合に、この特徴ベクトルを一時的に予め備えられた記憶手段に記憶し、同一の端末装置の組から送られてきた時系列データから生成された特徴ベクトルにさらに一時的に記憶された特徴ベクトルを連接させたもののハッシュ値を認証鍵として生成するものとした。 (Second Embodiment)
In the mutual authentication system 501 according to the second embodiment of the present invention, in addition to the configuration of the first embodiment, when the key sharing unit 605 of the mutual authentication server 510 has a total amount of information equal to or less than a predetermined value, The feature vector is temporarily stored in a storage means provided in advance, and the feature vector stored temporarily is further concatenated with the feature vector generated from the time-series data sent from the same set of terminal devices. It was assumed that the hash value of what was created was generated as the authentication key.
 この構成によっても第1の実施形態と同一の効果が得られるのに加えて、さらに十分な鍵長の特徴ベクトルを得ることができない場合においても認証鍵を生成することが可能となる。
 以下、これをより詳細に説明する。 With this configuration, the same effect as that of the first embodiment can be obtained, and an authentication key can be generated even when a feature vector having a sufficient key length cannot be obtained.
Hereinafter, this will be described in more detail.
 図14は、本発明の第2の実施形態に係る相互認証システム501の構成について示す説明図である。相互認証システム501は、第1の実施形態で示した相互認証システム1で、相互認証サーバ10が別の相互認証サーバ510に置換されたものである。端末装置20は第1の実施形態と同一である。 FIG. 14 is an explanatory diagram showing the configuration of the mutual authentication system 501 according to the second embodiment of the present invention. The mutual authentication system 501 is the mutual authentication system 1 shown in the first embodiment, in which the mutual authentication server 10 is replaced with another mutual authentication server 510. The terminal device 20 is the same as that in the first embodiment.
 相互認証サーバ510は、ハードウェアとしての構成は相互認証サーバ10と同一であり、またプロセッサ11で動作するソフトウェアとしての構成も、鍵共有手段105が別の鍵共有手段605に置換され、さらに記憶手段12に特徴ベクトル612を記憶する領域が追加されている点以外は同一である。従って、ここではその相違点のみを説明するにとどめる。 The mutual authentication server 510 has the same hardware configuration as the mutual authentication server 10, and the software configuration that operates on the processor 11 is replaced by another key sharing unit 605 instead of the key sharing unit 105. It is the same except that an area for storing the feature vector 612 is added to the means 12. Therefore, only the differences will be described here.
 図15は、図14に示した相互認証サーバ510および端末装置20の間で行われる相互認証の動作について示すフローチャートである。端末装置20の動作は図13で示した第1の実施形態の動作と同一であることは言うまでもないが、相互認証サーバ510の動作もステップS101~106についても図13で示した第1の実施形態の動作と同一である。 FIG. 15 is a flowchart showing the mutual authentication operation performed between the mutual authentication server 510 and the terminal device 20 shown in FIG. It goes without saying that the operation of the terminal device 20 is the same as that of the first embodiment shown in FIG. 13, but the operation of the mutual authentication server 510 and steps S101 to S106 are also shown in FIG. It is the same as the operation of the form.
 唯一、第1の実施形態と異なる動作は、一致した特徴ベクトルの情報量の総和(鍵長)が一定の閾値を超えない場合に、鍵共有手段605はその特徴ベクトル612を記憶手段12に記憶させる(ステップS107)。そして、次回以降の動作で、同一の端末装置20の組から新たに時系列データが送られてきた場合に、鍵共有手段605は新たな時系列データから生成された特徴ベクトルに、記憶されている特徴ベクトル612をさらに連接して、これをハッシュ値としたものを認証鍵として各端末に送信する。 The only operation different from that of the first embodiment is that the key sharing unit 605 stores the feature vector 612 in the storage unit 12 when the total amount of information (key length) of the matched feature vectors does not exceed a certain threshold. (Step S107). Then, when new time-series data is sent from the same set of terminal devices 20 in the subsequent operation, the key sharing means 605 stores the feature vector generated from the new time-series data. The feature vectors 612 are further concatenated and the hash values are transmitted as authentication keys to each terminal.
 運用において、ある特定の期間において得られた時系列データだけでは十分な鍵長の特徴ベクトルを得ることのできない場合が出てくることもある。本実施形態では、そのような場合に、同一の端末装置の組から連続して得られる時系列データを利用して認証鍵とすることができるので、より確実に認証鍵を生成して利用することが可能となる。 In operation, there may be cases where it is not possible to obtain a feature vector with a sufficient key length using only time-series data obtained during a specific period. In this embodiment, in such a case, it is possible to use the time series data continuously obtained from the same set of terminal devices as an authentication key, so that the authentication key is generated and used more reliably. It becomes possible.
(実施形態の拡張)
 以上の通り説明した第1および第2の実施形態には、その趣旨を改変しない範囲でさまざまな拡張が考えられる。以下、これについて説明する。
 まず、1つの相互認証システムが3台以上の端末機器を含み、それらの端末機器が3台以上の組で相互認証を行うようにしてもよい。また、1つの相互認証システムに含まれる端末機器のうちの1台が、相互認証サーバとしての機能を兼ね備えてもよい。 (Extended embodiment)
Various extensions can be considered in the first and second embodiments described above without departing from the spirit of the first and second embodiments. This will be described below.
First, one mutual authentication system may include three or more terminal devices, and these terminal devices may perform mutual authentication with a set of three or more devices. One of the terminal devices included in one mutual authentication system may also have a function as a mutual authentication server.
 さらに、ユーザが特定の時間範囲を指定して、その指定された時間範囲のみを本発明で認証を行う対象時間範囲とする、または逆に本発明で認証を行う対象時間範囲から除外するようにするという構成も考えられる。 Further, the user designates a specific time range, and only the designated time range is set as a target time range to be authenticated in the present invention, or conversely, excluded from the target time range to be authenticated in the present invention. It is also possible to adopt a configuration that does this.
 これまで本発明について図面に示した特定の実施形態をもって説明してきたが、本発明は図面に示した実施形態に限定されるものではなく、本発明の効果を奏する限り、これまで知られたいかなる構成であっても採用することができる。 The present invention has been described with reference to the specific embodiments shown in the drawings. However, the present invention is not limited to the embodiments shown in the drawings, and any known hitherto provided that the effects of the present invention are achieved. Even if it is a structure, it is employable.
 上述した実施形態について、その新規な技術内容の要点をまとめると、以下のようになる。なお、上記実施形態の一部または全部は、新規な技術として以下のようにまとめられるが、本発明は必ずしもこれに限定されるものではない。 The summary of the new technical contents of the above-described embodiment is summarized as follows. In addition, although part or all of the said embodiment is summarized as follows as a novel technique, this invention is not necessarily limited to this.
(付記1) 複数台の端末装置と、これらの端末装置に対して認証鍵を生成して与える相互認証サーバとが相互に接続されて構成される相互認証システムであって、
 前記各端末装置が、周辺の環境音を音の大きさの時間変化を表す時系列データとして前記相互認証サーバに対して送信する音声データ送信手段を備え、
 前記相互認証サーバが、
 前記各端末装置から受信した前記時系列データの各々に対して周波数成分を解析して特徴ベクトルを生成する特徴ベクトル生成手段と、
 生成された前記特徴ベクトルを前記各端末装置間で比較してこれらが一致するか否かを判定する特徴ベクトル比較手段と、
 前記特徴ベクトルが一致する場合に前記各端末装置に対して認証鍵を生成して送信する鍵共有手段と
を有することを特徴とする相互認証システム。 (Supplementary Note 1) A mutual authentication system configured by connecting a plurality of terminal devices and a mutual authentication server that generates and gives an authentication key to these terminal devices,
Each terminal device includes voice data transmitting means for transmitting surrounding environmental sound to the mutual authentication server as time-series data representing a temporal change in sound volume,
The mutual authentication server is
Feature vector generation means for generating a feature vector by analyzing a frequency component for each of the time-series data received from each terminal device;
Comparing the generated feature vectors between the terminal devices and determining whether or not they match,
A mutual authentication system comprising key sharing means for generating and transmitting an authentication key to each of the terminal devices when the feature vectors match.
(付記2) 前記各端末装置が、周辺の環境音を音声データとして収集するセンシング手段を備えると共に、
 前記音声データ送信手段が、収集された前記音声データから複数の代表値を抽出すると共にこれを前記時系列データとして送信することを特徴とする、付記1に記載の相互認証システム。 (Additional remark 2) While each said terminal device is equipped with the sensing means which collects surrounding environmental sound as audio | voice data,
The mutual authentication system according to appendix 1, wherein the voice data transmitting unit extracts a plurality of representative values from the collected voice data and transmits the extracted representative values as the time-series data.
(付記3) 前記端末装置と前記相互認証サーバが各々、事前に相互間で時刻を合わせる時刻同期手段を有することを特徴とする、付記1に記載の相互認証システム。 (Supplementary note 3) The mutual authentication system according to supplementary note 1, characterized in that each of the terminal device and the mutual authentication server has a time synchronization means for adjusting the time between each other in advance.
(付記4) 前記相互認証サーバが、
 前記各端末装置から受信した各々の前記時系列データから予め与えられた個数の極値を検出し、この極値が検出されたタイミングに基づいて前記時系列データ相互間の時間軸方向のズレを修正して前記特徴ベクトル生成手段に出力するデータ同期手段を有することを特徴とする、付記1に記載の相互認証システム。 (Appendix 4) The mutual authentication server is
A predetermined number of extreme values are detected from each of the time series data received from each terminal device, and a time axis direction shift between the time series data is detected based on the timing at which the extreme values are detected. The mutual authentication system according to appendix 1, further comprising a data synchronization unit that corrects and outputs the data to the feature vector generation unit.
(付記5) 前記相互認証サーバの前記特徴ベクトル生成手段が、
 前記時系列データを一定時間間隔の時間窓に分割して各々の前記時間窓に対してFFT(高速フーリエ変換)を行ってパワースペクトルを出力するフーリエ変換機能と、
 出力された前記パワースペクトルの周波数ごとのパワーレベルを予め複数段階に設定された閾値と照合することにより前記周波数ごとの特徴ベクトルを出力する量子化機能と
を有することを特徴とする、付記1に記載の相互認証システム。 (Supplementary Note 5) The feature vector generation means of the mutual authentication server includes:
A Fourier transform function that divides the time-series data into time windows with a constant time interval and performs FFT (Fast Fourier Transform) on each time window to output a power spectrum;
Supplementary note 1 characterized by having a quantization function that outputs a feature vector for each frequency by collating the power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages. The mutual authentication system described.
(付記6) 前記相互認証サーバの前記特徴ベクトル生成手段が、
 前記フーリエ変換機能によって得られた前記パワースペクトルから予め定められたカットオフ周波数以上の周波数成分を除去してこれを前記量子化機能に移行するカットオフ機能
を有することを特徴とする、付記5に記載の相互認証システム。 (Supplementary Note 6) The feature vector generation means of the mutual authentication server includes:
Appendix 5 characterized by having a cut-off function for removing a frequency component equal to or higher than a predetermined cut-off frequency from the power spectrum obtained by the Fourier transform function and shifting the power component to the quantization function. The mutual authentication system described.
(付記7) 前記相互認証サーバの前記量子化機能が、
 予め設定されたレベルに対する複数の前記閾値を一つのグループとして、当該グループを複数設け、前記各グループごとに前記特徴ベクトルを出力することを特徴とする、付記5に記載の相互認証システム。 (Supplementary note 7) The quantization function of the mutual authentication server is:
6. The mutual authentication system according to appendix 5, wherein a plurality of the threshold values for a preset level are set as one group, a plurality of the groups are provided, and the feature vector is output for each group.
(付記8) 前記相互認証サーバの前記特徴ベクトル比較手段が、同一の前記時間窓において生成された前記複数の特徴ベクトルを前記各端末装置間で比較し、当該端末装置間で前記特徴ベクトルが1つでも一致するものがある場合に、当該各端末装置の前記特徴ベクトルが一致すると判定することを特徴とする、付記7に記載の相互認証システム。 (Supplementary Note 8) The feature vector comparison unit of the mutual authentication server compares the plurality of feature vectors generated in the same time window between the terminal devices, and the feature vector is 1 between the terminal devices. The mutual authentication system according to appendix 7, wherein if there is at least one match, it is determined that the feature vectors of the terminal devices match.
(付記9) 前記相互認証サーバの前記鍵共有手段が、前記時系列データの対象時間範囲において一致した前記特徴ベクトルの単位時間当たりの情報量の合計値を算出し、この算出された情報量の合計値が予め与えられた一定値以上である場合にのみ、前記一致した特徴ベクトルを連接すると共にこの一致した特徴ベクトルを連接したもののハッシュ値を前記認証鍵として生成することを特徴とする、付記8に記載の相互認証システム。 (Supplementary Note 9) The key sharing unit of the mutual authentication server calculates a total value of information amounts per unit time of the feature vectors that match in the target time range of the time series data, and the calculated information amount Note that only when the total value is equal to or greater than a predetermined value, the matched feature vectors are concatenated and a hash value of the concatenated matched feature vectors is generated as the authentication key. 8. The mutual authentication system according to 8.
(付記10) 前記相互認証サーバの前記鍵共有手段が、前記時系列データの対象時間範囲において一致した前記特徴ベクトルの単位時間当たりの情報量の合計値を算出し、この算出された情報量の合計値が予め与えられた一定値以上である場合に、前記一致した特徴ベクトルを連接すると共にこの一致した特徴ベクトルを連接したもののハッシュ値を前記認証鍵として生成し、前記情報量の合計値が前記一定値以下の場合に、この特徴ベクトルを一時的に予め備えられた記憶手段に記憶し、同一の前記端末装置の組から送られてきた前記時系列データから生成された前記特徴ベクトルにさらに一時的に記憶された前記特徴ベクトルを連接させたもののハッシュ値を前記認証鍵として生成することを特徴とする、付記8に記載の相互認証システム。 (Supplementary Note 10) The key sharing means of the mutual authentication server calculates a total value of information amounts per unit time of the feature vectors that coincide in the target time range of the time series data, and the calculated information amount When the total value is equal to or greater than a predetermined value, a hash value of the concatenated feature vectors and the concatenated feature vectors is generated as the authentication key, and the total value of the information amount is When the value is equal to or less than the predetermined value, the feature vector is temporarily stored in a storage unit provided in advance, and further added to the feature vector generated from the time-series data sent from the same set of terminal devices. 9. The mutual authentication system according to appendix 8, wherein a hash value of a concatenation of the temporarily stored feature vectors is generated as the authentication key. Beam.
(付記11) 複数台の端末装置と相互に接続されて相互認証システムを構成する相互認証サーバであって、
 前記各端末装置から受信した音の大きさの時間変化を表す時系列データの各々に対して周波数成分を解析して特徴ベクトルを生成する特徴ベクトル生成手段と、
 生成された前記特徴ベクトルを前記各端末装置間で比較してこれらが一致するか否かを判定する特徴ベクトル比較手段と、
 前記特徴ベクトルが一致する場合に前記各端末装置に対して認証鍵を生成して送信する鍵共有手段と
を有することを特徴とする相互認証サーバ。 (Supplementary Note 11) A mutual authentication server that is mutually connected to a plurality of terminal devices to constitute a mutual authentication system,
Feature vector generating means for generating a feature vector by analyzing a frequency component for each of the time-series data representing a temporal change in the volume of sound received from each terminal device;
Comparing the generated feature vectors between the terminal devices and determining whether or not they match,
A mutual authentication server, comprising: key sharing means for generating and transmitting an authentication key to each of the terminal devices when the feature vectors match.
(付記12) 前記特徴ベクトル生成手段が、
 前記時系列データを一定時間間隔の時間窓に分割して各々の前記時間窓に対してFFT(高速フーリエ変換)を行ってパワースペクトルを出力するフーリエ変換機能と、
 出力された前記パワースペクトルの周波数ごとのパワーレベルを予め複数段階に設定された閾値と照合することにより前記周波数ごとの特徴ベクトルを出力する量子化機能と
を有することを特徴とする、付記11に記載の相互認証サーバ。 (Supplementary Note 12) The feature vector generation means includes
A Fourier transform function that divides the time-series data into time windows with a constant time interval and performs FFT (Fast Fourier Transform) on each time window to output a power spectrum;
Appendix 11 has a quantization function for outputting a feature vector for each frequency by collating the power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages. The mutual authentication server described.
(付記13) 前記量子化機能が、
 予め設定されたレベルに対する複数の前記閾値を一つのグループとして、当該グループを複数設け、前記各グループごとに前記特徴ベクトルを出力することを特徴とする、付記12に記載の相互認証サーバ。 (Supplementary note 13) The quantization function is
13. The mutual authentication server according to appendix 12, wherein a plurality of the thresholds with respect to a preset level are set as one group, a plurality of the groups are provided, and the feature vector is output for each group.
(付記14) 前記特徴ベクトル比較手段が、同一の前記時間窓において生成された前記複数の特徴ベクトルを前記各端末装置間で比較し、当該端末装置間で前記特徴ベクトルが1つでも一致するものがある場合に、当該各端末装置の前記特徴ベクトルが一致すると判定することを特徴とする、付記13に記載の相互認証サーバ。 (Additional remark 14) The said feature vector comparison means compares the said several feature vectors produced | generated in the said same time window between each said terminal device, and even if the said feature vector matches among the said terminal devices The mutual authentication server according to appendix 13, wherein if there is, it is determined that the feature vectors of the terminal devices match.
(付記15) 前記鍵共有手段が、前記時系列データの対象時間範囲において一致した前記特徴ベクトルの単位時間当たりの情報量の合計値を算出し、この算出された情報量の合計値が予め与えられた一定値以上である場合にのみ、前記一致した特徴ベクトルを連接すると共にこの一致した特徴ベクトルを連接したもののハッシュ値を前記認証鍵として生成することを特徴とする、付記14に記載の相互認証サーバ。 (Supplementary Note 15) The key sharing unit calculates a total value of information amounts per unit time of the feature vectors that match in the target time range of the time series data, and the total value of the calculated information amounts is given in advance. The mutual feature according to appendix 14, characterized in that only when the predetermined feature value is greater than or equal to the predetermined value, the matched feature vectors are concatenated and a hash value of the concatenated matched feature vectors is generated as the authentication key. Authentication server.
(付記16) 複数台の端末装置と、これらの端末装置に対して認証鍵を生成して与える相互認証サーバとが相互に接続されて構成される相互認証システムにあって、
 前記各端末装置の音声データ送信手段が、周辺の環境音を音の大きさの時間変化を表す時系列データとして前記相互認証サーバに対して送信し、
 前記相互認証サーバの特徴ベクトル生成手段が、前記各端末装置から受信した前記時系列データの各々に対して周波数成分を解析して特徴ベクトルを生成し、
 前記相互認証サーバの特徴ベクトル比較手段が、生成された前記特徴ベクトルを前記各端末装置間で比較してこれらが一致するか否かを判定し、
 前記相互認証サーバの鍵共有手段が、前記特徴ベクトルが一致する場合に前記各端末装置に対して認証鍵を生成して送信する
ことを特徴とする相互認証方法。 (Supplementary Note 16) In a mutual authentication system in which a plurality of terminal devices and a mutual authentication server that generates and gives authentication keys to these terminal devices are connected to each other,
The voice data transmitting means of each terminal device transmits surrounding environmental sound to the mutual authentication server as time-series data representing a temporal change in sound volume,
The feature vector generation means of the mutual authentication server generates a feature vector by analyzing a frequency component for each of the time-series data received from each terminal device,
The feature vector comparison means of the mutual authentication server compares the generated feature vectors between the terminal devices to determine whether or not they match.
A mutual authentication method, wherein the key sharing means of the mutual authentication server generates and transmits an authentication key to each terminal device when the feature vectors match.
(付記17) 前記特徴ベクトル生成手段が前記特徴ベクトルを生成する処理が、
 前記時系列データをフーリエ変換機能が一定時間間隔の時間窓に分割して各々の前記時間窓に対してFFT(高速フーリエ変換)を行ってパワースペクトルを出力し、
 出力された前記パワースペクトルの周波数ごとのパワーレベルを量子化機能が予め複数段階に設定された閾値と照合することにより前記周波数ごとの特徴ベクトルを出力する
ことを特徴とする、付記16に記載の相互認証方法。 (Supplementary Note 17) The process in which the feature vector generation unit generates the feature vector includes:
The Fourier transform function divides the time series data into time windows with a constant time interval, performs FFT (Fast Fourier Transform) on each time window, and outputs a power spectrum,
The feature vector for each frequency is output by collating the power level for each frequency of the output power spectrum with a threshold value for which a quantization function is set in advance in a plurality of stages. Mutual authentication method.
(付記18) 前記量子化機能が前記特徴ベクトルを出力する処理が、
 予め設定されたレベルに対する複数の前記閾値を一つのグループとして、当該グループを複数設け、前記各グループごとに前記特徴ベクトルを出力することを特徴とする、付記17に記載の相互認証方法。 (Supplementary note 18) The process in which the quantization function outputs the feature vector includes:
18. The mutual authentication method according to appendix 17, wherein a plurality of the thresholds for a preset level are set as one group, a plurality of the groups are provided, and the feature vector is output for each group.
(付記19) 前記特徴ベクトル比較手段が前記特徴ベクトルを比較する処理が、
 同一の前記時間窓において生成された前記複数の特徴ベクトルを前記各端末装置間で比較し、当該端末装置間で前記特徴ベクトルが1つでも一致するものがある場合に、当該各端末装置の前記特徴ベクトルが一致すると判定することを特徴とする、付記18に記載の相互認証方法。 (Supplementary note 19) The feature vector comparing means compares the feature vectors.
The plurality of feature vectors generated in the same time window are compared between the terminal devices, and when there is even one feature vector that matches between the terminal devices, the terminal device of the terminal device 19. The mutual authentication method according to appendix 18, wherein it is determined that the feature vectors match.
(付記20) 前記鍵共有手段が認証鍵を生成して送信する処理が、
 前記時系列データの対象時間範囲において一致した前記特徴ベクトルの単位時間当たりの情報量の合計値を算出し、この算出された情報量の合計値が予め与えられた一定値以上である場合にのみ、前記一致した特徴ベクトルを連接すると共にこの一致した特徴ベクトルを連接したもののハッシュ値を前記認証鍵として生成することを特徴とする、付記19に記載の相互認証方法。 (Supplementary note 20) The key sharing means generates and transmits an authentication key.
Only when the total value of the information amount per unit time of the feature vector matched in the target time range of the time series data is calculated and the calculated total amount of information amount is equal to or greater than a predetermined value The mutual authentication method according to appendix 19, wherein the matching feature vectors are concatenated and a hash value of the concatenated matching feature vectors is generated as the authentication key.
(付記21) 複数台の端末装置と、これらの端末装置に対して認証鍵を生成して与える相互認証サーバとが相互に接続されて構成される相互認証システムにあって、
 前記相互認証サーバが備えるコンピュータに、
 前記各端末装置から受信した音の大きさの時間変化を表す時系列データの各々に対して周波数成分を解析して特徴ベクトルを生成する手順、
 生成された前記特徴ベクトルを前記各端末装置間で比較してこれらが一致するか否かを判定する手順、
 および前記特徴ベクトルが一致する場合に前記各端末装置に対して認証鍵を生成して送信する手順
を実行させることを特徴とする相互認証プログラム。 (Supplementary note 21) In a mutual authentication system in which a plurality of terminal devices and a mutual authentication server that generates and gives authentication keys to these terminal devices are connected to each other,
A computer provided in the mutual authentication server,
A procedure for generating a feature vector by analyzing a frequency component for each of time-series data representing a temporal change in sound volume received from each terminal device,
A procedure for comparing the generated feature vectors between the terminal devices and determining whether or not they match,
And a mutual authentication program for executing a procedure of generating and transmitting an authentication key to each of the terminal devices when the feature vectors match.
(付記22) 前記特徴ベクトルを生成する手順が、
 前記時系列データを一定時間間隔の時間窓に分割して各々の前記時間窓に対してFFT(高速フーリエ変換)を行ってパワースペクトルを出力する手順、
 および出力された前記パワースペクトルの周波数ごとのパワーレベルを予め複数段階に設定された閾値と照合することにより前記周波数ごとの特徴ベクトルを出力する手順
を含むことを特徴とする、付記21に記載の相互認証プログラム。 (Supplementary Note 22) The procedure for generating the feature vector includes:
A step of dividing the time series data into time windows at regular time intervals and performing FFT (Fast Fourier Transform) on each time window to output a power spectrum;
And appending the power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages to output a feature vector for each frequency. Mutual authentication program.
(付記23) 前記特徴ベクトルを出力する手順が、
 予め設定されたレベルに対する複数の前記閾値を一つのグループとして、当該グループを複数設け、前記各グループごとに前記特徴ベクトルを出力する手順を含むことを特徴とする、付記22に記載の相互認証プログラム。 (Supplementary Note 23) The procedure for outputting the feature vector includes:
The mutual authentication program according to appendix 22, characterized by including a procedure in which a plurality of the thresholds for a preset level are set as one group, a plurality of the groups are provided, and the feature vector is output for each group. .
(付記24) 前記特徴ベクトルを比較する手順が、
 同一の前記時間窓において生成された前記複数の特徴ベクトルを前記各端末装置間で比較し、当該端末装置間で前記特徴ベクトルが1つでも一致するものがある場合に、当該各端末装置の前記特徴ベクトルが一致すると判定する手順を含むことを特徴とする、付記23に記載の相互認証プログラム。 (Supplementary Note 24) The procedure for comparing the feature vectors includes:
The plurality of feature vectors generated in the same time window are compared between the terminal devices, and when there is even one feature vector that matches between the terminal devices, the terminal device of the terminal device The mutual authentication program according to appendix 23, including a procedure for determining that the feature vectors match.
(付記25) 前記認証鍵を生成して送信する手順が、
 前記時系列データの対象時間範囲において一致した前記特徴ベクトルの単位時間当たりの情報量の合計値を算出し、この算出された情報量の合計値が予め与えられた一定値以上である場合にのみ、前記一致した特徴ベクトルを連接すると共にこの一致した特徴ベクトルを連接したもののハッシュ値を前記認証鍵として生成する手順を含むことを特徴とする、付記24に記載の相互認証プログラム。 (Supplementary Note 25) The procedure for generating and transmitting the authentication key is as follows.
Only when the total value of the information amount per unit time of the feature vector matched in the target time range of the time series data is calculated and the calculated total amount of information amount is equal to or greater than a predetermined value 25. The mutual authentication program according to appendix 24, further comprising a step of concatenating the matched feature vectors and generating a hash value of the concatenated matched feature vectors as the authentication key.
 この出願は2012年2月23日に出願された日本出願特願2012-037361を基礎とする優先権を主張し、その開示の全てをここに取り込む。 This application claims priority based on Japanese Patent Application No. 2012-037361 filed on February 23, 2012, the entire disclosure of which is incorporated herein.
 本発明は、特定の機器間でのアドホックな(恒常的でない、一時的な)接続関係を構築するための相互認証システムにおいて利用できる。 The present invention can be used in a mutual authentication system for constructing an ad hoc (non-permanent, temporary) connection relationship between specific devices.
  1、401、501 相互認証システム
  10、410、510 相互認証サーバ
  11、21 プロセッサ
  12、22 記憶手段
  13、23 通信手段
  20、20a、20b、420、420a、420b、420c 端末装置
  24 音声入力手段
  30 ネットワーク
  101 時刻同期手段
  102 データ同期手段
  103 特徴ベクトル生成手段
  103a フーリエ変換機能
  103b カットオフ機能
  103c 量子化機能
  104 特徴ベクトル比較手段
  105、605 鍵共有手段
  111、211 認証鍵
  201 時刻同期手段
  202 センシング手段
  203 音声データ送信手段
  204 相互認証手段
  612 特徴ベクトル 1, 401, 501 Mutual authentication system 10, 410, 510 Mutual authentication server 11, 21 Processor 12, 22 Storage means 13, 23 Communication means 20, 20a, 20b, 420, 420a, 420b, 420c Terminal device 24 Voice input means 30 Network 101 Time synchronization means 102 Data synchronization means 103 Feature vector generation means 103a Fourier transform function 103b Cut-off function 103c Quantization function 104 Feature vector comparison means 105, 605 Key sharing means 111, 211 Authentication key 201 Time synchronization means 202 Sensing means 203 Voice data transmission means 204 Mutual authentication means 612 Feature vector

Claims (25)

  1.  複数台の端末装置と、これらの端末装置に対して認証鍵を生成して与える相互認証サーバとが相互に接続されて構成される相互認証システムであって、
     前記各端末装置が、周辺の環境音を音の大きさの時間変化を表す時系列データとして前記相互認証サーバに対して送信する音声データ送信手段を備え、
     前記相互認証サーバが、
     前記各端末装置から受信した前記時系列データの各々に対して周波数成分を解析して特徴ベクトルを生成する特徴ベクトル生成手段と、
     生成された前記特徴ベクトルを前記各端末装置間で比較してこれらが一致するか否かを判定する特徴ベクトル比較手段と、
     前記特徴ベクトルが一致する場合に前記各端末装置に対して認証鍵を生成して送信する鍵共有手段と
    を有することを特徴とする相互認証システム。     A mutual authentication system configured by connecting a plurality of terminal devices and a mutual authentication server that generates and gives an authentication key to these terminal devices,
    Each terminal device includes voice data transmitting means for transmitting surrounding environmental sound to the mutual authentication server as time-series data representing a temporal change in sound volume,
    The mutual authentication server is
    Feature vector generation means for generating a feature vector by analyzing a frequency component for each of the time-series data received from each terminal device;
    Comparing the generated feature vectors between the terminal devices and determining whether or not they match,
    A mutual authentication system comprising key sharing means for generating and transmitting an authentication key to each of the terminal devices when the feature vectors match.
  2.  前記各端末装置が、周辺の環境音を音声データとして収集するセンシング手段を備えると共に、
     前記音声データ送信手段が、収集された前記音声データから複数の代表値を抽出すると共にこれを前記時系列データとして送信することを特徴とする、請求項1に記載の相互認証システム。     Each terminal device includes a sensing unit that collects ambient environmental sound as audio data, and
    The mutual authentication system according to claim 1, wherein the voice data transmitting unit extracts a plurality of representative values from the collected voice data and transmits the representative values as the time-series data.
  3.  前記端末装置と前記相互認証サーバが各々、事前に相互間で時刻を合わせる時刻同期手段を有することを特徴とする、請求項1に記載の相互認証システム。 2. The mutual authentication system according to claim 1, wherein each of the terminal device and the mutual authentication server includes a time synchronization unit that synchronizes the time with each other in advance.
  4.  前記相互認証サーバが、
     前記各端末装置から受信した各々の前記時系列データから予め与えられた個数の極値を検出し、この極値が検出されたタイミングに基づいて前記時系列データ相互間の時間軸方向のズレを修正して前記特徴ベクトル生成手段に出力するデータ同期手段を有することを特徴とする、請求項1に記載の相互認証システム。     The mutual authentication server is
    A predetermined number of extreme values are detected from each of the time series data received from each terminal device, and a time axis direction shift between the time series data is detected based on the timing at which the extreme values are detected. The mutual authentication system according to claim 1, further comprising a data synchronization unit that corrects and outputs the data to the feature vector generation unit.
  5.  前記相互認証サーバの前記特徴ベクトル生成手段が、
     前記時系列データを一定時間間隔の時間窓に分割して各々の前記時間窓に対してFFT(高速フーリエ変換)を行ってパワースペクトルを出力するフーリエ変換機能と、
     出力された前記パワースペクトルの周波数ごとのパワーレベルを予め複数段階に設定された閾値と照合することにより前記周波数ごとの特徴ベクトルを出力する量子化機能と
    を有することを特徴とする、請求項1に記載の相互認証システム。     The feature vector generation means of the mutual authentication server includes:
    A Fourier transform function that divides the time-series data into time windows with a constant time interval and performs FFT (Fast Fourier Transform) on each time window to output a power spectrum;
    2. A quantization function for outputting a feature vector for each frequency by comparing a power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages. The mutual authentication system described in 1.
  6.  前記相互認証サーバの前記特徴ベクトル生成手段が、
     前記フーリエ変換機能によって得られた前記パワースペクトルから予め定められたカットオフ周波数以上の周波数成分を除去してこれを前記量子化機能に移行するカットオフ機能
    を有することを特徴とする、請求項5に記載の相互認証システム。     The feature vector generation means of the mutual authentication server includes:
    6. The apparatus according to claim 5, further comprising: a cut-off function that removes a frequency component equal to or higher than a predetermined cut-off frequency from the power spectrum obtained by the Fourier transform function and shifts the frequency component to the quantization function. The mutual authentication system described in 1.
  7.  前記相互認証サーバの前記量子化機能が、
     予め設定されたレベルに対する複数の前記閾値を一つのグループとして、当該グループを複数設け、前記各グループごとに前記特徴ベクトルを出力することを特徴とする、請求項5に記載の相互認証システム。     The quantization function of the mutual authentication server is
    The mutual authentication system according to claim 5, wherein a plurality of the thresholds with respect to a preset level are set as one group, a plurality of the groups are provided, and the feature vector is output for each group.
  8.  前記相互認証サーバの前記特徴ベクトル比較手段が、同一の前記時間窓において生成された前記複数の特徴ベクトルを前記各端末装置間で比較し、当該端末装置間で前記特徴ベクトルが1つでも一致するものがある場合に、当該各端末装置の前記特徴ベクトルが一致すると判定することを特徴とする、請求項7に記載の相互認証システム。 The feature vector comparison means of the mutual authentication server compares the plurality of feature vectors generated in the same time window between the terminal devices, and even one feature vector matches between the terminal devices. The mutual authentication system according to claim 7, wherein when there is something, it is determined that the feature vectors of the terminal devices match.
  9.  前記相互認証サーバの前記鍵共有手段が、前記時系列データの対象時間範囲において一致した前記特徴ベクトルの単位時間当たりの情報量の合計値を算出し、この算出された情報量の合計値が予め与えられた一定値以上である場合にのみ、前記一致した特徴ベクトルを連接すると共にこの一致した特徴ベクトルを連接したもののハッシュ値を前記認証鍵として生成することを特徴とする、請求項8に記載の相互認証システム。 The key sharing means of the mutual authentication server calculates a total value of information amounts per unit time of the feature vectors that coincide in the target time range of the time series data, and the calculated total value of information amounts is calculated in advance. 9. The hash value of the concatenated feature vectors and the concatenated feature vectors are generated as the authentication key only when the matched feature vectors are concatenated only when they are equal to or greater than a given value. Mutual authentication system.
  10.  前記相互認証サーバの前記鍵共有手段が、前記時系列データの対象時間範囲において一致した前記特徴ベクトルの単位時間当たりの情報量の合計値を算出し、この算出された情報量の合計値が予め与えられた一定値以上である場合に、前記一致した特徴ベクトルを連接すると共にこの一致した特徴ベクトルを連接したもののハッシュ値を前記認証鍵として生成し、前記情報量の合計値が前記一定値以下の場合に、この特徴ベクトルを一時的に予め備えられた記憶手段に記憶し、同一の前記端末装置の組から送られてきた前記時系列データから生成された前記特徴ベクトルにさらに一時的に記憶された前記特徴ベクトルを連接させたもののハッシュ値を前記認証鍵として生成することを特徴とする、請求項8に記載の相互認証システム。 The key sharing means of the mutual authentication server calculates a total value of information amounts per unit time of the feature vectors that coincide in the target time range of the time series data, and the calculated total value of information amounts is calculated in advance. A hash value of a concatenation of the matched feature vectors and a concatenation of the matched feature vectors is generated as the authentication key when the given feature vector is greater than or equal to a given value, and the total value of the information amount is less than or equal to the given value In this case, the feature vector is temporarily stored in a storage means provided in advance, and further temporarily stored in the feature vector generated from the time-series data sent from the same set of terminal devices. The mutual authentication system according to claim 8, wherein a hash value of the connected feature vectors is generated as the authentication key.
  11.  複数台の端末装置と相互に接続されて相互認証システムを構成する相互認証サーバであって、
     前記各端末装置から受信した音の大きさの時間変化を表す時系列データの各々に対して周波数成分を解析して特徴ベクトルを生成する特徴ベクトル生成手段と、
     生成された前記特徴ベクトルを前記各端末装置間で比較してこれらが一致するか否かを判定する特徴ベクトル比較手段と、
     前記特徴ベクトルが一致する場合に前記各端末装置に対して認証鍵を生成して送信する鍵共有手段と
    を有することを特徴とする相互認証サーバ。     A mutual authentication server that is mutually connected to a plurality of terminal devices to constitute a mutual authentication system,
    Feature vector generating means for generating a feature vector by analyzing a frequency component for each of the time-series data representing a temporal change in the volume of sound received from each terminal device;
    Comparing the generated feature vectors between the terminal devices and determining whether or not they match,
    A mutual authentication server, comprising: key sharing means for generating and transmitting an authentication key to each of the terminal devices when the feature vectors match.
  12.  前記特徴ベクトル生成手段が、
     前記時系列データを一定時間間隔の時間窓に分割して各々の前記時間窓に対してFFT(高速フーリエ変換)を行ってパワースペクトルを出力するフーリエ変換機能と、
     出力された前記パワースペクトルの周波数ごとのパワーレベルを予め複数段階に設定された閾値と照合することにより前記周波数ごとの特徴ベクトルを出力する量子化機能と
    を有することを特徴とする、請求項11に記載の相互認証サーバ。     The feature vector generation means is
    A Fourier transform function that divides the time-series data into time windows with a constant time interval and performs FFT (Fast Fourier Transform) on each time window to output a power spectrum;
    12. A quantization function for outputting a feature vector for each frequency by comparing a power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages. The mutual authentication server described in 1.
  13.  前記量子化機能が、
     予め設定されたレベルに対する複数の前記閾値を一つのグループとして、当該グループを複数設け、前記各グループごとに前記特徴ベクトルを出力することを特徴とする、請求項12に記載の相互認証サーバ。     The quantization function is
    13. The mutual authentication server according to claim 12, wherein a plurality of the thresholds with respect to a preset level are set as one group, a plurality of the groups are provided, and the feature vector is output for each group.
  14.  前記特徴ベクトル比較手段が、同一の前記時間窓において生成された前記複数の特徴ベクトルを前記各端末装置間で比較し、当該端末装置間で前記特徴ベクトルが1つでも一致するものがある場合に、当該各端末装置の前記特徴ベクトルが一致すると判定することを特徴とする、請求項13に記載の相互認証サーバ。 When the feature vector comparison means compares the plurality of feature vectors generated in the same time window between the terminal devices, and when there is even one of the feature vectors between the terminal devices. The mutual authentication server according to claim 13, wherein it is determined that the feature vectors of the terminal devices match.
  15.  前記鍵共有手段が、前記時系列データの対象時間範囲において一致した前記特徴ベクトルの単位時間当たりの情報量の合計値を算出し、この算出された情報量の合計値が予め与えられた一定値以上である場合にのみ、前記一致した特徴ベクトルを連接すると共にこの一致した特徴ベクトルを連接したもののハッシュ値を前記認証鍵として生成することを特徴とする、請求項14に記載の相互認証サーバ。 The key sharing means calculates a total value of information amounts per unit time of the feature vectors that coincide in the target time range of the time series data, and the calculated total amount of information amounts is a predetermined value 15. The mutual authentication server according to claim 14, wherein only in the case described above, the matched feature vectors are concatenated and a hash value of the concatenated matched feature vectors is generated as the authentication key.
  16.  複数台の端末装置と、これらの端末装置に対して認証鍵を生成して与える相互認証サーバとが相互に接続されて構成される相互認証システムにあって、
     前記各端末装置の音声データ送信手段が、周辺の環境音を音の大きさの時間変化を表す時系列データとして前記相互認証サーバに対して送信し、
     前記相互認証サーバの特徴ベクトル生成手段が、前記各端末装置から受信した前記時系列データの各々に対して周波数成分を解析して特徴ベクトルを生成し、
     前記相互認証サーバの特徴ベクトル比較手段が、生成された前記特徴ベクトルを前記各端末装置間で比較してこれらが一致するか否かを判定し、
     前記相互認証サーバの鍵共有手段が、前記特徴ベクトルが一致する場合に前記各端末装置に対して認証鍵を生成して送信する
    ことを特徴とする相互認証方法。     In a mutual authentication system configured by mutually connecting a plurality of terminal devices and a mutual authentication server that generates and gives authentication keys to these terminal devices,
    The voice data transmitting means of each terminal device transmits surrounding environmental sound to the mutual authentication server as time-series data representing a temporal change in sound volume,
    The feature vector generation means of the mutual authentication server generates a feature vector by analyzing a frequency component for each of the time-series data received from each terminal device,
    The feature vector comparison means of the mutual authentication server compares the generated feature vectors between the terminal devices to determine whether or not they match.
    A mutual authentication method, wherein the key sharing means of the mutual authentication server generates and transmits an authentication key to each terminal device when the feature vectors match.
  17.  前記特徴ベクトル生成手段が前記特徴ベクトルを生成する処理が、
     前記時系列データをフーリエ変換機能が一定時間間隔の時間窓に分割して各々の前記時間窓に対してFFT(高速フーリエ変換)を行ってパワースペクトルを出力し、
     出力された前記パワースペクトルの周波数ごとのパワーレベルを量子化機能が予め複数段階に設定された閾値と照合することにより前記周波数ごとの特徴ベクトルを出力する
    ことを特徴とする、請求項16に記載の相互認証方法。     The feature vector generating means generates the feature vector,
    The Fourier transform function divides the time series data into time windows with a constant time interval, performs FFT (Fast Fourier Transform) on each time window, and outputs a power spectrum,
    17. The feature vector for each frequency is output by comparing the power level for each frequency of the output power spectrum with a threshold whose quantization function is set in a plurality of stages in advance. Mutual authentication method.
  18.  前記量子化機能が前記特徴ベクトルを出力する処理が、
     予め設定されたレベルに対する複数の前記閾値を一つのグループとして、当該グループを複数設け、前記各グループごとに前記特徴ベクトルを出力することを特徴とする、請求項17に記載の相互認証方法。     The process in which the quantization function outputs the feature vector,
    18. The mutual authentication method according to claim 17, wherein a plurality of the thresholds with respect to a preset level are set as one group, a plurality of the groups are provided, and the feature vector is output for each of the groups.
  19.  前記特徴ベクトル比較手段が前記特徴ベクトルを比較する処理が、
     同一の前記時間窓において生成された前記複数の特徴ベクトルを前記各端末装置間で比較し、当該端末装置間で前記特徴ベクトルが1つでも一致するものがある場合に、当該各端末装置の前記特徴ベクトルが一致すると判定することを特徴とする、請求項18に記載の相互認証方法。     The process in which the feature vector comparison means compares the feature vectors,
    The plurality of feature vectors generated in the same time window are compared between the terminal devices, and when there is even one feature vector that matches between the terminal devices, the terminal device of the terminal device The mutual authentication method according to claim 18, wherein it is determined that the feature vectors match.
  20.  前記鍵共有手段が認証鍵を生成して送信する処理が、
     前記時系列データの対象時間範囲において一致した前記特徴ベクトルの単位時間当たりの情報量の合計値を算出し、この算出された情報量の合計値が予め与えられた一定値以上である場合にのみ、前記一致した特徴ベクトルを連接すると共にこの一致した特徴ベクトルを連接したもののハッシュ値を前記認証鍵として生成することを特徴とする、請求項19に記載の相互認証方法。     The key sharing means generates and transmits an authentication key,
    Only when the total value of the information amount per unit time of the feature vector matched in the target time range of the time series data is calculated and the calculated total amount of information amount is equal to or greater than a predetermined value 20. The mutual authentication method according to claim 19, wherein the matched feature vectors are concatenated and a hash value of the concatenated matched feature vectors is generated as the authentication key.
  21.  複数台の端末装置と、これらの端末装置に対して認証鍵を生成して与える相互認証サーバとが相互に接続されて構成される相互認証システムにあって、
     前記相互認証サーバが備えるコンピュータに、
     前記各端末装置から受信した音の大きさの時間変化を表す時系列データの各々に対して周波数成分を解析して特徴ベクトルを生成する手順、
     生成された前記特徴ベクトルを前記各端末装置間で比較してこれらが一致するか否かを判定する手順、
     および前記特徴ベクトルが一致する場合に前記各端末装置に対して認証鍵を生成して送信する手順
    を実行させることを特徴とする相互認証プログラム。     In a mutual authentication system configured by mutually connecting a plurality of terminal devices and a mutual authentication server that generates and gives authentication keys to these terminal devices,
    A computer provided in the mutual authentication server,
    A procedure for generating a feature vector by analyzing a frequency component for each of time-series data representing a temporal change in sound volume received from each terminal device,
    A procedure for comparing the generated feature vectors between the terminal devices and determining whether or not they match,
    And a mutual authentication program for executing a procedure of generating and transmitting an authentication key to each of the terminal devices when the feature vectors match.
  22.  前記特徴ベクトルを生成する手順が、
     前記時系列データを一定時間間隔の時間窓に分割して各々の前記時間窓に対してFFT(高速フーリエ変換)を行ってパワースペクトルを出力する手順、
     および出力された前記パワースペクトルの周波数ごとのパワーレベルを予め複数段階に設定された閾値と照合することにより前記周波数ごとの特徴ベクトルを出力する手順
    を含むことを特徴とする、請求項21に記載の相互認証プログラム。     The procedure for generating the feature vector comprises:
    A step of dividing the time series data into time windows at regular time intervals and performing FFT (Fast Fourier Transform) on each time window to output a power spectrum;
    The method further comprises a step of outputting a feature vector for each frequency by comparing the power level for each frequency of the output power spectrum with a threshold set in advance in a plurality of stages. Mutual authentication program.
  23.  前記特徴ベクトルを出力する手順が、
     予め設定されたレベルに対する複数の前記閾値を一つのグループとして、当該グループを複数設け、前記各グループごとに前記特徴ベクトルを出力する手順を含むことを特徴とする、請求項22に記載の相互認証プログラム。     The procedure of outputting the feature vector comprises:
    23. The mutual authentication according to claim 22, further comprising a step of setting a plurality of the threshold values for a preset level as a group, providing a plurality of the groups, and outputting the feature vector for each group. program.
  24.  前記特徴ベクトルを比較する手順が、
     同一の前記時間窓において生成された前記複数の特徴ベクトルを前記各端末装置間で比較し、当該端末装置間で前記特徴ベクトルが1つでも一致するものがある場合に、当該各端末装置の前記特徴ベクトルが一致すると判定する手順を含むことを特徴とする、請求項23に記載の相互認証プログラム。     The procedure for comparing the feature vectors comprises:
    The plurality of feature vectors generated in the same time window are compared between the terminal devices, and when there is even one feature vector that matches between the terminal devices, the terminal device of the terminal device The mutual authentication program according to claim 23, further comprising a procedure for determining that the feature vectors match.
  25.  前記認証鍵を生成して送信する手順が、
     前記時系列データの対象時間範囲において一致した前記特徴ベクトルの単位時間当たりの情報量の合計値を算出し、この算出された情報量の合計値が予め与えられた一定値以上である場合にのみ、前記一致した特徴ベクトルを連接すると共にこの一致した特徴ベクトルを連接したもののハッシュ値を前記認証鍵として生成する手順を含むことを特徴とする、請求項24に記載の相互認証プログラム。     The procedure for generating and transmitting the authentication key comprises:
    Only when the total value of the information amount per unit time of the feature vector matched in the target time range of the time series data is calculated and the calculated total amount of information amount is equal to or greater than a predetermined value 25. The mutual authentication program according to claim 24, further comprising a step of concatenating the matched feature vectors and generating a hash value of the concatenated matched feature vectors as the authentication key.
PCT/JP2013/053414 2012-02-23 2013-02-13 Mutual authentication system, mutual authentication server, mutual authentication method, and mutual authentication program WO2013125414A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2012037361 2012-02-23
JP2012-037361 2012-02-23

Publications (1)

Publication Number Publication Date
WO2013125414A1 true WO2013125414A1 (en) 2013-08-29

Family

ID=49005601

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2013/053414 WO2013125414A1 (en) 2012-02-23 2013-02-13 Mutual authentication system, mutual authentication server, mutual authentication method, and mutual authentication program

Country Status (2)

Country Link
JP (1) JPWO2013125414A1 (en)
WO (1) WO2013125414A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015207873A (en) * 2014-04-18 2015-11-19 日本放送協会 Receiver
JP2015232816A (en) * 2014-06-10 2015-12-24 日本電信電話株式会社 Authentication system and operation method of the same
WO2016141972A1 (en) * 2015-03-10 2016-09-15 ETH Zürich Two-factor authentication based on ambient sound
WO2023145985A1 (en) * 2022-01-26 2023-08-03 엘지전자 주식회사 Display device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005004418A1 (en) * 2003-07-04 2005-01-13 Nippon Telegraph And Telephone Corporation Remote access vpn mediation method and mediation device
JP2009239431A (en) * 2008-03-26 2009-10-15 Nec Corp Intermediation system, intermediation method and program for intermediation
JP2010187282A (en) * 2009-02-13 2010-08-26 Nec Corp System, method and program for generating encryption key

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005004418A1 (en) * 2003-07-04 2005-01-13 Nippon Telegraph And Telephone Corporation Remote access vpn mediation method and mediation device
JP2009239431A (en) * 2008-03-26 2009-10-15 Nec Corp Intermediation system, intermediation method and program for intermediation
JP2010187282A (en) * 2009-02-13 2010-08-26 Nec Corp System, method and program for generating encryption key

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015207873A (en) * 2014-04-18 2015-11-19 日本放送協会 Receiver
JP2015232816A (en) * 2014-06-10 2015-12-24 日本電信電話株式会社 Authentication system and operation method of the same
WO2016141972A1 (en) * 2015-03-10 2016-09-15 ETH Zürich Two-factor authentication based on ambient sound
WO2023145985A1 (en) * 2022-01-26 2023-08-03 엘지전자 주식회사 Display device

Also Published As

Publication number Publication date
JPWO2013125414A1 (en) 2015-07-30

Similar Documents

Publication Publication Date Title
Mayrhofer et al. Shake well before use: Intuitive and secure pairing of mobile devices
Schürmann et al. Secure communication based on ambient audio
Mayrhofer et al. Shake well before use: Authentication based on accelerometer data
RU2433560C2 (en) Checking synchronisation for device authentication
US8774338B1 (en) Method and system for providing a bit string on electronic devices
WO2017069118A1 (en) Personal authentication device, personal authentication method, and personal authentication program
US10764035B2 (en) Control methods of decryption key storage server, biometric information storage server, and matching server in authentication system
WO2013125414A1 (en) Mutual authentication system, mutual authentication server, mutual authentication method, and mutual authentication program
Cao et al. Sec-D2D: A secure and lightweight D2D communication system with multiple sensors
US20140380052A1 (en) Message filtering method and system
US20200034551A1 (en) Systems and methods for providing interactions based on a distributed conversation database
CN103916725A (en) Bluetooth headset
KR20170107409A (en) Method and apparatus for authenticating using biometric information
Nguyen et al. Using ambient audio in secure mobile phone communication
Lee et al. ivPair: context-based fast intra-vehicle device pairing for secure wireless connectivity
Ha et al. Low-cost and strong-security RFID authentication protocol
EP3198752B1 (en) Data sharing using body coupled communication
CN109889532A (en) Internet of things equipment safety certification and cryptographic key negotiation method based on environmental context
JP2014138404A (en) Mutual authentication system, terminal device, mutual authentication server, mutual authentication method, and mutual authentication program
US20180103374A1 (en) Optical Chaos Based Wireless Device Fingerprinting
Luo et al. Ambient audio authentication
Sigg et al. AdhocPairing: Spontaneous audio based secure device pairing for Android mobile devices
Nguyen et al. Pattern-based alignment of audio data for ad hoc secure device pairing
Shang et al. AudioKey: a usable device pairing system using audio signals on smartwatches
Shi et al. iShake: Imitation-resistant secure pairing of smart devices via shaking

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13751400

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2014500673

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13751400

Country of ref document: EP

Kind code of ref document: A1